Advanced Malware Cleaning

Advanced Malware Cleaning
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 Anti-Virus Software    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
Advanced Malware Cleaning Kayman 04-20-2008
Posted by Andy Walker on April 21, 2008, 8:01 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
VanguardLH wrote:

>Andy Walker wrote:
>
>> Kayman wrote:
>>
>>>Educational viewing!
>>>Mark Russinovich - Advanced Malware Cleaning
>>>http://www.microsoft.com/emea/spotlight/sessionh.aspx?videoid=359
>>
>> It is definitely worth the time watching this - even if you are
>> already familiar with techniques for eliminating malware. Mark
>> Russinovich is one of the primary contributors at Sysinternals (he now
>> works for M$). The only drawback to watching this is having to
>> install M$ Silverlight in order to view it.
>
>They really need to put dates on these webcasts or video archives. I
>remember seeing this one about 2 years ago.
>
>I found the webcast link to another of Russinovich's meetings (audio
>only with slideshow):
>
>http://www.microsoft.com/events/EventDetails.aspx?CMTYSvcSource=MSCOMMedia&Params=%7ECMTYDataSvcParams%5E%7Earg+Name=%22ID%22+Value=%221032274950%22/%5E%7Earg+Name=%22ProviderID%22+Value=%22A6B43178-497C-4225-BA42-DF595171F04C%22/%5E%7Earg+Name=%22lang%22+Value=%22en%22/%5E%7Earg+Name=%22cr%22+Value=%22US%22/%5E%7EsParams%5E%7E/sParams%5E%7E/CMTYDataSvcParams%5E
>
>Notice the date: June 07, 2005. So almost 3 years old. That one is
>named SEC425. The link above is named SEC309. So if the naming is
>sequential, the link above is to an even older meeting.
>
>A list of Mark's webcasts is at:
>
>http://technet.microsoft.com/en-us/sysinternals/bb963887.aspx
>
>Alas, no datestamps. Information is always time sensitive, especially
>anything that purports to be newsy in nature.

I think this one is newer as he discuses SpySheriff. It's probably
from 2007 and the primary benefit I see in it is that he describes the
useful features in many of the Sysinternal utilities. All the
techniques described are as valid in 2008 as they were in 2007.

You are right though; they should provide dates.

Posted by Kayman on April 21, 2008, 8:42 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
On Mon, 21 Apr 2008 19:03:28 -0400, Andy Walker wrote:

> Kayman wrote:
>
>>Educational viewing!
>>Mark Russinovich - Advanced Malware Cleaning
>>http://www.microsoft.com/emea/spotlight/sessionh.aspx?videoid=359
>
> It is definitely worth the time watching this - even if you are
> already familiar with techniques for eliminating malware. Mark
> Russinovich is one of the primary contributors at Sysinternals (he now
> works for M$).

Yes, it teaches you to apply AutoRuns and ProcessExplorer more efficiently.
The the rootkit presentation is especially very enlightening.

> The only drawback to watching this is having to install M$ Silverlight
> in order to view it.

I found Silverlight to be harmless :)

Posted by kurt wismer on April 22, 2008, 10:41 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
Andy Walker wrote:
> Kayman wrote:
>
>> Educational viewing!
>> Mark Russinovich - Advanced Malware Cleaning
>> http://www.microsoft.com/emea/spotlight/sessionh.aspx?videoid=359
>
> It is definitely worth the time watching this - even if you are
> already familiar with techniques for eliminating malware. Mark
> Russinovich is one of the primary contributors at Sysinternals (he now
> works for M$). The only drawback to watching this is having to
> install M$ Silverlight in order to view it.

think i'll wait 'till someone puts it on youtube... i need a better
reason than a single video in order to justify exposing my browser to a
new attack vector (even if i do have whitelisting and sandboxing working
in my favour)...

--
"it's not the right time to be sober
now the idiots have taken over
spreading like a social cancer,
is there an answer?"

Posted by Andy Walker on April 22, 2008, 11:40 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
kurt wismer wrote:

>Andy Walker wrote:
>> Kayman wrote:
>>
>>> Educational viewing!
>>> Mark Russinovich - Advanced Malware Cleaning
>>> http://www.microsoft.com/emea/spotlight/sessionh.aspx?videoid=359
>>
>> It is definitely worth the time watching this - even if you are
>> already familiar with techniques for eliminating malware. Mark
>> Russinovich is one of the primary contributors at Sysinternals (he now
>> works for M$). The only drawback to watching this is having to
>> install M$ Silverlight in order to view it.
>
>think i'll wait 'till someone puts it on youtube... i need a better
>reason than a single video in order to justify exposing my browser to a
>new attack vector (even if i do have whitelisting and sandboxing working
>in my favour)...

The funny thing is, I watched it on my Vista Business laptop, and it
did not download the Silverlight add-in but instead asked me "do you
want to activate Silverlight". It appears that M$ must have added
Silverlight in one of its automatic updates (I allow automatic update
and installation on that particular machine). I've been closing that
annoying pop-up on the M$ site for what seems like months to avoid
loading it and don't have any intention of loading it on any of my
other Windows machines.

Posted by on April 23, 2008, 7:03 am
If you were  Registered and logged in, you could reply and use other advanced thread options
On Tue, 22 Apr 2008 23:40:06 -0400, Andy Walker

>kurt wismer wrote:
>
>>Andy Walker wrote:
>>> Kayman wrote:
>>>
>>>> Educational viewing!
>>>> Mark Russinovich - Advanced Malware Cleaning
>>>> http://www.microsoft.com/emea/spotlight/sessionh.aspx?videoid=359
>>>
>>> It is definitely worth the time watching this - even if you are
>>> already familiar with techniques for eliminating malware. Mark
>>> Russinovich is one of the primary contributors at Sysinternals (he now
>>> works for M$). The only drawback to watching this is having to
>>> install M$ Silverlight in order to view it.
>>
>>think i'll wait 'till someone puts it on youtube... i need a better
>>reason than a single video in order to justify exposing my browser to a
>>new attack vector (even if i do have whitelisting and sandboxing working
>>in my favour)...
>
>The funny thing is, I watched it on my Vista Business laptop, and it
>did not download the Silverlight add-in but instead asked me "do you
>want to activate Silverlight". It appears that M$ must have added
>Silverlight in one of its automatic updates (I allow automatic update
>and installation on that particular machine). I've been closing that
>annoying pop-up on the M$ site for what seems like months to avoid
>loading it and don't have any intention of loading it on any of my
>other Windows machines.


Maybe we need a scanner for junk that MS install that you don't want.


Similar ThreadsPosted
So, who did some malware cleaning up at friends/relatives abodes on T-Day November 25, 2005, 11:55 am
Cleaning XP for Dummies - any good? June 3, 2005, 7:54 pm
RJump-A worm - help with cleaning... June 4, 2007, 7:10 am
cleaning up corrupted install/uninstall... January 16, 2006, 2:18 pm
Re: Has David Lipman been providing malware to known malware criminals? March 24, 2007, 7:10 pm
Re: Has David Lipman been providing malware to known malware criminals? March 24, 2007, 7:15 pm
Re: Has David Lipman been providing malware to known malware criminals? March 26, 2007, 8:28 am
new malware.u October 23, 2005, 12:36 pm
malware November 28, 2005, 12:25 pm
Can't get rid of malware December 6, 2005, 10:54 pm

The site map in XML format XML site map

Contact Us | Privacy Policy