| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: petard at freeshell.org (petard) Subject: tvm.exe / poll each.exe / blehdefyreal toolbar On Thu, Jun 10, 2004 at 12:38:05AM +1200, Nick FitzGerald wrote: > petard <petard@...eshell.org> wrote: > > > It sounds like CWS. > > http://www.wired.com/news/infostructure/0,1377,63391,00.html > > Because, as we all know, CWS is the _only_ adware (virus, or other > malware) that installs "guardians" and uses multiple tricks in its > attempts to baffle far from intelligent removal efforts, right? > No. Because based on the scant information in the original post (name of exe, URL, toolbar name, homepage hijack) and the frequency with which CWS is seen, some CWS variant seems like the most probable culprit. Did you interpret "sounds like CWS" as any more definite diagnosis than that? > That is purely a sign of your inadequacy to the job at hand -- curely > not a qualification for you to provide "advice" to others (well, other > than of that ofrm "get someone more competent than 'petard' to help"). heh. That was exactly my advice to the client in question, but they asked me to proceed as a favor anyway. But no, it's not purely a sign of "inadequacy to the job at hand". In fact, I'd claim that the only sign of inadequacy to the job at hand was that I even entertained the idea of doing something other than wipe and reinstall when I saw a machine behaving as OP describes. Let's examine this a little: 1. OP has effectively been "rooted". He doesn't know exactly how. 2. He (as I didn't) clearly doesn't have a picture of exactly what has been installed after that PC was compromised. He most likely doesn't know exactly what was installed before the PC was compromised, so it is nigh-on impossible to determine what's been changed. If OP had some other method of getting the PC back to a known state, he likely wouldn't have been asking the question here. The "wipe and reinstall" is the only *known safe* course of action when you've got a machine running unknown binaries. > Suggesting that the likely best approach to "fixing" a system of which > you have _no freaking idea whatsoever_ is ailing it is to reformat and > reinstall (_or_ anything lelse) is clearly a sign of incompetence, and > little else. > Bullshit. It's the only safe advice, unless you know exactly how the machine was compromised and what was installed. No one on the list will be able to tell that given the level of detail in the original post. Any other course of action in the absence of this knowledge leaves some possibility of a backdoor. My *opinion* is that, for the average set of PC software, it will take someone who doesn't know exactly what's been installed less time to rebuild a box than to find out what is needed in order to become 100% certain no backdoor is left. > Presenting such inadequate "advice" with little suggestion of the > possibility of doubt makes it even less helpful. The "advice" you seem to dislike so much guarantees a clean PC. Like I said, given the level of knowledge exhibited in the original post, I'd opine that it is the fastest path to a clean PC. So what's your problem, exactly? > Next time you want to help, try S'ing TFU and letting folk who know > what they are doing have a go, eh? Have a go, "Nick"... you claim to know what you're doing. What's your faster path to a clean PC? Out of curiosity, why the venom? Did I say something to you that wasn't perfectly civil? regards, petard -- If your message really might be confidential, download my PGP key here: http://petard.freeshell.org/petard.asc and encrypt it. Otherwise, save bandwidth and lose the disclaimer.
Powered by blists - more mailing lists