Educational viewing!
Mark Russinovich - Advanced Malware Cleaning
http://www.microsoft.com/emea/spotli...px?videoid=359

No thanks, I'll give it a miss.
Till I hear what nasties Silverlight has to offer.
"Kayman" <(E-Mail Removed)> wrote in message
news:fuglvg$mv6$(E-Mail Removed)...
> Educational viewing!
> Mark Russinovich - Advanced Malware Cleaning
> http://www.microsoft.com/emea/spotli...px?videoid=359

Kayman wrote:

>Educational viewing!
>Mark Russinovich - Advanced Malware Cleaning
>http://www.microsoft.com/emea/spotli...px?videoid=359

It is definitely worth the time watching this - even if you are
already familiar with techniques for eliminating malware. Mark
Russinovich is one of the primary contributors at Sysinternals (he now
works for M$). The only drawback to watching this is having to
install M$ Silverlight in order to view it.

Andy Walker wrote:

> Kayman wrote:
>
>>Educational viewing!
>>Mark Russinovich - Advanced Malware Cleaning
>>http://www.microsoft.com/emea/spotli...px?videoid=359
>
> It is definitely worth the time watching this - even if you are
> already familiar with techniques for eliminating malware. Mark
> Russinovich is one of the primary contributors at Sysinternals (he now
> works for M$). The only drawback to watching this is having to
> install M$ Silverlight in order to view it.

They really need to put dates on these webcasts or video archives. I
remember seeing this one about 2 years ago.

I found the webcast link to another of Russinovich's meetings (audio
only with slideshow):

http://www.microsoft.com/events/Even...taSvcParams%5E

Notice the date: June 07, 2005. So almost 3 years old. That one is
named SEC425. The link above is named SEC309. So if the naming is
sequential, the link above is to an even older meeting.

A list of Mark's webcasts is at:

http://technet.microsoft.com/en-us/s.../bb963887.aspx

Alas, no datestamps. Information is always time sensitive, especially
anything that purports to be newsy in nature.

VanguardLH wrote:

>Andy Walker wrote:
>
>> Kayman wrote:
>>
>>>Educational viewing!
>>>Mark Russinovich - Advanced Malware Cleaning
>>>http://www.microsoft.com/emea/spotli...px?videoid=359
>>
>> It is definitely worth the time watching this - even if you are
>> already familiar with techniques for eliminating malware. Mark
>> Russinovich is one of the primary contributors at Sysinternals (he now
>> works for M$). The only drawback to watching this is having to
>> install M$ Silverlight in order to view it.
>
>They really need to put dates on these webcasts or video archives. I
>remember seeing this one about 2 years ago.
>
>I found the webcast link to another of Russinovich's meetings (audio
>only with slideshow):
>
>http://www.microsoft.com/events/Even...taSvcParams%5E
>
>Notice the date: June 07, 2005. So almost 3 years old. That one is
>named SEC425. The link above is named SEC309. So if the naming is
>sequential, the link above is to an even older meeting.
>
>A list of Mark's webcasts is at:
>
>http://technet.microsoft.com/en-us/s.../bb963887.aspx
>
>Alas, no datestamps. Information is always time sensitive, especially
>anything that purports to be newsy in nature.

I think this one is newer as he discuses SpySheriff. It's probably
from 2007 and the primary benefit I see in it is that he describes the
useful features in many of the Sysinternal utilities. All the
techniques described are as valid in 2008 as they were in 2007.

You are right though; they should provide dates.

Andy Walker wrote:

>VanguardLH wrote:
>
>>Andy Walker wrote:
>>
>>> Kayman wrote:
>>>
>>>>Educational viewing!
>>>>Mark Russinovich - Advanced Malware Cleaning
>>>>http://www.microsoft.com/emea/spotli...px?videoid=359
>>>
>>> It is definitely worth the time watching this - even if you are
>>> already familiar with techniques for eliminating malware. Mark
>>> Russinovich is one of the primary contributors at Sysinternals (he now
>>> works for M$). The only drawback to watching this is having to
>>> install M$ Silverlight in order to view it.
>>
>>They really need to put dates on these webcasts or video archives. I
>>remember seeing this one about 2 years ago.
>>
>>I found the webcast link to another of Russinovich's meetings (audio
>>only with slideshow):
>>
>>http://www.microsoft.com/events/Even...taSvcParams%5E
>>
>>Notice the date: June 07, 2005. So almost 3 years old. That one is
>>named SEC425. The link above is named SEC309. So if the naming is
>>sequential, the link above is to an even older meeting.
>>
>>A list of Mark's webcasts is at:
>>
>>http://technet.microsoft.com/en-us/s.../bb963887.aspx
>>
>>Alas, no datestamps. Information is always time sensitive, especially
>>anything that purports to be newsy in nature.
>
>I think this one is newer as he discuses SpySheriff. It's probably
>from 2007 and the primary benefit I see in it is that he describes the
>useful features in many of the Sysinternal utilities. All the
>techniques described are as valid in 2008 as they were in 2007.
>
>You are right though; they should provide dates.

Damn how time flies! It's more than likely from 2006 because
SpySeriff came out in Dec 2005. At any rate, the information is still
good.

On Mon, 21 Apr 2008 19:30:09 +1000, Potblak wrote:

> No thanks, I'll give it a miss.
> Till I hear what nasties Silverlight has to offer.

I found Silverlight to be harmless

On Mon, 21 Apr 2008 19:03:28 -0400, Andy Walker wrote:

> Kayman wrote:
>
>>Educational viewing!
>>Mark Russinovich - Advanced Malware Cleaning
>>http://www.microsoft.com/emea/spotli...px?videoid=359
>
> It is definitely worth the time watching this - even if you are
> already familiar with techniques for eliminating malware. Mark
> Russinovich is one of the primary contributors at Sysinternals (he now
> works for M$).

Yes, it teaches you to apply AutoRuns and ProcessExplorer more efficiently.
The the rootkit presentation is especially very enlightening.

> The only drawback to watching this is having to install M$ Silverlight
> in order to view it.

I found Silverlight to be harmless

Andy Walker wrote:
> Kayman wrote:
>
>> Educational viewing!
>> Mark Russinovich - Advanced Malware Cleaning
>> http://www.microsoft.com/emea/spotli...px?videoid=359
>
> It is definitely worth the time watching this - even if you are
> already familiar with techniques for eliminating malware. Mark
> Russinovich is one of the primary contributors at Sysinternals (he now
> works for M$). The only drawback to watching this is having to
> install M$ Silverlight in order to view it.

think i'll wait 'till someone puts it on youtube... i need a better
reason than a single video in order to justify exposing my browser to a
new attack vector (even if i do have whitelisting and sandboxing working
in my favour)...

--
"it's not the right time to be sober
now the idiots have taken over
spreading like a social cancer,
is there an answer?"

kurt wismer wrote:

>Andy Walker wrote:
>> Kayman wrote:
>>
>>> Educational viewing!
>>> Mark Russinovich - Advanced Malware Cleaning
>>> http://www.microsoft.com/emea/spotli...px?videoid=359
>>
>> It is definitely worth the time watching this - even if you are
>> already familiar with techniques for eliminating malware. Mark
>> Russinovich is one of the primary contributors at Sysinternals (he now
>> works for M$). The only drawback to watching this is having to
>> install M$ Silverlight in order to view it.
>
>think i'll wait 'till someone puts it on youtube... i need a better
>reason than a single video in order to justify exposing my browser to a
>new attack vector (even if i do have whitelisting and sandboxing working
>in my favour)...

The funny thing is, I watched it on my Vista Business laptop, and it
did not download the Silverlight add-in but instead asked me "do you
want to activate Silverlight". It appears that M$ must have added
Silverlight in one of its automatic updates (I allow automatic update
and installation on that particular machine). I've been closing that
annoying pop-up on the M$ site for what seems like months to avoid
loading it and don't have any intention of loading it on any of my
other Windows machines.