GaryLund wrote:
> When a computer gets a backdoor type trojan or worm, and an anti-virus
> program detects and cleans the program file, how can I tell whether
> anyone actually used the backdoor, and what they did to or on the
> computer?
in general, you can't... there might be a few that leave traces of what
was done but most won't...
> I do computer support for clients, and have been finding trojans or
> worms of the backdoor type that let a remote computer run commands on
> the client's computer. When a virus scan finds a backdoor type file,
> and deletes it, is that the end of the danger? Or could a cracker
> have loaded other bad files on the computer that the antivirus program
> will not detect?
other files may have been loaded, otherwise secure information like
passwords or credit info could have been leaked, the owner's identity
may have been stolen, etc...
> How can I be sure the computer is safe after that without wipeing the
> hard drive and reloading everything back from scratch? That seems
> like a very drastic and expensive solution. Is there a generally
> accepted practice in these situations?
the only real solution in this kind of situation is to rebuild the
system, and have the customer change all their passwords (not just on
their computer but for things like online banking, web mail accounts,
etc) and take whatever other steps they can to regain control over
whatever information or resources may have been compromised...
--
"maxwell can tell he's in hell
just wants you to visit him there
same old game that he's playin'
his rules are never fair"
|
Similar Threads
