Advanced Malware Cleaning

[Kayman]

Educational viewing!
Mark Russinovich - Advanced Malware Cleaning
http://www.microsoft.com/emea/spotlight/sessionh.aspx?videoid=359

 

[Potblak]

No thanks, I'll give it a miss.
Till I hear what nasties Silverlight has to offer.

 

[Andy Walker]

Educational viewing!
Mark Russinovich - Advanced Malware Cleaning
http://www.microsoft.com/emea/spotlight/sessionh.aspx?videoid=359

It is definitely worth the time watching this - even if you are
already familiar with techniques for eliminating malware. Mark
Russinovich is one of the primary contributors at Sysinternals (he now
works for M$). The only drawback to watching this is having to
install M$ Silverlight in order to view it.

 

[VanguardLH]

It is definitely worth the time watching this - even if you are
already familiar with techniques for eliminating malware. Mark
Russinovich is one of the primary contributors at Sysinternals (he now
works for M$). The only drawback to watching this is having to
install M$ Silverlight in order to view it.

They really need to put dates on these webcasts or video archives. I
remember seeing this one about 2 years ago.

I found the webcast link to another of Russinovich's meetings (audio
only with slideshow):

http://www.microsoft.com/events/Eve..."US"/^~sParams^~/sParams^~/CMTYDataSvcParams^

Notice the date: June 07, 2005. So almost 3 years old. That one is
named SEC425. The link above is named SEC309. So if the naming is
sequential, the link above is to an even older meeting.

A list of Mark's webcasts is at:

http://technet.microsoft.com/en-us/sysinternals/bb963887.aspx

Alas, no datestamps. Information is always time sensitive, especially
anything that purports to be newsy in nature.

 

[Andy Walker]

They really need to put dates on these webcasts or video archives. I
remember seeing this one about 2 years ago.

I found the webcast link to another of Russinovich's meetings (audio
only with slideshow):

http://www.microsoft.com/events/Eve..."US"/^~sParams^~/sParams^~/CMTYDataSvcParams^

Notice the date: June 07, 2005. So almost 3 years old. That one is
named SEC425. The link above is named SEC309. So if the naming is
sequential, the link above is to an even older meeting.

A list of Mark's webcasts is at:

http://technet.microsoft.com/en-us/sysinternals/bb963887.aspx

Alas, no datestamps. Information is always time sensitive, especially
anything that purports to be newsy in nature.

I think this one is newer as he discuses SpySheriff. It's probably
from 2007 and the primary benefit I see in it is that he describes the
useful features in many of the Sysinternal utilities. All the
techniques described are as valid in 2008 as they were in 2007.

You are right though; they should provide dates.

 

[Andy Walker]

I think this one is newer as he discuses SpySheriff. It's probably
from 2007 and the primary benefit I see in it is that he describes the
useful features in many of the Sysinternal utilities. All the
techniques described are as valid in 2008 as they were in 2007.

You are right though; they should provide dates.

Damn how time flies! It's more than likely from 2006 because
SpySeriff came out in Dec 2005. At any rate, the information is still
good.

 

[Kayman]

No thanks, I'll give it a miss.
Till I hear what nasties Silverlight has to offer.

I found Silverlight to be harmless

 

[Kayman]

It is definitely worth the time watching this - even if you are
already familiar with techniques for eliminating malware. Mark
Russinovich is one of the primary contributors at Sysinternals (he now
works for M$).

Yes, it teaches you to apply AutoRuns and ProcessExplorer more efficiently.
The the rootkit presentation is especially very enlightening.

The only drawback to watching this is having to install M$ Silverlight
in order to view it.

I found Silverlight to be harmless

 

[kurt wismer]

It is definitely worth the time watching this - even if you are
already familiar with techniques for eliminating malware. Mark
Russinovich is one of the primary contributors at Sysinternals (he now
works for M$). The only drawback to watching this is having to
install M$ Silverlight in order to view it.

think i'll wait 'till someone puts it on youtube... i need a better
reason than a single video in order to justify exposing my browser to a
new attack vector (even if i do have whitelisting and sandboxing working
in my favour)...

 

[Andy Walker]

think i'll wait 'till someone puts it on youtube... i need a better
reason than a single video in order to justify exposing my browser to a
new attack vector (even if i do have whitelisting and sandboxing working
in my favour)...

The funny thing is, I watched it on my Vista Business laptop, and it
did not download the Silverlight add-in but instead asked me "do you
want to activate Silverlight". It appears that M$ must have added
Silverlight in one of its automatic updates (I allow automatic update
and installation on that particular machine). I've been closing that
annoying pop-up on the M$ site for what seems like months to avoid
loading it and don't have any intention of loading it on any of my
other Windows machines.

 

[doctlo-icfp]

The funny thing is, I watched it on my Vista Business laptop, and it
did not download the Silverlight add-in but instead asked me "do you
want to activate Silverlight". It appears that M$ must have added
Silverlight in one of its automatic updates (I allow automatic update
and installation on that particular machine). I've been closing that
annoying pop-up on the M$ site for what seems like months to avoid
loading it and don't have any intention of loading it on any of my
other Windows machines.

Maybe we need a scanner for junk that MS install that you don't want.

 

[kurt wismer]

Andy Walker wrote:
[snip]

The funny thing is, I watched it on my Vista Business laptop, and it
did not download the Silverlight add-in but instead asked me "do you
want to activate Silverlight". It appears that M$ must have added
Silverlight in one of its automatic updates (I allow automatic update
and installation on that particular machine). I've been closing that
annoying pop-up on the M$ site for what seems like months to avoid
loading it and don't have any intention of loading it on any of my
other Windows machines.

hmmm... kinda reminds me of the recent controversy over apple shoving
safari down the throats of people updating itunes or quicktime...

i'm sure microsoft would say it's an integral part of the operating
system, though...

 

[Dustin Cook]

@news.webtv.com:

The funny thing is, I watched it on my Vista Business laptop, and it
did not download the Silverlight add-in but instead asked me "do you

Do you prefer vista over XP?