Jay, > Another example of why rebuilding is ALWAYS the most > secure answer when > a machine has been compromised. I have a feeling > that many of you that > are just blindly trusting these cleaners are going > to find out that this > isn't enough. My 2 cents. Rebuild. Just a couple of thoughts... 1. If the infection isn't Admin or System-level, why rebuild? 2. If a blind, unqualified rebuild is done, what happens? If nothing is done to determine *how* the incident occurred, then what happens? The system could be very quickly reinfected, leading to an endless cycle of infections and re-installs. Or worse, the subsequent incident could be far deeper and far more stealthy. Harlan __________________________________ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com --------------------------------------------------------------------------- Captus Networks - Integrated Intrusion Prevention and Traffic Shaping - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Automatically Control P2P, IM and Spam Traffic - Ensure Reliable Performance of Mission Critical Applications - Precisely Define and Implement Network Security and Performance Policies **FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo Visit us at: http://www.securityfocus.com/sponsor/CaptusNetworks_incidents_030814 ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Thu Aug 14 2003 - 17:22:02 PDT