Sorry for the late follow up. Been busy after my network went up.
Okay how to re-install your system knowing that some of your installer files for your peripherals may already have rootkit viral keys in them.
1) Before re-installing your OS make sure you have with you, preferrably in your hard drive, a legal copy of a virus cleaner. I strongly suggest AVIRA.
2) Re-install your OS and only the basic drivers especially your network card driver. If you're installing windows XP with sp2, it may not have the latest security updates so better make sure you're not connected to the Internet when re-installing. Also, it is best to have your hard drive partitioned. Leave around 50-80GB for your system drive (the drive that will house your windows system). save all your data files to another partition which appears as another drive letter. So that next time a virus strikes, you will just format your system drive and not your data drive. I'm assuming you already know how to install your OS
3) after you've installed your OS and basic drivers, install AVIRA. Avira will require you to connect to the internet to register your software. This is the only time that you will connect to the internet and follow the remaining steps of the installation. After AVIRA is fully installed, unplug your internet again and do a full system scan as AVIRA will suggest after installing.
4) when your OS prompts you to switch on your firewall, your auto updates and others, do it. then restart as you plug into the internet again so your OS can update itself in case as I've mentioned it doesn't have the latest security updates.
5) now that you have avira, and now that avira has scanned your system and hopefully has gotten rid of all the sleeping virus in your system, you can now install all the other software that you need.
6) I suggest that you install norton ghost. There is a freeware version http://www.giveawayoftheday.com/soft/874742/ and it's the only thing i like about norton. This will allow you to create an image file so that you will just restore and no need to reinstall all the software that you've installed.
If you have any questions, blog it :-) ciao!
Thursday, January 21, 2010
Saturday, January 16, 2010
on the implayok virus and it's sister, the reader_s
There is a virus and a family of virus that hit the internet last year, december. I realized it's a sleeping virus or what is called a trojan. ive managed to clean my home-office network now and was able to isolate its variants, so that i was able to save 1 workstation from re-installation.
Read some details from this site:
http://www.prevx.com/filenames/1575832247731382755-X1/IMPLAYOK.EXE.html
However not much is said here based on my experience with it. Here's the captain's log :-)
1) the virus exploded through an online gaming which one of my daughters always does in facebook. exploded meaning it's been in my system way before already. just waiting to attack.
2) implayok and its variants like reader_s and all its offsprings stalk the internet for an opportunity to attack. what opportunity? apparently when you install some basic peripherals like your motherboard drivers and bluetooth.
3) pirated software with key generators also leave the gate open wide for the implayok family
4) since i was hoping not to have to re-install i tried a couple of virus and malware cleaners, AVG, mcafee, remove it pro, avira, malwarebytes, norton av, but to no avail
5) what does it do when it explodes? everything. it doesn't cause too much headache for the ordinary user, but for the admin, it's hell. on the user end, printing gets screwed up and some software just shuts down. while for the admins, you can't enable the "show all file" option in your windows explorer's tool/option menu; you cannot install virus software; you cannot access virus software websites or websites that talk about the implayok virus; you will have a replicated svchost.exe in your processes and other unwanted .exe processes
6) the virus family is so kind to show you that they're easy to find IMPLAYOK.EXE and READER_S.EXE You will find them in your c:\ and c:\windows\system32\ and your profile's root drive too. it will allow you to do ctrl-alt-del and you will see it in your processes tab. it will also allow you to do a regedit and you will see it in the "run" folder in both current user and local machine groups. IF YOU DELETE THEM THEY WILL BE DELETED. Thing is since your "view all" options is disabled, they will come back with a vengeance. They are embedded in the installer roots in your windows folder.
7) so when you re-install, do not plug into the internet. however the problem is there are some software that ask you to register online before you can use them. also you may have software installation files that have rootkit in them so when you plug into the internet, kabam! implayok is back!
how then? this is getting too long. please wait for my next blog.
ciao! ciao!
Read some details from this site:
http://www.prevx.com/filenames/1575832247731382755-X1/IMPLAYOK.EXE.html
However not much is said here based on my experience with it. Here's the captain's log :-)
1) the virus exploded through an online gaming which one of my daughters always does in facebook. exploded meaning it's been in my system way before already. just waiting to attack.
2) implayok and its variants like reader_s and all its offsprings stalk the internet for an opportunity to attack. what opportunity? apparently when you install some basic peripherals like your motherboard drivers and bluetooth.
3) pirated software with key generators also leave the gate open wide for the implayok family
4) since i was hoping not to have to re-install i tried a couple of virus and malware cleaners, AVG, mcafee, remove it pro, avira, malwarebytes, norton av, but to no avail
5) what does it do when it explodes? everything. it doesn't cause too much headache for the ordinary user, but for the admin, it's hell. on the user end, printing gets screwed up and some software just shuts down. while for the admins, you can't enable the "show all file" option in your windows explorer's tool/option menu; you cannot install virus software; you cannot access virus software websites or websites that talk about the implayok virus; you will have a replicated svchost.exe in your processes and other unwanted .exe processes
6) the virus family is so kind to show you that they're easy to find IMPLAYOK.EXE and READER_S.EXE You will find them in your c:\ and c:\windows\system32\ and your profile's root drive too. it will allow you to do ctrl-alt-del and you will see it in your processes tab. it will also allow you to do a regedit and you will see it in the "run" folder in both current user and local machine groups. IF YOU DELETE THEM THEY WILL BE DELETED. Thing is since your "view all" options is disabled, they will come back with a vengeance. They are embedded in the installer roots in your windows folder.
7) so when you re-install, do not plug into the internet. however the problem is there are some software that ask you to register online before you can use them. also you may have software installation files that have rootkit in them so when you plug into the internet, kabam! implayok is back!
how then? this is getting too long. please wait for my next blog.
ciao! ciao!
Subscribe to:
Posts (Atom)