Go Back   Wireless and Wifi Forums > News > Newsgroups > alt.computer.security
Register FAQ Forum Rules Members List Calendar Search Today's Posts Advertise Mark Forums Read

 
Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 12-06-2006, 08:48 AM
Anders
Guest
 
Posts: n/a
Default Re: locksky

Jim Watt skrev:
> Have a W2k PC afflicted with Locksky
>
> It will run in safe mode but freezes up in normal
> mode.
>
> Any suggestions, apart from flatten and rebuild.
>
> A lot of the nastyness has been removed, but it will
> not run enough to do anything useful.
> --
> Jim Watt
> http://www.gibnet.com


This is probably not helping.

Delete the file "sachostx.exe"
Delete this in registery "HostSrv" and "sachost"

/Anders

Reply With Quote
  #2 (permalink)  
Old 12-06-2006, 07:50 PM
Todd H.
Guest
 
Posts: n/a
Default Re: locksky

Jim Watt <jimwatt@aol.no_way> writes:

> On Wed, 6 Dec 2006 15:38:17 +0100, Sebastian Gottschalk
> <seppi@seppig.de> wrote:
>
> >Anders wrote:
> >
> >> Jim Watt skrev:
> >>> Have a W2k PC afflicted with Locksky
> >>>
> >>> It will run in safe mode but freezes up in normal
> >>> mode.
> >>>
> >>> Any suggestions, apart from flatten and rebuild.
> >>>
> >>> A lot of the nastyness has been removed, but it will
> >>> not run enough to do anything useful.
> >>> --
> >>> Jim Watt
> >>> http://www.gibnet.com
> >>
> >> This is probably not helping.
> >>
> >> Delete the file "sachostx.exe"
> >> Delete this in registery "HostSrv" and "sachost"

> >
> >And then reinstall anyway!

>
> I think we have discussed this before, reinstalling
> w/2000 takes a l o n g time


Gottschalk is pedantic pain in the *** many times, but this time he is
correct.

I'm willing to bet you have it reinstalled by the time you get an
answer on this unless you don't have access to broadband to dl the
updates.

--
Todd H.
http://www.toddh.net/

Reply With Quote
  #3 (permalink)  
Old 12-07-2006, 07:01 AM
erewhon
Guest
 
Posts: n/a
Default Re: locksky

Ack - once any system is compromised, the only solution to be sure of
security is a format & reinstall of the o.s from scratch



Reply With Quote
  #4 (permalink)  
Old 12-07-2006, 02:39 PM
Todd H.
Guest
 
Posts: n/a
Default Re: locksky

Jim Watt <jimwatt@aol.no_way> writes:

> On Thu, 7 Dec 2006 08:01:43 -0000, "erewhon" <sminkypinky@nowhere.net>
> wrote:
>
> >Ack - once any system is compromised, the only solution to be sure of
> >security is a format & reinstall of the o.s from scratch

>
> So say all children


Jim, you're posting to alt.computer.security, not alt.computer.easy or
alt.computer.lazy.

Will I find you next in alt.autos.repair taking the position "that
whole, 'you need to change your oil' thing is way overblown. You only
really need to change it every 100,000miles." I can't believe anyone
is arguing what the secure thing to do is after a compromise.

You can take the position of "Yeah, I know, but I'm too lazy, and I'm
willing to accept the possibility/likelihood that I'll still be using
a compromised machine" if you like, but arguing against rebuilding the
box as being the secure thing to do is pretty out there....

Best Regards,
--
Todd H.
http://www.toddh.net/

Reply With Quote
  #5 (permalink)  
Old 12-07-2006, 07:50 PM
Todd H.
Guest
 
Posts: n/a
Default Re: locksky

Jim Watt <jimwatt@aol.no_way> writes:

> I think you missed the point. Any idiot with a day to waste
> can reload the system, I was inquiring if someone had a clue
> which you clearly haven't.


I've seen many idiots waste a lot more than the hours it takes to
reload the system asking forums and newsgroups and god and everyone
how to get their system back to a usable state after a severe malware
infection.

With a system reinstall you have a finite set of tasks, well defined,
and when you're done you know exactly where your system stands.

I used to chase these things down until I thought I conquered them and
achieved clean scans. Then I learned more about exploit details,
repackers, how easily attackers can changing source code of publicly
available exploits, how much 0 day exploit code it out there that only
individuals or tightly held groups even know about, and how relatively
easy it is to modify exploits in ways to evade detection.... that's
when I lowered the bar to "wipe and reload."

It's not a day wasted reloading, it's a day invested on a system you
can actually trust again.

The rest of us who chant the "wipe and reload" mantra are wondering
when the same clue will dawn upon you Jim. You're defending an
indefensible position. If reloading an OS takes you a day to do,
learn about slipstreaming, or take image backups after you do one
reload.... But you're living in a fantasy land if you think you can
recover a system back to a trustworthy state after a malware infection
doing anything but wiping and reloading. And I dare wager that
you'll even get there FASTER if the goal is simply a system that can
do "anything useful" as you describe in your original post... from 2
days ago.

Let me guess, that win2k system is still f-ed up?

Best Regards,
--
Todd H.
http://www.toddh.net/

Reply With Quote
  #6 (permalink)  
Old 12-08-2006, 02:27 PM
Todd H.
Guest
 
Posts: n/a
Default Re: locksky

Jim Watt <jimwatt@aol.no_way> writes:

> On 07 Dec 2006 14:50:01 -0600, comphelp@toddh.net (Todd H.) wrote:
>
> >The rest of us who chant the "wipe and reload" mantra are wondering
> >when the same clue will dawn upon you Jim.

>
> I've been doing this stuff for a long time and always
> willing to learn, but if you can't answer the question
> don't waste my time.


I won't be wasting my time further with you if you've been doing this
that long and are still this thick about an issue that's crystal clear
to thinking people.

*plonk* goes the kill file. Though I have to admit, just like folks
cant' help but crane their neck when they see sirens and lights, i
can't promise I won't ever check to see your logic's progress in the
future.

> You give too much credit to the perpetrators of third rate malware.


You fail to realize that once you're compromised you have no way of
reliably differentiating whether you've been attacked by third rate
malware or someonething worse.


--
Todd H.
http://www.toddh.net/

Reply With Quote
  #7 (permalink)  
Old 12-08-2006, 09:30 PM
Todd H.
Guest
 
Posts: n/a
Default Re: locksky

Jim Watt <jimwatt@aol.no_way> writes:

> On 08 Dec 2006 09:27:39 -0600, comphelp@toddh.net (Todd H.) wrote:
>
> >I won't be wasting my time further

>
> Excellent, close the door on the way out
> you were as much use as an empty roll of lav paper.


And your receptiveness to the unanimous and correct advice you were
given was more akin to that which the "lav paper" is designed to
remove.

--
Todd H.
http://www.toddh.net/

Reply With Quote
Reply


« New Remailer Anti Abuse Assocation | Security Compromised »
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT. The time now is 09:26 PM.



Powered by vBulletin® Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.6.0 PL2

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45