[41508] in Resnet-Forum
Re: Malware Live CD removal anyone?
daemon@ATHENA.MIT.EDU (Phil Reinhart)
Thu Jan 12 16:13:03 2017
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary=001a11401c16f6ba530545ec288d
Message-ID: <CA+PCfbKkxm6ijmQ9v6vgkjXWVLnfC5533o-RfNVnevyrRTAE1w@mail.gmail.com>
Date: Thu, 12 Jan 2017 16:11:25 -0500
Reply-To: Resnet Forum <RESNET-L@listserv.nd.edu>
From: Phil Reinhart <preinhar@ALLEGHENY.EDU>
To: RESNET-L@listserv.nd.edu
In-Reply-To: <CANtPpk586wLZmSmLiu0zB+NnHFr7qJuQi4xTroSMyFAoaiRdMg@mail.gmail.com>
--001a11401c16f6ba530545ec288d
Content-Type: text/plain; charset=UTF-8
For windows computers we often use malwarebytes.org which has a free
download. The installer can be copied to a USB drive for easier deployment.
The scan only portion works well so I don't do the trial install just the
cleanup.
Phil
--
><> <> ><>
Phil Reinhart
ITS Support/ResNet Network Administrator
Information Technology Services
Allegheny College
520 North Main Street, Meadville, Pennsylvania 16335
*Authenticity Statement:* This message came from a member of the ITS staff.
If you have questions regarding the authenticity of the message, please
contact the InfoDesk at (814)332-3768.
On Thu, Jan 12, 2017 at 11:36 AM, Mike King <me@mpking.com> wrote:
> So we've just had something happen that hasn't happen in a long time.
>
> We had a lab image have a virus on it, and a very large lab was deployed
> with the image.
>
> Of course, the lab has alot of custom software that was not scripted, but
> hand installed, so the usual answer of Nuke it and rebuild is going to be
> extrememly painful.
>
> We haven't tried to clean boxes in along time, what's is everyone's
> favorite tool set?
>
> (I don't have the exact virus right now)
> ___________________________________________________ You are subscribed to
> the ResNet-L mailing list.
>
> To subscribe, unsubscribe or search the archives, go to
> http://LISTSERV.ND.EDU/archives/resnet-l.html
> ___________________________________________________
>
___________________________________________________
You are subscribed to the ResNet-L mailing list.
To subscribe, unsubscribe or search the archives,
go to http://LISTSERV.ND.EDU/archives/resnet-l.html
___________________________________________________
--001a11401c16f6ba530545ec288d
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr">For windows computers we often use <a href=3D"http://malwa=
rebytes.org">malwarebytes.org</a> which has a free download. The installer =
can be copied to a USB drive for easier deployment. The scan only portion w=
orks well so I don't do the trial install just the cleanup.<div><br></d=
iv><div>Phil</div></div><div class=3D"gmail_extra"><br clear=3D"all"><div><=
div class=3D"gmail_signature" data-smartmail=3D"gmail_signature"><div dir=
=3D"ltr"><div><div dir=3D"ltr"><div><div dir=3D"ltr"><div><div dir=3D"ltr">=
<div>-- </div><div>><> =C2=A0<> =C2=A0><><br>Phil R=
einhart</div><div>ITS Support/ResNet Network Administrator</div><div>Inform=
ation Technology Services<br></div><div>Allegheny College </div><div>520 No=
rth Main Street, Meadville, Pennsylvania 16335</div><div><div>=C2=A0</div>=
</div><div><b>Authenticity Statement:</b> This message came from a member o=
f the=C2=A0ITS staff. If you have questions regarding the authenticity of =
the message, please contact the InfoDesk at=C2=A0<a value=3D"+18143322755">=
(814)332-3768</a>.=C2=A0 <br></div></div></div></div></div></div></div></di=
v></div></div>
<br><div class=3D"gmail_quote">On Thu, Jan 12, 2017 at 11:36 AM, Mike King =
<span dir=3D"ltr"><<a href=3D"mailto:me@mpking.com" target=3D"_blank">me=
@mpking.com</a>></span> wrote:<br><blockquote class=3D"gmail_quote" styl=
e=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div di=
r=3D"ltr">So we've just had something happen that hasn't happen in =
a long time.<div><br></div><div>We had a lab image have a virus on it, and =
a very large lab was deployed with the image. =C2=A0</div><div><br></div><d=
iv>Of course, the lab has alot of custom software that was not scripted, bu=
t hand installed, so the usual answer of Nuke it and rebuild is going to be=
extrememly painful.</div><div><br></div><div>We haven't tried to clean=
boxes in along time, what's is everyone's favorite tool set?</div>=
<div><br>(I don't have the exact virus right now)</div></div>
______________________________<wbr>_____________________
You are subscribed to the ResNet-L mailing list.
<p>
To subscribe, unsubscribe or search the archives,
go to <a href=3D"http://LISTSERV.ND.EDU/archives/resnet-l.html" target=3D"_=
blank">http://LISTSERV.ND.EDU/<wbr>archives/resnet-l.html</a>
______________________________<wbr>_____________________
</p></blockquote></div><br></div>
___________________________________________________
You are subscribed to the ResNet-L mailing list.
<p>
To subscribe, unsubscribe or search the archives,
go to <a href=3D"http://LISTSERV.ND.EDU/archives/resnet-l.html" target=3D"_blank">http://LISTSERV.ND.EDU/archives/resnet-l.html</a>
___________________________________________________
--001a11401c16f6ba530545ec288d--
