Continued from page 1
Restart your PC in DOS mode (NT/Win2k users should boot from cd-rom or setup disks) Use FDISK command to delete all partitions on disk (NT/2k users should follow appropriate prompts in setup program) Power cycle your PC with setup disk in floppy drive or CD-Rom drive as appropriate (switch off, wait 10 seconds, switch on). This applies to all versions of windows including NT and win2k (power cycle after removing partitions, don't worry about still being in setup utility) and ensures that any memory-resident or boot sector virus is removed. Reload your operating system & required drivers from original disks. At this point you'll have a working system with no software installed other than operating system & drivers. Assuming you used only original media, system will be free of any Trojan horse or virus but may not be secure.
Step 4 : Secure your system and load additional software. You now need to obtain and apply latest security patches for your operating system. Ideally you should download these from their source using another machine and apply them from disk. If that is not possible, connect your rebuilt system to internet for minimum period possible to obtain patches you need. Apply them at once. You should be aware that this opens your system to potential compromise while you are downloading patches so keep connection as short as possible. Windows 98,ME and 2000 users can use 'Windows Update' function to automatically update their systems.
Once your system is updated, you can begin installing additional software. Be sure only to use software you know has not been tampered with, ideally from original distribution media. If necessary, download a fresh copy from source and use that. Install software in a logical order, beginning with security-related products (anti-virus, firewall etc.).
Step 5 : Finishing off Once you've installed and configured all your software you are ready to begin restoring data from backups. Before doing so, you may wish to make an image copy of your system using a utility such as Norton's ghost. This will allow you to quickly restore machine to a known clean state in event of future compromise. If you do this, store image on non-volatile media such as CD-Rom. You may also wish to take a 'fingerprint' of files installed on your machine to enable comparison in future. See 'Attack Mitigation' for details on this.
When you eventually restore data, do so gradually especially if you copied files from an infected machine. Virus scan each one first and discard any with unexpected macros.
That's it, your machine is now rebuilt and ready to reconnect to network and internet. It's been a lot of work but you now know for sure that your machine is virus-free and reasonably secure against attack in future.
Attack Mitigation
There are a number of steps you can take to limit damage done by a system compromise. Not all apply to all systems and some require additional software but they can make you life considerably easier if you are unfortunate enough to be hacked.
File Signatures Keeping a database of file signatures can help you pinpoint any files which change unexpectedly. This is often one of first signs of a security breach. You can get free file signature checkers from a number of sources, we suggest WinTerrogate (all versions of windows, basic but effective) from http://winfingerprint.sourceforge.net or LANGuard File Integrity Checker (NT/2000 only, more advanced) from http://www.gfi.com/languard
Image Files Taking an image of your disk regularly can dramatically reduce amount of work involved in recovering from a security breach. The best known tool for doing this is Norton's GHOST although there are other options. You should keep two or three images files on non-volatile media and update them regularly.
Keep data on a separate partition. Keeping your data on a separate partition (ideally on a separate disk) will reduce amount of work needing done if you have to rebuild system. It also makes backing up much easier and can improve overall system performance.
www.str8junk.com
An elite team of regular "Joes's" fighting back & making huge cash online one day at a time. dDawg as a team has been able to create a profit on the internet. http://www.str8junk.com