also if possible putting the hardrive in another computer is a good Idea. 1 reason most of these infections problems are loaded at boot. booting from another hard drive and then mounting the drive and running scans on it is a good Idea. this can usually be used to safely transport unninfected data. or even repair the system without moving data.
<br><br><div><span class="gmail_quote">On 8/22/06, <b class="gmail_sendername">Thomas Hruska</b> <<a href="mailto:thruska@cubiclesoft.com">thruska@cubiclesoft.com</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Jim Fick wrote:<br>> Would it be better to just disconnect the LAN/Internet connection and<br>> leave the system running? That way you don't lose what might be in<br>> memory.<br>><br>> James A. Fick, Jr<br>
<br>It really depends on how good you are at recovery scenarios. However, a<br>lot of people don't have a plan or can't formulate one and start<br>executing it in five minutes. Some backdoor might also be programmed to<br>
start overwriting random files if it can't connect to a remote host for<br>some set amount of time...causing damage to files and data if you don't<br>start doing things right away. Most systems have critical data that has
<br>to be gotten off the drive and people have this preference that their<br>data remain intact. If the computer is off, no program can be running<br>that could destroy data. Weigh your risks between losing data and<br>
discovering every last detail of the malware. Once you have a detailed<br>plan laid out (on paper) for the compromised computer, it becomes a lot<br>easier to get up and running again.<br><br>Turning off the computer is also a good step to warding off panic. The
<br>initial response to being hacked is to panic. That's the worst mental<br>state any computer administrator can have and will result in data loss.<br> With the computer off, you can take your time, calm down, and start
<br>thinking logically about the recovery process.<br><br>--<br>Thomas Hruska<br>CubicleSoft President<br>Ph: 517-803-4197<br><br>Safe C++ Design Principles (First Edition)<br>Learn how to write memory leak-free, secure,<br>
portable, and user-friendly software.<br><br>Learn more and view a sample chapter:<br><a href="http://www.CubicleSoft.com/SafeCPPDesign/">http://www.CubicleSoft.com/SafeCPPDesign/</a><br><br>_______________________________________________
<br>linux-user mailing list<br><a href="mailto:linux-user@egr.msu.edu">linux-user@egr.msu.edu</a><br><a href="http://mailman.egr.msu.edu/mailman/listinfo/linux-user">http://mailman.egr.msu.edu/mailman/listinfo/linux-user</a>
<br></blockquote></div><br>