[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On 10/11/11 12:21, Keith Abraham wrote:
Thanks for that - the user is normally ok with security but was talking to BT on the phone about something yesterday and omitted to turn his firewall back on after accidentally turning it off and got hacked almost immediately.On 10/11/11 10:55, tom wrote:Friend with XP thinks he has something deleting files on his system. He's turned it off but where do we go from here? Any advice welcome... Tom te tom te tomI've done all of the following at one time or another.Easiest method is to hope the user has set a System Restore Point and go back to that. i.e. Start/All Programs/Accessories/System Tools/System Restore.Failing that reinstall. ORBoot into SystemRescueCD (google for it) or any linux livecd with clamav on it.run clamd and then freshclam (ensures clam database is up to date)run fdisk -l and note the boot partition marked with and asterisk (eg/dev/sda1)as root type: cd mkdir mnt mount /dev/sda1 /mnt/windows(/dev/sda1 is the partition labelled with the asterisk and it's now mounted as /mnt/windows)cd /mnt/windows now run clamscan -irv --remove /mnt/windows(this will scan all files and show a summary) This step is where the expertise comes in. If an infected files is found you'll be prompted to remove it yes or no. If the file is a system file then it's probably easier go into Safe Mode back up user data, format and reinstall else just remove the file.And Educate the user about security. Keith
Tom te tom te tom -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq