Tech Support Forum - View Single Post - Infected by trojans in pseudo-codec

Ried · 11-09-2008, 04:36 PM

Hello yst_dfm,

1. After becoming infected, the only way to be certain the system is clean is to reformat and reinstall Windows. Please don't misunderstand, I'm not trying to be a smart alek here, but one can never be sure there isn't a keylogger still present. There may be files placed on a system that aren't yet recognized by scanners. If there is a keylogger still onboard, changing your login and passwords will not protect you. You would have to access financial institutions from a known clean computer to be 'safe'. Think of it this way--this is a cat and mouse situation--malware writers come out with new ways to infect a system, then AV's and Anti Malware vendors find out and try to add them to their database. Thing is, the mutations come out much faster than the vendors can keep up--which is where we come in with our specialty scanners and tools.

2. Now I'm confused again.

The recovery partition should not be accessible by you at all. Let me ask you this--which drive letter is your Recovery Partition?

3. No, you want to keep the Recovery Console installed. While it may not be needed at this time, infections these days tend to patch a lot of critical system files which often result in multiple problems, one of which can be an unbootable machine. Having Window's Recovery Console installed on your machine in advance can save a lot of heartache in the future. See this link for a sampling of how the Recovery Console can be used.

11-09-2008, 04:36 PM	#12 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 26,555 OS: WinXP and Vista	Re: Infected by trojans in pseudo-codec Hello yst_dfm, 1. After becoming infected, the only way to be certain the system is clean is to reformat and reinstall Windows. Please don't misunderstand, I'm not trying to be a smart alek here, but one can never be sure there isn't a keylogger still present. There may be files placed on a system that aren't yet recognized by scanners. If there is a keylogger still onboard, changing your login and passwords will not protect you. You would have to access financial institutions from a known clean computer to be 'safe'. Think of it this way--this is a cat and mouse situation--malware writers come out with new ways to infect a system, then AV's and Anti Malware vendors find out and try to add them to their database. Thing is, the mutations come out much faster than the vendors can keep up--which is where we come in with our specialty scanners and tools. 2. Now I'm confused again. The recovery partition should not be accessible by you at all. Let me ask you this--which drive letter is your Recovery Partition? 3. No, you want to keep the Recovery Console installed. While it may not be needed at this time, infections these days tend to patch a lot of critical system files which often result in multiple problems, one of which can be an unbootable machine. Having Window's Recovery Console installed on your machine in advance can save a lot of heartache in the future. See this link for a sampling of how the Recovery Console can be used. __________________ Member of ASAP since 2005 Member of UNITE since 2006 "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."