Great article by Jesper Johansson at http://technet.microsoft.com/en-us/library/cc512587.aspx
Here are the key take home messages:
- You can’t clean a compromised system by patching it.
- You can’t clean a compromised system by removing the back doors
- You can’t clean a compromised system by using some “vulnerability remover.”
- You can’t clean a compromised system by using a virus scanner
- You can’t clean a compromised system by reinstalling the operating system over the existing installation
- You can’t trust any data copied from a compromised system
- You can’t trust the event logs on a compromised system
- You may not be able to trust your latest backup
- The only way to clean a compromised system is to flatten and rebuild
HTH,
Tom
Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer
Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING documentation | integration | virtualization
Email: [email protected]
MVP – Forefront Edge Security (ISA/TMG/IAG)