There have been a lot of discussions about various aspects of Conficker, definitely the most prevalent worm in last couple of years. Symantec posted a nice series of articles about how Conficker is innovative in various things. One of those innovative things is the use of the autorun.inf file on USB removable media which I described at http://isc.sans.org/diary.html?storyid=5695. |
Bojan 402 Posts ISC Handler Feb 9th 2009 |
Thread locked Subscribe |
Feb 9th 2009 1 decade ago |
So, any clever way to make a \"hidden\", protected or spare copy of a system restore point? Or just stick with some other backup utility?
|
Anonymous |
Quote |
Feb 10th 2009 1 decade ago |
Mike, I'd suggest using a third party backup utility, if you depend on such types of backup. Any System Restore point created by Windows can be easily removed by the worm - as far as I know there is no way of creating a hidden SR point.
|
Bojan 402 Posts ISC Handler |
Quote |
Feb 13th 2009 1 decade ago |
Actually, I do not see it removing all restore points - in fact I see a number of removal tools -missing- Conficker C+ infections in the restore points. It does, however, disable safe mode quite effectively.
|
hacks4pancakes 48 Posts |
Quote |
Aug 12th 2009 1 decade ago |
Sign Up for Free or Log In to start participating in the conversation!