Here were my steps to recovery.
- Have a previous disk image of the system from a known good time. I keep these images on a removable USB hard disk that I keep just for these emergencies. I periodically update these images (roughly once every 3 months).
- Boot into Knoppix.
- I actually used my Ipod Video to make the backups of the files that were not in my image. Luckily, Knoppix recognized the Ipod as a removable storage device, so all I needed to do was copy the files over.
- Wipe the drive. This step really isn’t necessary, but I did so out of spite to destroy the infected disk image. On some primitive subconscious level, this satisfied me in a way that beating down a delinquent payee must satisfy a bookie. The steps to wipe the drive are to run DD using the following command:”dd if=/dev/zero of=/dev/hda bs=100k count=1000”This won’t wipe the whole drive, but it will wipe out the MBR and partition information and render the disk unbootable.
- Restore the disk via the previous disk image. Knoppix likes to mount USB drives as SCSI drives, therefore the designation that the USB drive had when plugged in was SDA1. The drive gets auto-mounted on plug-in. To restore the disk is pretty easy, and I outlined the steps in this article, so there is no need to repeat.
- Reboot without Knoppix in the CD Drive and away I go.
So now this whole ordeal is behind me. I must admit a little embarrassment in having gotten the virus to begin with, however my recovery time cost me a total of an hour of sitting and waiting for the disk to re-image, which is time I spent catching up on the episodes of “The Shield” that I rented. And I deny the spammer a zombie machine. Too bad there are millions more out there.
Posts
No comments:
Post a Comment