Yeah, you read the title right. It’s based on an article I read the other day titled “Scrub Your PC Clean: Remove Malware in 4 Easy Steps” on Gizmodo. The article mostly focused on Windows-based malware caught through web browsing. I’d also say it was probably more than four steps – yeah maybe four major steps … but then each of the major steps have like eight minor steps. And even if you follow everything they recommended, it won’t guarantee a clean machine. But I understood what they’re trying to say based on their target audience, who probably aren’t as paranoid as most of us.

The Internet contains plenty of other articles, mailing lists, and forums dedicated to this very topic but I think trying to carve malware out from a system is often too time consuming and in most cases impossible. The only sure fire way to guarantee you have a clean machine is to reinstall the OS or reimage to a known good baseline.

For those of us that are paranoid, here are the four steps I recommend YOU need to know when restarting from scratch.

• Copy Needed Data to Secure Device: By “secure device” I usually recommend a write-once data DVD. This limits what files can do on subsequent systems assuming you’ve temporarily disabled autorun or autoplay. Alternatives could include thumb drives with a read-only switch or external drives mounted only for data access.
• Wipe the System’s Drive: Use whatever the appropriate command is for your system. Although not its intended purpose, I also like using DBAN just in case a normal wipe leaves any traces of the old OS (and possibly a piece of malware) behind.
• Reinstall OS & Applications: Next, start the long and arduous process of reinstalling your OS and any applications you use. Alternatively if you have a baseline image, you can simply reimage to that baseline here as well.
• Copy Data Back onto New System: Be sure to disable any autorun or autoplay features. Windows makes this setup quite complex but on Macs all settings are under System Preferences > CDs  & DVDs. Next, insert your data DVD and manually scan it for malicious files. Finally, copy all clean data back onto your system.

Beyond getting rid of malware, starting from scratch offers several other benefits as well. Some of these advantages include:

• Forcing you to do some general data housekeeping,
• Helping you remove applications you know longer use, and
• Clearing out all the OS gunk that’s been accumulating over the years.

Advanced malware on an infected machine is a very tricky beast to conquer. Rein these infestations in using a not-so-easy four step process to start from scratch. Additionally, periodically restarting like this can help keep your system running healthy.

With all of the information available on the internet, it’s sometimes hard to decide what you should spend your time reading. That’s why we started our handy “Top 3 NoVA Infosec  Blog Posts of the Week” feature; we tell you about the best blog posts written by local security bloggers each week, and you spend less time wading through the internet trying to find something good to read.

So, without further adieu, let’s get on to the posts.

#3 – Messy Malware: For those of you who become gleeful at the thought of learning about new malware (you know who you are) you will definitely want to check out the post “Microsoft DirectShow MPEG2TuneRequest Stack Overflow P0C” on the @carnal0wnage blog. While the malware may no longer be ‘brand new’ per say (as pointed out in the post, this malware has been floating around on some Chinese forums for awhile), it’s still interesting to read about. You can check out the full post here.

#2 – The Meaning of APT: Can you imagine a topic that only retrieves 34 results from Google? According to Richard Bejtlich of TaoSecurity, Advanced Persistent Threat (APT) is one of those things. Says Bejtlich in his post “You Down with APT?,” “APT is one of those subjects that is very important but not well understood outside the defense industry.” He ends the post by saying “[i]f you’re not down with APT, you need to be.” To ‘get down with APT’ and learn more about it, check out Bejtlich’s full post on APT here.

#1 – Destroy That Data: In their post “Darik’s Boot and Nuke (DBAN),” @geminisecurity tackles a topic that you don’t hear about often enough: Destroying data before retiring, selling, or destroying computer systems. While @geminisecurity says that you can use DBAN for newer systems, what do you do with the older systems? Other than using “a chainsaw and a hammer” to get rid of the data, @geminisecurity suggests the words that make all of the do-it-yourselfer’s cringe: “pay someone else to do it.” While it’s tempting to think that you can handle the complete destruction or removal of data from an older system, sometimes it ‘pays’ to pay a specialist to do it. But for those of you who have the newer systems and would like to know more about DBAN, check out the full post by @geminisecurity here.

Well, that’s all for this week. Be sure to follow me @grecs during the week for more great posts from local bloggers.

o o o o o

Speaking of great local bloggers… we’re looking for some great guest bloggers to feature on NovaInfosecPortal. If you’re interested, feel free to contact us or send us a tweet.