Honestly you do have a point.
Comment on How do I prevent hackers from stealing my debit card information?
RagingNerdoholic@lemmy.ca 1 year agoTo be fair, factory resets are a huge pain in the ass. Might as well try other things before busting out the nuclear option.
EdibleFriend@lemmy.world 1 year ago
nous@programming.dev 1 year ago
Once you suspect a device is infected the only good option is the nuclear option. Anything else will not be guaranteed to 100% remove it, or really, anywhere near close to that, or even detect everything wrong in the first place or after attempted removal. And with a month long period between attacks that is a long time to wait and see to see if any other option might work.
comic_zalgo_sans@lemmy.world 1 year ago
RagingNerdoholic@lemmy.ca 1 year ago
Absolutely. Use an efficient disk imager that can take incremental snapshots and you can keep backups for months or years without needing a ton of storage.
RagingNerdoholic@lemmy.ca 1 year ago
True, but I would confirm a device is compromised before nuking the OS, not just do it willy-nilly because maybe it could be. A better way to phrase what OP is asking is: what are some ways to troubleshoot this without making a ton of potentially unnecessary work for myself?
…to which I would say, run a
netstat
on any systems that can, check those IP’s against WHOIS and/or traceroute. Anything that traces to Eastern Europe, Russia, China, most of SEA is a red flag. Dig a little deeper with Wireshark or Glasswire to inspect some actual packets for suspicious content. I think there’s a network logger that can trace the process using a given connection, but the name eludes me).Find your smoking gun, then torch the OS.