Comment

Comment on How do I prevent hackers from stealing my debit card information?

Once you suspect a device is infected the only good option is the nuclear option. Anything else will not be guaranteed to 100% remove it, or really, anywhere near close to that, or even detect everything wrong in the first place or after attempted removal. And with a month long period between attacks that is a long time to wait and see to see if any other option might work.

source

Sort:hotnew top

comic_zalgo_sans@lemmy.world ⁨1⁩ ⁨year⁩ ago
[deleted]
source
- RagingNerdoholic@lemmy.ca ⁨1⁩ ⁨year⁩ ago
  Absolutely. Use an efficient disk imager that can take incremental snapshots and you can keep backups for months or years without needing a ton of storage.
  
  source
RagingNerdoholic@lemmy.ca ⁨1⁩ ⁨year⁩ ago
True, but I would confirm a device is compromised before nuking the OS, not just do it willy-nilly because maybe it could be. A better way to phrase what OP is asking is: what are some ways to troubleshoot this without making a ton of potentially unnecessary work for myself?

…to which I would say, run a netstat on any systems that can, check those IP’s against WHOIS and/or traceroute. Anything that traces to Eastern Europe, Russia, China, most of SEA is a red flag. Dig a little deeper with Wireshark or Glasswire to inspect some actual packets for suspicious content. I think there’s a network logger that can trace the process using a given connection, but the name eludes me).

Find your smoking gun, then torch the OS.

source