The "Right" Way To Fix a Malware Infection Is To Completely Reload
The security folks at Microsoft have come to this conclusion as well. In a security presentation at the Infosec World conference Mike Danseglio, program manager in the Security Solutions group at Microsoft stated the following:
This is in acknowldement to the fact that some infections are self healing and can essentially re-infect a system even when all visible traces are removed. The truth of the matter here is that this malware is so good at hiding in all the nooks and crannies that it is practically impossible to remove the bad software without a complete reload.
To make matters worse some malware is written so that it doesn't produce any performance impact to the system and there are no visible signs of infection. These malware writers have figured out that there is money to be made by stealing peoples information and in creating botnets and they don't want the end user to know that their machines are infected. If the user knows that there is an annoying infection he/she might do something to remove the software or reload the OS and effectively clean the infections.
Ultimately, the only realy way to be reasonably confident that your machine is clean is to reload from scratch and operate as a restricted user for day to day computing.
"When you are dealing with rootkits and some advanced spyware programs, the only solution is to rebuild from scratch. In some cases, there really is no way to recover without nuking the systems from orbit."
This is in acknowldement to the fact that some infections are self healing and can essentially re-infect a system even when all visible traces are removed. The truth of the matter here is that this malware is so good at hiding in all the nooks and crannies that it is practically impossible to remove the bad software without a complete reload.
To make matters worse some malware is written so that it doesn't produce any performance impact to the system and there are no visible signs of infection. These malware writers have figured out that there is money to be made by stealing peoples information and in creating botnets and they don't want the end user to know that their machines are infected. If the user knows that there is an annoying infection he/she might do something to remove the software or reload the OS and effectively clean the infections.
Ultimately, the only realy way to be reasonably confident that your machine is clean is to reload from scratch and operate as a restricted user for day to day computing.
