Can you really clean a compromised system?

POINT:
Don’t write it, read it instead! – Microsoft Malware Protection Center – Site Home – TechNet Blogs:
http://blogs.technet.com/b/mmpc/archive/2011/06/22/don-t-write-it-read-it-instead.aspx?wa=wsignin1.0
“If your system is infected with Trojan:Win32/Popureb.E, we advise fixing the MBR using the Windows Recovery Console to return the MBR to a clean state. “


 


COUNTERPOINT:


http://technet.microsoft.com/en-us/library/cc512587.aspx
“You can’t clean a compromised system by removing the back doors. You can never guarantee that you found all the back doors the attacker put in. The fact that you can’t find any more may only mean you don’t know where to look, or that the system is so compromised that what you are seeing is not actually what is there.”

3 Thoughts on “Can you really clean a compromised system?

  1. It only took two years to get you to go from “I’m sure” to “I’m not sure” :-)

  2. Roman on June 29, 2011 at 1:59 pm said:

    Cannot agree more … Once compromised = compromised – Start over :-) at least in my environment

Post Navigation