Small Business Susan

Can you really clean a compromised system?

POINT:
Don’t write it, read it instead! – Microsoft Malware Protection Center – Site Home – TechNet Blogs:
http://blogs.technet.com/b/mmpc/archive/2011/06/22/don-t-write-it-read-it-instead.aspx?wa=wsignin1.0
“If your system is infected with Trojan:Win32/Popureb.E, we advise fixing the MBR using the Windows Recovery Console to return the MBR to a clean state. “


 


COUNTERPOINT:


http://technet.microsoft.com/en-us/library/cc512587.aspx
“You can’t clean a compromised system by removing the back doors. You can never guarantee that you found all the back doors the attacker put in. The fact that you can’t find any more may only mean you don’t know where to look, or that the system is so compromised that what you are seeing is not actually what is there.”



3 comments ↓

  • #   Dean on 06.29.11 at 12:34 pm     

    It only took two years to get you to go from “I’m sure” to “I’m not sure” :-)


  • #   Roman on 06.29.11 at 1:59 pm     

    Cannot agree more … Once compromised = compromised – Start over :-) at least in my environment


  • #   Dean on 06.30.11 at 1:00 pm     

    Wow

    http://www.theregister.co.uk/2011/06/29/tdss_alureon_advances/