Rootkit Infection Requires Windows Reinstall 510
CWmike writes "Microsoft is telling Windows users that they'll have to reinstall the OS if they get infected with a new rootkit. A new variant of a Trojan Microsoft calls Popureb digs so deeply into the system that the only way to eradicate it is to return Windows to its out-of-the-box configuration, Chun Feng, an engineer with the Microsoft Malware Protection Center (MMPC), said last week on the group's blog. 'If your system does get infected with Trojan:Win32/Popureb.E, we advise you to fix the MBR and then use a recovery CD to restore your system to a pre-infected state,' said Feng. A recovery disc returns Windows to its factory settings."
So (Score:3, Insightful)
You always do an OSRI if you get infected by any rootkit.
Reinstall, but not Windows (Score:2, Insightful)
duh (Score:5, Insightful)
The only way a machine can be trusted after ANY infection is an OS reinstall.
Or as ripley said - nuke it from orbit, its the only way to be sure.
Re:Boot Disc (Score:5, Insightful)
Re:So system restore points don't work? (Score:5, Insightful)
Any virus can potentially do anything to your machine, including system restore points. If the machine is owned, it is owned and everything on it should be considered as suspect.
Back in the day there were a couple of BIOS viruses, which were even worse.
Re:So system restore points don't work? (Score:4, Insightful)
Recovery CD? (Score:5, Insightful)
Re:Boot Disc (Score:3, Insightful)
Re:Boot Disc (Score:5, Insightful)
To continue your flood analogy, you have three options:
1. Build out of so ething floodproof, like concrete. The *entire* house. When a flood happens, no big deal... but making changes to the house would be a big problem. This is the ChromeOS or DeepFreeze aproach: Read-only filesystem and checksums.
2. Build dams, canals and build a few feet into the air. This works for small floods, but if you get something new, it might still wipe you out. This is the Linux aproach: Try to secure things, deal with the few issues as they come up.
3. Build cheaply, and rebuild after each flood. This is the Windows re-image approach: Just assume it's going to get hit, and have a plan to rebuild afterwards.
Just my 2c.
Re:Yawn, says OSX. (Score:0, Insightful)
Rootkit makers still use Windows? ;)
The average OS X user is not only as dumb as the average Windows user (according to my experience even dumber, but I'm willing to say that my observation might be an exception), no on top of it all he also has the delusion that his OS would be invincible. (And as we have read here, Apple strongly supports this view in its shops and support.)
In other words: If there ever *is* a problem, they are fucked. Big time.
Re:Boot Disc (Score:4, Insightful)
We really need to go back to a simple (so it can be bug free) boot ROM that is proper ROM, not read/write flash. Hold key sequence to select boot media, and then boot from known-clean media. Anything that is read/write and involved in the boot process can potentially be fucked with to own your box. In the past, there have been BIOS viruses which were extremely difficult to remove - essentially as soon as the machine powers up it is owned and ready to infect whatever media you give it or intercept the operation of AV programs.
Its really only because the extra effort isn't worth it that we don't have far more serious viruses out there that are infecting EFI boot partitions, BIOS and other bits of firmware that Windows and its virus scanner software can't fix, these days.