Rootkit Infection Requires Windows Reinstall 510
CWmike writes "Microsoft is telling Windows users that they'll have to reinstall the OS if they get infected with a new rootkit. A new variant of a Trojan Microsoft calls Popureb digs so deeply into the system that the only way to eradicate it is to return Windows to its out-of-the-box configuration, Chun Feng, an engineer with the Microsoft Malware Protection Center (MMPC), said last week on the group's blog. 'If your system does get infected with Trojan:Win32/Popureb.E, we advise you to fix the MBR and then use a recovery CD to restore your system to a pre-infected state,' said Feng. A recovery disc returns Windows to its factory settings."
So system restore points don't work? (Score:0, Interesting)
I had a nasty infection a while ago that corrupted my system restore points. I haven't had a problem like that since I upgraded to Vista or Windows 7.
Does this virus kill system restore too?
And before anyone makes any snarky comments about switching to Linux look at all the nasty software infecting Android phones right now.
time to re-think OS architecture (Score:4, Interesting)
We all need a major re-think of how OS is installed on the computer, how it is architected, etc.
Seems to me that a low-level kernel in FLASH, which can only be upgraded with a hardware key inserted (e.g., the kernel FLASH blocks can only be written when there is a physical device plugged into the system), which then supports a number of different OS images using virtual machine concept, is the way to go. I the image of any VM gets rooted, you just toss it and revert to last backup. The flash is immune to tricks, because you must insert a hardware key to upgrade it, so trojans could not over-write the FLASH-based kernel, the worst that can happen is that one of the OS images get corrupted, then you just revert to saved.
Re:Reinstall, but not Windows (Score:5, Interesting)
The only purpose it serves is to save the geek the trouble of trying to understand why Linux as a client OS is on life support. StatCounter Global Stats [statcounter.com]
Hey, don't count Linux out just yet. It's making progress in some parts of the world..
Like Norfolk Island [statcounter.com]. Next year: Some other isolated bit of humanity. You might think it a hopeless endevour, but when the world goes to hell in a handbasket, who's going to be left holding the keys to mankind's future: Isolated tiny islands in the middle of nowhere.
Face it, you just don't understand the Linux world-domination strategy.
Re:Boot Disc (Score:4, Interesting)
What I do is remove the drive from the system, slap it into an external enclosure and scan from a clean machine after unplugging that machine from the network.
If it kills system files then I replace or repair it once I boot from the recently cleaned hdd. Also, delete the swap file before you plug it back in. hasn't failed me yet.
- Dan.
Re:Boot Disc (Score:4, Interesting)
Yep...once the virus is in the antivirus is useless. The virus will have no problem setting permissions, etc. so your antivirus can't touch it. And...given that most antivirus programs take a week or so to respond to new viruses, it makes them mostly useless.
If somebody's the sort of person who gets viruses an antivirus won't save them.
Comment removed (Score:2, Interesting)