I wrote a post over a year ago about how I deal with PCs which have become infected with malware (viruses/trojans/worms/rootkits, etc.):
what I do, is to re-install the OS – more often recently it is XP, turn off System Restore, install XP SP2, Microsoft Anti Spyware, Spybot, Adaware, and AVG… or consider formatting the PC.
It seems that I was on the money with that advice – eWeek are reporting today that Mike Danseglio, program manager in the Security Solutions group at Microsoft said at an InfoSec conference in Florida yesterday:
When you are dealing with rootkits and some advanced spyware programs, the only solution is to rebuild from scratch. In some cases, there really is no way to recover without nuking the systems from orbit
Malware is becoming more difficult to detect because malware writing has become a big business. The people who write these malware programs now do so for profit. They write programs which allow them to use infected machines (to send spam, for instance) and they sell their services to companies who want use infected machines. The more machines they control, the more money they can make. It is therefore in the malware writer’s interest that the malware be as unobtrusive and difficult to detect as possible.
We’ve seen the self-healing malware that actually detects that you’re trying to get rid of it. You remove it, and the next time you look in that directory, it’s sitting there. It can simply reinstall itself,
This is similar to my observation that malware can hide in the System Restore volume and can re-install themselves after a scan is run.
The one place where Danseglio and I disagree fundamentally is in the apportioning of blame. Danseglio said:
Social engineering is a very, very effective technique. We have statistics that show significant infection rates for the social engineering malware. Phishing is a major problem because there really is no patch for human stupidity
Personally, I believe that if the software allows people to be fooled into clicking on a phishing link (and some of the phishing emails I have received have been extremely convincing), then it is the software which is stupid and not the user.