Rootkit Infection Requires Windows Reinstall

CWmike writes "Microsoft is telling Windows users that they'll have to reinstall the OS if they get infected with a new rootkit. A new variant of a Trojan Microsoft calls Popureb digs so deeply into the system that the only way to eradicate it is to return Windows to its out-of-the-box configuration, Chun Feng, an engineer with the Microsoft Malware Protection Center (MMPC), said last week on the group's blog. 'If your system does get infected with Trojan:Win32/Popureb.E, we advise you to fix the MBR and then use a recovery CD to restore your system to a pre-infected state,' said Feng. A recovery disc returns Windows to its factory settings."

So system restore points don't work?

I had a nasty infection a while ago that corrupted my system restore points. I haven't had a problem like that since I upgraded to Vista or Windows 7.

Does this virus kill system restore too?

And before anyone makes any snarky comments about switching to Linux look at all the nasty software infecting Android phones right now.

time to re-think OS architecture

We all need a major re-think of how OS is installed on the computer, how it is architected, etc.

Seems to me that a low-level kernel in FLASH, which can only be upgraded with a hardware key inserted (e.g., the kernel FLASH blocks can only be written when there is a physical device plugged into the system), which then supports a number of different OS images using virtual machine concept, is the way to go. I the image of any VM gets rooted, you just toss it and revert to last backup. The flash is immune to tricks, because you must insert a hardware key to upgrade it, so trojans could not over-write the FLASH-based kernel, the worst that can happen is that one of the OS images get corrupted, then you just revert to saved.

Re:Reinstall, but not Windows

[ColdWetDog]

The only purpose it serves is to save the geek the trouble of trying to understand why Linux as a client OS is on life support. StatCounter Global Stats

Hey, don't count Linux out just yet. It's making progress in some parts of the world..

Like Norfolk Island. Next year: Some other isolated bit of humanity. You might think it a hopeless endevour, but when the world goes to hell in a handbasket, who's going to be left holding the keys to mankind's future: Isolated tiny islands in the middle of nowhere.

Face it, you just don't understand the Linux world-domination strategy.

Re:Boot Disc

[Hylandr]

What I do is remove the drive from the system, slap it into an external enclosure and scan from a clean machine after unplugging that machine from the network.

If it kills system files then I replace or repair it once I boot from the recently cleaned hdd. Also, delete the swap file before you plug it back in. hasn't failed me yet.

- Dan.

Re:Boot Disc

[Joce640k]

Yep...once the virus is in the antivirus is useless. The virus will have no problem setting permissions, etc. so your antivirus can't touch it. And...given that most antivirus programs take a week or so to respond to new viruses, it makes them mostly useless.

If somebody's the sort of person who gets viruses an antivirus won't save them.

Re:Boot Disc

[hairyfeet]

So how's that 6 month upgrade death march working out for ya? How many forum hunts have you had to do to find driver fixes in the last couple of years? anybody who says with a straight face that 6 months is long enough for even basic QA on an OS is just frankly insane. So far I have tried Ubuntu/Mint, Mepis, Mandriva, and PCLinuxOS and on every. single. one. when the upgrades rolled around at least one if not many drivers would shit themselves and die. This is why I won't carry Linux in my shop nor allow it in my home.

The sad part is other than Linus Torvalds being an absolute douche and treating the kernel as his personal playtoy and not allowing Linux to have what everyone else has had for a decade or more, BSD, Solaris, OSX, Windows, OS/2, a stable hardware ABI so updates don't hose drivers? Well other than that I found Linux was nice, low resource, and had plenty of apps. Of course that is like saying other than the assassination thing Mr and Mrs Kennedy had a nice trip to Dallas.

That is why when I go pick up my new playtoy tomorrow ( found a sweet little 750Mhz Toshiba laptop in mint state with case and DVD external for $40, just couldn't turn that down for a new hack toy) I'll be putting on TinyXP. Funny that users talk about low resource use for Linux when I have yet to see anybody beat TinyXP, the whole thing uses less than 64Mb for a fully loaded desktop. Since I have plenty of XP licenses laying around it ought to be perfect for that little WinME lappy.

So while I'm glad that Ubuntu works for you frankly I found Linux to be too big a PITA, with too much time spent on forum hunts and driver fixes than the thing was worth. It is a shame too, as I have 4 1.4Ghz machines sitting right in front of me that will probably end up in the dump as the XP licenses to reload them are worth more than the boxes, but with Linux I'd either have to do a Dell and disable updates and leave them vulnerable to the next flash zero day that comes along, or provide free lifetime support for all the drivers that get hosed on the upgrade death march. Frankly it just ain't worth the effort for boxes that are worth maybe $30 a piece, so in the garbage they'll go. I hate throwing working gear away but what choice do I have?