Slashdot Mirror

← Back to Stories (view on slashdot.org)

Rootkit Infection Requires Windows Reinstall

Posted by timothy on from the spring-cleaning-comes-late dept.

CWmike writes "Microsoft is telling Windows users that they'll have to reinstall the OS if they get infected with a new rootkit. A new variant of a Trojan Microsoft calls Popureb digs so deeply into the system that the only way to eradicate it is to return Windows to its out-of-the-box configuration, Chun Feng, an engineer with the Microsoft Malware Protection Center (MMPC), said last week on the group's blog. 'If your system does get infected with Trojan:Win32/Popureb.E, we advise you to fix the MBR and then use a recovery CD to restore your system to a pre-infected state,' said Feng. A recovery disc returns Windows to its factory settings."

4 of 510 comments (clear)

  1. time to re-think OS architecture by Anonymous Coward · · Score: 4, Interesting

    We all need a major re-think of how OS is installed on the computer, how it is architected, etc.

    Seems to me that a low-level kernel in FLASH, which can only be upgraded with a hardware key inserted (e.g., the kernel FLASH blocks can only be written when there is a physical device plugged into the system), which then supports a number of different OS images using virtual machine concept, is the way to go. I the image of any VM gets rooted, you just toss it and revert to last backup. The flash is immune to tricks, because you must insert a hardware key to upgrade it, so trojans could not over-write the FLASH-based kernel, the worst that can happen is that one of the OS images get corrupted, then you just revert to saved.

  2. Re:Reinstall, but not Windows by ColdWetDog · · Score: 4, Interesting

    The only purpose it serves is to save the geek the trouble of trying to understand why Linux as a client OS is on life support. StatCounter Global Stats

    Hey, don't count Linux out just yet. It's making progress in some parts of the world..

    Like Norfolk Island. Next year: Some other isolated bit of humanity. You might think it a hopeless endevour, but when the world goes to hell in a handbasket, who's going to be left holding the keys to mankind's future: Isolated tiny islands in the middle of nowhere.

    Face it, you just don't understand the Linux world-domination strategy.

    --
    Faster! Faster! Faster would be better!
  3. Re:Boot Disc by Hylandr · · Score: 3, Interesting

    What I do is remove the drive from the system, slap it into an external enclosure and scan from a clean machine after unplugging that machine from the network.

    If it kills system files then I replace or repair it once I boot from the recently cleaned hdd. Also, delete the swap file before you plug it back in. hasn't failed me yet.

    - Dan.

    --
    ~ People that think they are better than anyone else for any reason are the cause of all the strife in the world.
  4. Re:Boot Disc by Joce640k · · Score: 3, Interesting

    Yep...once the virus is in the antivirus is useless. The virus will have no problem setting permissions, etc. so your antivirus can't touch it. And...given that most antivirus programs take a week or so to respond to new viruses, it makes them mostly useless.

    If somebody's the sort of person who gets viruses an antivirus won't save them.

    --
    No sig today...