This situation has only escalated to this point in recent times.
I used to have a business on the side doing PC service and upgrading work, on call. About half of my calls were from small businesses or individuals who needed malware and virus cleanups.
Back then, it was definitely possible to clean a system so it was back to normal working condition again, although sometimes it was VERY time consuming. You had to run multiple tools on the system, including ones that booted from recovery OS's you had on bootable CD, DVD or USB stick. Admittedly, you couldn't PROVE you had a system 100% clean, but when over a dozen scanning tools say it's clean and you no longer see any excessive CPU usage or disk chatter, and you can't find anything acting abnormally or showing up in the task manager? It's clean enough to make a paying customer happy.
The best answer was ALWAYS to wipe and reinstall from scratch. But sometimes that's not even viable. (EG. Customer has numerous apps installed that he or she no longer has license keys or installation media for and doesn't want to lose them.) If you really CAN'T get it clean, then you can tell them they're screwed and have to start over fresh -- but they're NOT gonna pay you for that answer.
What's crazy, now, is how these rootkits have gotten so advanced, they're really winning the battle for the first time in computing history. I fought for days to remove malware on a PC for a friend, last month, and despite throwing everything I knew of at it and manually poring over all possible registry locations that can start an app on boot or login? I never did feel confident I had it fully cleaned. It was better/usable instead of freezing up and running so slowly, it was useless. And everything reported it clean. But to me, it just didn't feel quite right. I just saw too many little pauses or hesitations that MAY have been his CPU being too old and slow. But not having used his laptop before the infection, I couldn't say for certain. I wound up advising him to wipe the machine and use it as an opportunity to upgrade to a new SSD.
Re: (Score:3)
Re:Nuke from orbit; restore from backups. (Score:2)
This situation has only escalated to this point in recent times.
I used to have a business on the side doing PC service and upgrading work, on call. About half of my calls were from small businesses or individuals who needed malware and virus cleanups.
Back then, it was definitely possible to clean a system so it was back to normal working condition again, although sometimes it was VERY time consuming. You had to run multiple tools on the system, including ones that booted from recovery OS's you had on bootable CD, DVD or USB stick. Admittedly, you couldn't PROVE you had a system 100% clean, but when over a dozen scanning tools say it's clean and you no longer see any excessive CPU usage or disk chatter, and you can't find anything acting abnormally or showing up in the task manager? It's clean enough to make a paying customer happy.
The best answer was ALWAYS to wipe and reinstall from scratch. But sometimes that's not even viable. (EG. Customer has numerous apps installed that he or she no longer has license keys or installation media for and doesn't want to lose them.) If you really CAN'T get it clean, then you can tell them they're screwed and have to start over fresh -- but they're NOT gonna pay you for that answer.
What's crazy, now, is how these rootkits have gotten so advanced, they're really winning the battle for the first time in computing history. I fought for days to remove malware on a PC for a friend, last month, and despite throwing everything I knew of at it and manually poring over all possible registry locations that can start an app on boot or login? I never did feel confident I had it fully cleaned. It was better/usable instead of freezing up and running so slowly, it was useless. And everything reported it clean. But to me, it just didn't feel quite right. I just saw too many little pauses or hesitations that MAY have been his CPU being too old and slow. But not having used his laptop before the infection, I couldn't say for certain. I wound up advising him to wipe the machine and use it as an opportunity to upgrade to a new SSD.