Sometimes one gets lucky

The rogue antivirus app isn't the infection, nor does it invite friends. It's the droppers that cause the popup to install it that opens the door for more malware to load. No doubt your initial over the phone cleansing got all those nasties out and since he'd already installed the av360, it just sat there doing nothing.

 

Had to go and pop your bubble,didn't he.

 

Rootkits? Forget cleaning and repairing. Do a fresh reinstall of Windows, install AV, update AV, apply Windows updates, reload any trusted files (e.g. pictures, documents).

 

The easy way, isn't that just sweeping it under the carpet.

 

I agree with wildfire...I will only reinstall Windows as a last resort if cleaning fails. I used to be a "HJT Helper" on a few forums and helped "users" clean their PC's...many of these users were quite computer illiterate so telling them just to reinstall their PC was only an option of last restore.

 

Early on, rootkit infections were rarely seen in the wild and presented quite a risk to system security overall, even after removal, due to the ability to alter virtually anything in the operating system unhindered without the user ever knowing fully what that might be. While I will not state that it is not still possible to do that, I will say the risk of it is now a lesser concern with most rootkit infections. The reason for that is that rootkits are now being widely used by malware authors to conceal their files and make them harder to detect and remove, yet the intent of the rootkit is to do just that and no more. It always comes down to user preference, and just how much they trust the system after having a rootkit infection. I would not hesitate to wipe a rootkited system in a business environment regardless the nature of the infection, and would recommend the same to anyone. I would be reluctant to do so in a home computing environment, depending on which rootkit family was identified.

 

Dave,

I understand what you are saying but I'll clarify (if I may) my sweeping it under the carpet statement.

If users (whether home or business) beleive the problem is solved by a simple reinstall then they would never learn anything. I agree circumstances could point toward a reinstall being the best option however, the person(s) concerned should also be educated in worst case scenarios regarding data backup etc and safer networking.

IMHO a reinstall should be the last option but too many stores offer it as the first (and often the only) option.

My opinion, education and repair should be regarded on the same level, far too many people think repair is all that matters.

Anyway rant over, WindowsBBS is still great place to visit

 

I think we're all in agreement there, for the home then the users are the IT department and have to be educated/educate themselves.

For businesses the IT department are the front line and these malware issues shouldn't even exist. That's not to say malware problems don't happen but when they do questions should be asked.