"Sebastian G." <seppi@seppig.de> writes:

> David H. Lipman wrote:
>
>> From: "Ertugrul Söylemez" <es@ertes.de>
>> |
>> | He is right in that flattening and rebuilding the system is the only way
>> | to _guarantee_ that all malware has been removed.
>> |
>> | Regards,
>> | Ertugrul.
>> |
>> For ISTbar ?
>> That's like swatting a fly with a sledge hammer. Way overboard. We
>> are not talking about a
>> password stealing Trojan with RootKit techniques. We are just talking about minor,
>> annoying, adware program.
>
>
> No. We're talking about the unknown malware that installed
> ISTbar. We're talking about the unknown malware that was installed by
> ISTbar. We're talking about the unknown malware that was installed
> aisde from ISTbar. We're talking about the malware that got in through
> the same vulnerability as ISTbar.
>
> Heck, we're not even sure that it's the same ISTbar as the analysts
> had, much less that their analysis was complete.

I'm 100% with Sebastian's on this one.

The proper procedure is to flatten and rebuild after any malware
infection.

Should one eschew proper procedure they should do so with eyes wide
open of all the new risks they're taking on about custom variants of
malware that AV may not detect or new aspects of a detected threat
that differ from the version characterized by the AV vendors.

Now you might get lucky and remove the threat. Then again, you might
not. Depending on the system's use and risk posture, this added risk
may be acceptable (i.e. a machine that is never used to log on
anywhere with a password that matters, no confidential information on
the machine that's worthwhile--not sure there are many such machines
in the world though), or quite unacceptable.

Best Regards,
--
Todd H.
http://www.toddh.net/