Wed, Jun 29 2011 0:08
bradley
Can you really clean a compromised system?
POINT:
Don’t write it, read it instead! - Microsoft Malware Protection Center - Site Home - TechNet Blogs:
http://blogs.technet.com/b/mmpc/archive/2011/06/22/don-t-write-it-read-it-instead.aspx?wa=wsignin1.0
"If your system is infected with Trojan:Win32/Popureb.E, we advise fixing the MBR using the Windows Recovery Console to return the MBR to a clean state. "
COUNTERPOINT:
http://technet.microsoft.com/en-us/library/cc512587.aspx
"You can’t clean a compromised system by removing the back doors. You can never guarantee that you found all the back doors the attacker put in. The fact that you can’t find any more may only mean you don’t know where to look, or that the system is so compromised that what you are seeing is not actually what is there."
Filed under: Security
![[There's a reason that Yoda is the unofficial mascot of SBS. Size indeed matters not.]](http://www.sbslinks.com/images/headertop.png "There's a reason that Yoda is the unofficial mascot of SBS. Size indeed matters not!")