Getting better at virus removal.

[psydT0ne]

So you don't believe that malware jumps from one account to another?

[barry99705]

So you don't believe that malware jumps from one account to another?

Or does other nasty system wide things? I've found that about 90% of the time within a month of "cleaning" a machine of internet bugs, they come back. The only good way is reformat and reinstall.

[digip]

So you don't believe that malware jumps from one account to another?

I didn't say that malware doesn't jump to other accounts, but if the machine is set up from day one with no access between the accounts and files, hence other accounts are limited and not admin level access to the machine, it can't write to the other accounts when you remove those rights. If the malware circumvents the machine at the system level, say like a meterpreter or metasploit attack that has FULL access to everything, well, its pretty much game over at that point. Live disc boot and backup files, format and reinstall, then a restore is about the only option left when that happens. But if the malware was isolated to one users account, or not able to circumvent up to the administrators account, then create a new one, move the files you need, delete the old acocunt. I've done this for people in the past with minor system problems from malware and just general corrupted registry issues.

[psydT0ne]

I kinda see merit in what your doing, but I couldn't offer that option with a clear conscience

[digip]

I kinda see merit in what your doing, but I couldn't offer that option with a clear conscience

Its an option, but I admit, one option that may not work in every case. Depends on what malware it was and how far its hooks got into the system.

[psydT0ne]

Its an option, but I admit, one option that may not work in every case. Depends on what malware it was and how far its hooks got into the system.

I would probably depend on the system (mission critical or not) and the clients attitude.