OK, so the first, obvious question, which Mark asked in the comments, and Steven Vore referenced in his blog post, was why go through all this? Why not just reformat the drive and reinstall Windows?
Well the answer to that is multi-faceted.
One, if I had just reformatted I wouldn’t have near the blog fodder that I’ve gotten out of this. 🙂
Secondly, you have to remember the background of this laptop. I was asked to clean up the annoyance that Brave Sentry had recently brought about. She has used this laptop with Kazaa and then Limewire for a long time, obviously she had accepted, at least at some level, adware running on the machine. So, while I felt an obligation to clean this machine to the best of my ability, I wasn’t actually asked to lock it down 100% securely. Had I been asked to do that, I would have been much more likely to reformat.
Lastly, and probably most importantly, I was dealing with someone who did not have any of the CD’s and the only install key she had was for XP. She did not have one for the Wordperfect Suite, Office XP, and a bunch of other software she had installed. I had a choice. Was it going to be more work trying to find drivers and replacement software than doing my best to get this laptop 95-99% clean? Again, since my main focus was getting this laptop to a point of usability I decided to go with cleaning, rather than screwing up whatever usability this laptop had before this latest infection.
Anyway, it’s always been my belief that when working on someone’s computer, I listen to what they want, and make my decisions based on what they use their computer for. I wouldn’t necessarily have made these same decisions for another person’s or my own PC’s, but I’m not the one who took this laptop home and worked with it every day.
It also underlies the importance of having your software installs and keys available as well as a good backup of your data, so that you can easily wipe an infected drive when necessary, if not a Ghost image of your machine.
In related links:
Ed was kind enough to email me this link to CastleCops, with a bunch of anti-malware tools, while Neil commented that he uses Trojan Hunter, which isn’t free, to combat these really deep-level infections. Thanks for the suggestions guys!