In today's world of sophisticated Trojans and stealthy rootkits, cleaning up from a Windows malware attack can be near impossible. For many businesses, the standard procedure is to nuke the systems from orbit and do a complete wipe/reinstall.
In fact, the official advice from Redmond is for bigger enterprises to invest in an automated way to completely wipe and rebuild systems as a practical way to recover from malware infestation. However, for many smaller Windows shops, this just isn't practical because of the cost/resources involved.
This is why I was intrigued to see a new malware removal starter kit from Microsoft, aimed specifically at small and medium-sized businesses that struggle to deal with malware clean-up.
The kit combines Windows PE (Pre-installation Environment) and Windows Automated Installation Kit (AIK) in tandem with freely available anti-malware scanning tools. It comes with step-by-step guidance that Microsoft believes can provide a "low-cost, effective strategy that you can use to vanquish malware attacks."
The kit goes into considerable detail about how a small business can create and manage an incident response plan; how to determine if you have a problem; how to check for performance issues; and how to deal with an actual infection.
It walks IT managers through the setting up of an offline scanning tool, how to use freely available anti-virus and anti-virus scanners (like Kaspersky or Windows Defender) to sweep the infected machine. If these fail , the kit discusses the use of System Restore to return the computer to a known good state.
Even with this kit, Microsoft makes it clear that there's no guarantee that you'll find/remove every piece of malware:
It is important to understand that no process can guarantee a full recovery from the damage that malicious software can do. For this reason, there is no substitute for solid defenses and reliable backup and recovery processes. In this way, if the worst does happen and you have to rebuild the computer, the impact will be minimized.
I know the SANS Institute, in partnership with Lawrence Baldwin at My|NetWatchman, were working on new certification (and related training) for Certified Malware Removal Experts -- a project aimed at smaller businesses without the resources to do complete wipe/reinstalls.
In tandem with Microsoft's new kit, this is sweet music to the ears of many overwhelmed Windows administrators.