warwagon, on 20 November 2012 - 19:56, said:
Unless you personally inspect the code of every file and registry key on the computer after it was infected, you can't be 100% sure. You can be as sure as it's possible to be, but not 100%.
100% means that you personally verified that state of all registry entries and code of every file on the system, and then were able to determine that the malware had not has not under any shadow of a doubt modified any of them. 100% also means that you restored the system to a known good state using known clean media, such as an image (after nuking partitions) or reinstalling off a known good clean installation media.
Dude, you just got done telling us that you keep logs of every infection. Why would you do that if you weren't 100% sure you got it the first time.
I explained why I kept the logs. I kept the logs there for the folks that would try to come in and claim that I didn't clean the machines.
Sometimes I wonder why I bother actually typing out actual full posts since it seems people skim them for about 30% or less of the actual content... *sighs*
Also if you want to go that route...then you can't trust any machine that you do not sit in front of 24 hours a day, 7 days a week, 365 days a year...without any breaks.
After all when you walk away someone could sneak in your window, infect the machine, and then sneak back out...all without you knowing...
I mean come on...do we really have to go down the route of stupidity here?
You don't have to inspect the code of every single file...once you know what is infected you clean it up...then run the system file checker...it can tell you if any files do not match the values that are supposed to match.
Any changes in code would be picked up immediately.
Do folks really keep intending to argue with me on this? I mean it's fairly worthless to keep arguing with me on this...you won't win.
Yeah...not replying to anyone but the OP from here on out...the rest of the posts are just wasting my time... *sighs*