I second this approach. I don't recommend trying to clean it yourself because you will never be sure its fully cleaned. Re-imaging will probably put you back to a clean state unless you were infected at that time.
Thanks, ALI MESDAQ Sr. Security Researcher WEBSENSE, INC. ph: +1.858.320.9466 fax: +1.858.784.4466 www.websense.com Websense TRITON(tm) For Essential Information Protection(tm) Web Security | Data Security | Email Security -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Brian Weeden Sent: Thursday, May 19, 2011 7:26 AM To: [email protected] Subject: Re: [H] TrojanDownloader:Win32.Mesmer.A While it is possible for a virus to persist after a reformat, it is not very common. You should be ok just deleting all the partitions on the SSD and recreating them. And you are right, it is pretty hard to "zero out" an SSD because of the their wear-leveling algorithms. But I think that's only an issue for privacy/secrecy concerns, not for getting rid of infections. --- Brian On Thu, May 19, 2011 at 10:21 AM, Winterlight <[email protected]>wrote: > > Yeah, that was my plan. My OS is on a 75GB SSD. Is it necessarily to > wipe the SSD.. can you even do that with a SSD? Or will a copy over of > the image file and MBR be enough? > > > > At 07:12 AM 5/19/2011, you wrote: > >> Make a current backup, restore from last month's backup image and >> bring over any files that have been created/updated since then from >> the backup. I never trust a machine after in infection has been >> detected. While I will sometimes try to clean up a system, it's >> largely an academic exercise as I'll eventually reinstall or go back >> to a known-good backup anyway. >> >> > -----Original Message----- >> > From: [email protected] [mailto:hardware- >> > [email protected]] On Behalf Of Winterlight >> > Sent: Thursday, May 19, 2011 1:58 AM >> > To: [email protected] >> > Subject: [H] TrojanDownloader:Win32.Mesmer.A >> > >> > Somewhere in the last 24 hours I picked up the rootkit virus >> > TrojanDownloader:Win32.Mesmer.A . Just about every time I try to >> > use a link I get redirected somewhere else. I am running Security >> > Essentials and a scan did find and eliminate it but of course when >> > I rebooted it was back. I know rootkit viruses are difficult or >> > impossible to get rid of. >> > >> > If I restore a clean Acronis image file of my OS partition, from >> > last month would that do it? Or should I spend the time trying to >> > kill it and if so what is the best way.. anybody have experience >> > with >> this? >> > >> > Thanks. >> > > To report this as spam, please forward to [email protected]. Thank you. Protected by Websense Hosted Email Security -- www.websense.com
