1

Microsoft Live Essentials detected the following items today:

Exploit: Java/CVE-2010-0840.HH VirTool:

Win32/VBInject.gen!HO

TrojanDownloader: Java/OpenConnection.OU

It's since cleaned these items and I've now downloaded the latest definitions and have also initiated a full scan (using MS Live Essentials). I'm also running a full scan using Webroot's Spy Sweeper.

I'm quite paranoid about the effects of these detections and I'm wonder if I should simply reformat my machine?

Community
  • 1
Ray
  • 139
  • 4
  • 2
    Are you a sysadmin? Why not just re-image this machine and move on? – jscott Sep 24 '11 at 16:52
  • No. But I'll have to talk to my sysadmin. I just a ton of data on this machine that will take a significant chunk of time to back up. The question basically is to find out which option is better: Option 1 - Faster, but let the AV/Spyware programs do their thing. Option 2 - Slower, back up, migrate the data, clean up and re-image the machine. Time is important here, so I'd like to know your thoughts. –  Sep 24 '11 at 17:12
  • possible duplicate of [What to do if my computer is infected by a virus or a malware?](http://superuser.com/questions/100360/what-to-do-if-my-computer-is-infected-by-a-virus-or-a-malware) – Ƭᴇcʜιᴇ007 Sep 24 '11 at 19:26
  • @techie007, they are not asking how to disinfect, but if it is a trusted PC after disinfection and should they clean install the OS. – Moab Sep 25 '11 at 03:21

1 Answers1

2

If the compromise was on the administrator level, then you can't assume the system is trusted anymore (any files could have been modified to put a back door, change behavior, etc.) So to be thorough you would have to re-install.

If the compromise was on the user level, then you can just delete/re-add the user.

Andrew Case
  • 176
  • 7