Originally Posted by
westin
I am not saying that the infection cannot be cleaned. I am saying that at that point, it is less time consuming [generally speaking] to reload the OS than it is to be sure that the infection is gone.
I definitely agree with your second statement. I have some very strict policies in place on my network which prevent executable files from running out of temp folders, application whitelisting, no users run as admin, etc. I have not had one infection since I started implementing these [the machine that I mentioned in my original post belonged to a friend of a co-worker's]. This setup is a bit of a pain to get set up at first, but well worth it.