From: "Leythos" <void@nowhere.lan>


|
| While I agree, the OP didn't mention anything of value on the
| compromised system, so I didn't address that either.
|
| In most cases, while one can save their "data", sometimes the "data"
| contains the malware in a form that can re-compromise the system.
|

Very true. However, one doesn't restore data until anti malware utilities are installed
using "On Access" scanning. Most malware is found in the Browser caches, TEMP folder,
"Program Files" and in the OS directoty tree.

Since the malware is NOT installed through the newly installed OS it is not working in the
OS and as the data is being extracted from the backup it is scanned and will be dealt with
accordingly my the "On Access" anti malware scanner.

For example a DOC or PPT file will be scanned and if it is a Trojan Downloader or containss
a Macro Virus it will be dealt with. One does NOT extract the Browser caches or TEMP
folders nor the Program Files or Windows trees.

When one is truly worried about malware that would cause a reload one would be worried about
reinfection. The fact is the chances of reinfection from a data restore is magnitudes less
then that chances of bing reinfected based upon installing drivers, programs and utilities.
Additionally reinfection possibilities abount by not securing the systenm during the
installation process where exploitations and internet worms have a greater propensity of
infecting the PC. For example, between the time that WinXP is installed and SP2 is
installed a SDBot variant worms its way in to the system.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm