Removing Malware

Malware can be removed, but it is difficult and requires forethought and planning before the event.

The removal can work if there are hashes to validate the integrity of files. This is most crucial for libraries and binaries, but data is also important.

The important thing is not to trust the binaries on the system (eg even tripwire) as these may be compromised. In the event that there are no hashes, then you have problems. A vanilla install may provide some answers. For instance most systems have hashes stored for the major binaries someplace. Redhat, Windows etc all have been hashed and the hashes recorded.

The same applies for many other applications as well. As soon as you move from the common applications - this poses a greater difficulty.

There is also the REMOTE chance of a common binary or library having a hash collision, but I am yet to see this outside the lab for any common ones.

The issue also comes from the time to determine this. It is usually (not always) quicker to rebuild.