Although this is an interesting article, it in no way can deal with modern malware. Most modern malware incorporates kernel-mode rootkits, which can (and do) easily hide from tools like Rootkit Revealer. Your only chance is to detect them without booting the infected OS - you need a boot CD and knowledge about how things get hidden in the registry and file system. Some malware hides on the hard drive not in common files, but in alternate data streams, slack space, boot sectors, etc., and are not found by tools running in the OS itself. Someone mentioned Hacker Defender, which is an ancient rootkit, and easily detected/removed now. Source code is readily for HackerDefender and many other rootkits, and all of these are weak compared to modern standards.
It seems a lot of people on here think removing malware is easy to do by hand, which is false. It is easy to find some malware, and sometimes you can remove it by hand, but the point of a rootkit is that the OS will never tell you about the files, registry locations, etc. that contain the malware.
System Restore does not remove malware, since it does not fix the registry back to a previous state, nor does it remove files that contain malware. It merely tries to restore driver settings AFAIK, and things in start locations in the registry will reinstall themselves.
Running in a VMWare session is also insecure. It is possible for malware to escape to the host system, as shown by research at IntelGuardians. In short, VMWare does host-guest communication through a channel they created, and reverse-engineers have shown how to subvert this to do malware transfer. I don’t know if there are exploits in the wild yet, but you can bet there will be.
I’d be willing to bet that your article above only removed obvious, older, sloppy malware. There are most likely things still on your PC that are hidden much better.
Protocol for many secure places is that once a machine has been exposed to possible infection, it gets wiped and rebuilt. Very secure places scrap the machine completely after any possible infection.
In short, if you got a modern infection, odds are that the above methods would not even detect it. Unfortunately in many cases you’ll spend less time formatting and reinstalling your apps than trying to ferret out all the places things can hide.
For info, read www.rootkit.org.
Chris Lomont
www.lomont.org