Proving negatives

Grete’s machine is infected with the Virtumonde trojan1.  One of the things is does it download other malware.  People have written malware which claims to remove Virtumonde but actually just makes things worse.  It comes in many, many variants.  Most of them resist being removed.

But here’s the rub.  Say you get it removed such that none of your anti-spyware / virus software detects it.  How do you know it didn’t install a rootkit?  How do you know that you’re not finding it or anything related to it because it’s gone, rather than because it’s better at hiding than you are at looking?

How do you prove a negative?

So, out come the XP CD’s.  Grete will be offline for a short while.

  1. sometime today, when she was only visiting regular legitimate websites, so be careful, it may be one of the web comic sites she reads that caused the infection []