MattMcNabb wrote: »
Always remember to consider each case individually.
My organization recently had five client machines that were infected by a similar rootkit which was attempting to beacon to an external source. Luckily our intrusion protection detected and blocked this traffic. Removing the infection, however, was not so simple on two of these machines. We are a research organization and these two computers had multiple vendor supported applications that may have taken days or weeks to get reinstalled and cofigured properly. TDSS Killer was the solution for these machines and the security team was able to determine that the beaconing did not recur. The other three computers were simply re-imaged.
It just goes to show you that there is never a single simple answer.