zlacker

[return to "Notepad++ supply chain attack breakdown"]
1. yodon+0o[view] [source] 2026-02-04 00:52:37
>>natebc+(OP)
Is there a "detect infection and clean it up" app from a reputable source yet (beyond the "version 8.8.8 is bad" designator)?
◧◩
2. kijin+vC[view] [source] 2026-02-04 02:35:29
>>yodon+0o
The only way to clean up an infected Windows system is to wipe your disk and reinstall the OS.

There are so many nooks and crannies where malware can hide, and Windows doesn't enforce any boundaries that can't be crossed with a trivial UAC dialog.

◧◩◪
3. ziml77+pK[view] [source] 2026-02-04 03:45:55
>>kijin+vC
I'd say it's more true on Linux that malware can hide anywhere if you allow a sudo prompt (which people have been unfortunately been trained is normal when installing software).

Windows enforces driver signing and has a deeper access control system that means a root account doesn't even truly exist. The SYSTEM pseudo-account looks like it should be that, but you can actually set up ACLs that make files untouchable by it. In fact if you check the files in System32, they are only writable by TrustedInstaller. A user's administrative token and SYSTEM have no access those files.

But when it comes down to it, I wouldn't trust any system that has had malware on it. At the very least I'd do a complete reinstall. It might even be worth re-flashing the firmware of all components of the system too, but the chances of those also being infected are lower as long as signed firmware is required.

[go to top]