George,

Given that there are multiple different attacks in progress, some using the Microsoft vulnerability and others via clever email viruses, attempting to clean a system is problematic. In particular, the Microsoft vulnerability enables what we call a "root compromise" and lets the remote attacker install and run *any* desired software on the victim's machine. We have seen a variety of different symptoms on machines on our network.

Simply removing the blaster worm itself does not mean that the rest of the computer is clean. There may still be key loggers or other back doors installed on the user's pc that are difficult to detect. We would never recommend that people trust their next few year's worth of work to a computer that has had a root compromise without a complete rebuild of the system.

Jim Jokl, Director for Communications & Systems
Shirley Payne, Director for Security Coordination & Policy (electronic mail, August 25, 2003)

For related article, see Gary Patternson Blasts Virus Recommendations.