Back when I did catastrophic malware infection cleanup for clients on a regular basis, I was the guy who had an almost intuitive grasp of how to quickly and effectively hunt down every last trace of a piece of malware in the registry and on the filesystem, expunging it all with extreme prejudice. That is not a job for the faint of heart.

It has been years since I have practiced that particular skillset. It's a soul-sucking occupation, and I've moved on. These days, I protect myself from MS Windows malware by basically not using MS Windows at all. My advice to others is to keep backups on Unix-like systems, use filesystem integrity auditing on those systems to make sure data files remain clean, and -- if something goes wrong on the MS Windows system -- wipe, reinstall, and reload data from backups. Anything short of that on MS Windows is just begging for trouble.

It helps to use PXE boot for MS Windows, too.