While the below does assume the user has a bit of skill in these matters. It's a skill that everyone should strive to learn...because these days you really have to drive defensively on the information highway. I'm also really not a fan of flattening a machine every time the lights blink funny as it's far too easy to lose something that was recently created/acquired/signed up for especially if it happens to involve some sort of encryption key/certificate (mind you I deal mostly with business machines).
There is also the issue that burning or imaging a drive is a lot of I/O that can only serve to prematurely age the drive when all you really need to do was rewrite the boot sector to either make a rootkit visible, or prevent it from re-infecting a new install (I've seen that one happen a few times - it sucks).
Of course, my next question is, what's the best approach if you think you've already been infected
-bit
That is the key point. First thing you need to do is know if you've been infected...and with what. Because chances are when you do actually get that 'something be awry' funny feeling. It's generally because something odd just popped up on the screen...and at that point one of two scenarios will be true:
1. The bugg is taunting you with a cleverly cloaked may I please eat your computer prompt.
2. The game is already over...and you lost.
In the first case the resolution is a simple matter of saying no forcefully (e.g. TaskMan, right click, End Process Tree).
In the second case, you need to find out what the extent of the damage is without making it worse. So to avoid those fringe crossover cases, always take a screenshot of the offending message and jot down the filename of the process you have to kill to make it go away. Then from a known clean machine do a little quick research to see if it is a known bugg...or something completely new.
For the known bugs look at the type of software used for cleanup. If it first level Malware Bytes, Super AntiSpyware, etc. then you can use your preferred utility. If it is a advanced tool like ComboFix...then more care should be taken to see what is being fixed and how. Because many of these utilities - while effective - take the scorched earth approach, and can be as destructive as a registry cleaner if care isn't being taken to monitor what is being "cleaned".
So in a nut shell, the only procedure you use...is to never use a rigid procedure. Always know the enemy and react accordingly. Because if/when the hardware variety bugs become common in the wild it will quickly become crucial to know exactly what you're dealing with to have any chance of recovering. As there aren't any really user friendly methods available for wiping the other hardware components.
Like the USB controller chips that are in every USB device:
This thumbdrive hacks computers. “BadUSB” exploit makes devices turn “evil”Two separate Security Research groups have confirmed the viability of this attack. One of them released the source code for it during the last Black Hat conference to the public at large (it's available on GitHub). It's an equal opportunity infector that can bidirectionally hop from computer to
any USB device (or device to computer) and is currently completely undetectable because - infecting the low level hardware controller chip - the OS never sees it.
