Open Letter to a Digital World
well, he apparently managed to "clean machine using the very same machine" so that would make him a bit less "naive" and a bit more "capable".
You don't get it. A good rootkit will only let you see what the rootkit wants you to see (when using the very same machine where rootkit runs). However capable he is, he (if the rootkit was installed) has no way to know whether the trojan was installed, far less being able to clean it.
You looks in the registry, but the rootkit intercept registry API. You looks at disk, but the rootkit intercept disk API. And so on. All he can claim is that he eliminated sindromes visible to him.
For me, his claims that he cleaned the machine worth nothing, they only say that this guy does not deserve his sysadmin's salary.