Delete limited account, get clean or ?

Saw these -

SpyEye steals your data. Even in a limited account

http://www.prevx.com/blog/149/SpyEye-steals-your-data-Even-in-a-limited-account.html

And also related comments in here

http://www.prevx.com/blog/147/Antimalware-software-is-not-all-that-useless.html

Based on reading the above, i was wondering if someones user/limited account was infected/compromised etc, would deleting that account eliminate ALL the malware associated with it, and/or would/could there be other nasties lurking elsewhere in the system associated with it as well ?

Obviously a replacement user/limited account would have to be created.

I'm thinking that, it might be similar to only deleting a file to the recycle bin, and gets over written as and when. Therefore it could be possible for nasties to still infect.

 

Deleting the infected account will kill the active malware - processes, injected libraries, such things. But depending on where in the filesystem the malicious files are saved, they may remain even after deleting the account - it's just that they won't be doing anything, since there's nothing left to execute them (well, except for a terminally foolish user that notices a strange file in a strange place and, brilliantly, decides to execute it). In the case of the SpyEye malware mentioned by Prevx's blog, the C:\cleansweep.exe\ folder would remain on the hard drive even after deleting the account. But the malware wouldn't be running. Wisest policy would be to just delete such leftovers.

 

@Windchild

Interesting, i wasn't sure that's why i asked. Thanks

 

Oh dear me.

C:\cleansweep.exe\cleanwseep.exe

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Currentversion\Run]
[cleansweep.exe][C:\cleansweep.exe\cleanwseep.exe]

Successfully blocked with proper security configuration and without the need for Prevx.