Conventional wisdom states that once a system has been compromised, it can no longer be trusted and the only solution is to wipe the system clean and reinstall. This talk goes against the grain of conventional wisdom and asks are there more efficient ways to repair a system other than complete reinstallation. Specifically, this talk will focus on the detection of and recovery from the installation of both traditional and kernel-level rootkits. Included in the presentation is a demonstration of an operating system architecture and intrusion recovery system (IRS) that is capable of recovering from some of the most prevalent rootkits seen in the wild. Prototype recovery tools will be released.