Spoiler Alert Part II - Don't read this if you haven't read the Zero Day book.
After figuring out that the infection had been triggered by an incorrect date, a quick workaround would have been to rebuild the system, set the date to a time after 09/11, and then restore the data from backup. Obviously Time Stamp issues would be a concern, but at least the system would be up and running and the data would be accessible, etc. That would give Jeff's client breathing room until a patch becomes available from the Vendors. Does that seem technically sound for a quick workaround? Or am I missing something?