Spoiler Alert Part II - Don't read this if you haven't read the Zero Day book.
After figuring out that the infection had been triggered by an incorrect date, a quick workaround would have been to rebuild the system, set the date to a time after 09/11, and then restore the data from backup. Obviously Time Stamp issues would be a concern, but at least the system would be up and running and the data would be accessible, etc. That would give Jeff's client breathing room until a patch becomes available from the Vendors. Does that seem technically sound for a quick workaround? Or am I missing something?
Spoiler Alert: don't read this if you haven't read the Zero Day book.
Mark, since the infection Jeff worked on was triggered by an incorrect date on the system, why couldn't he just reset the system with the correct date and then reinstall from backup? Even if the backup was infected, it wouldn't be triggered until the trigger date (09/11). Doing this would have allowed his client to get back up and running at least for a while.
Even if Jeff wasn't aware that the infection had been triggered by an incorrect date, when the system was rebuilt the first time, Sue (or even Jeff) should have set the rebuilt system to a correct date. If the date was for some reason still wrong after the system was rebuilt, it should have raised a huge red flag and given them troubleshooting options.