I wonder if some of the AV vendors will bring out a product to do this - or make it an option in existing products.

A nice idea. Certainly, if the AV vendors were truly independent of the OS supplier their products should flag up the dodgy behaviour that the GWX and other updates exhibit.

But of course, they won't do anything of the sort.

I think the best we can hope to see is widely published tools (or even just scripts) that cleanly eradicate traces of the infection. Of course then we have the problem of trusting in random bods on the internet vs trust in Microsoft. Not much to choose between them.

