Sign in to follow this  
Followers 0
tekio

Malware

7 posts in this topic

Whenever people ask me about removing malware from their systems I've always recommended a format and reinstall from a known source along with changing all passwords vs. using HJT to manually remove it. Is this good advice, or should I be more open to saving the current install? I know a new install can be a real pain.... I just find it too difficult to guarantee systems will be reliable w/o having someone who knows wtf they're doing look at the source code or play with it in a contained environment.

0

Share this post


Link to post
Share on other sites

I definitely recommend the fresh install method also.

I know reinstalling is a pain, but maybe they shouldn't download some of the stupid crap that they do. They wouldn't be in this problem in the first place.

I know that is not always the case. I know that there are some very adept hackers breaching systems out there.

I work a lot with Semantic Ghost. God, do I love that program. Make an image, archive it in a server. You devastate your PC, you can have it back up and running in its original state in 15 minutes.

0

Share this post


Link to post
Share on other sites

I mean you can try to salvage what is left of their current PC, but there is no fool-proof way of completly removing it. So the best bet in the long run is to fresh install and backup there harddrive so when it happens again you'll be prepared!

0

Share this post


Link to post
Share on other sites

Yes, we use Symantec Ghost here at the work place and have someone designed to update the build every once in a while, works great in those type of scenario's not so sure about personal use though.

Reinstall or some sort of image restore/'read-only drive' is the only way I am aware to be at least 95% sure it's gone.

I think what's worse than malware is the people who download 25 different anti-malware applications (5 which come with malware themselves) and say they're awesome when they're slowing their computer down more than any malware would do pointlessly, including getting more malware for they have a false sense of security.

EDIT: Removed accidental quote.

Edited by friendless
0

Share this post


Link to post
Share on other sites

Ghost is a really good solution, but you have to set it up before hand. It's not something that can be considered after the fact. You also need to make frequent images if you want to restore to a point where all your programs and documents are there. But still, ghosting an image is faster and easier than a reinstall.

I usually just reinstall if it appears there's a bad infestation. If it's something minor, I try to identify it and remove it by hand. Or I'll install spybot and see if that will take care of it. But if there's anything major, it's time to reinstall. But I had a second partition where I keep data on all machines I take care of. Just stick all the files you want to save on the D: drive, wipe the C: drive, reinstall and restore from the D: drive. It's not too bad, especially if you have an install disk with all the recent updates on there.

0

Share this post


Link to post
Share on other sites

A reinstall isn't needed in most cases.

What I do is simply shut the computer down, and then boot off a BartPE liveCD and start googling the names and filesizes of all EXEs and DLLs in system folders.

Sure it takes a couple hours, but you can generally get to the bottom of things fairly fast and remove any obvious malware.

Beyond that I restore the registry files manually from a week or more ago out of system volume information, and then boot back into windows and run a quick scan for rootkits.

Hasn't failed yet.

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0