Sign in to follow this  
Followers 0

Malware infection question

53 posts in this topic

Posted

Usually when I have somebody come up to me with a computer that has Malware on it, I simply re install everything for them. Say what you want abotu it, but it is much faster to re-install than spend potentially days fixing the computer and making sure it is right before they go back to their banking.

So my question is this, I usually do a format, and re-install. Will a Windows 8 Clean Install Upgrade get rid of infections? I only ask because it still does make a Windows.Old folder if I remember. Couldn't the malware be in there when it is all done?

Lastly, has there been any word as to the $40 Windows 8 upgrade and installing it on a fresh drive? When I installed it, I needed Windows 7 fully installed before in order to get 8 to activate.

Share this post


Link to post
Share on other sites

Posted

You should be able to format the HDD with the upgrade media, yes. At least I could with mine...

Share this post


Link to post
Share on other sites

Posted

[quote name='Dot Matrix' timestamp='1353415792' post='595335796']
You should be able to format the HDD with the upgrade media, yes. At least I could with mine...
[/quote]

Ah I gotcha. So I think what I am understanding right is that I DO need to have some previous Windows version installed, but when I boot with the Windows 8 media, I can format it there just like Windows 7? That is probably why it did not work for me, nothing was on the drive when I tried.

Share this post


Link to post
Share on other sites

Posted

3 hours, if it takes longer than 3 hours you are doing it wrong or they have a million files or so or a computer built in 1990.

I spend a few hours cleaning it, if it comes back within a week, which rarely does, I wipe and rebuild. You need new techniques.

On to your question, if you don't delete the partition and reformat the infection can still be in the boot sector. In the past, when doing a clean install from a upgrade disk you would just need to put in your old os media (xp, vista, etc).
1 person likes this

Share this post


Link to post
Share on other sites

Posted

[quote name='xWhiplash' timestamp='1353415946' post='595335806']
Ah I gotcha. So I think what I am understanding right is that I DO need to have some previous Windows version installed, but when I boot with the Windows 8 media, I can format it there just like Windows 7? That is probably why it did not work for me, nothing was on the drive when I tried.
[/quote]

I also have 3 HDD's in my machine, which could have triggered the option to pop up. :p

Share this post


Link to post
Share on other sites

Posted

[quote name='sc302' timestamp='1353416518' post='595335824']3 hours, if it takes longer than 3 hours you are doing it wrong or they have a million files or so or a computer built in 1990.

I spend a few hours cleaning it, if it comes back within a week, which rarely does, I wipe and rebuild. You need new techniques. If you don't format, the infection can still be in the boot sector.[/quote]
I seem to notice more and more that people's solution to a computer that doesn't work or is infected seems to be "step 1: format the machine." It's bizarre, for me a format has always been the final option, not the first. I would have lots of unhappy customers if I kept taking their laptop away and wiping it. :laugh:
1 person likes this

Share this post


Link to post
Share on other sites

Posted

[quote name='Intrinsica' timestamp='1353416928' post='595335828']
I seem to notice more and more that people's solution to a computer that doesn't work or is infected seems to be "step 1: format the machine." It's bizarre, for me a format has always been the final option, not the first. I would have lots of unhappy customers if I kept taking their laptop away and wiping it. :laugh:
[/quote]

No one would trust me to do squat and word of mouth would be nil. Have to keep people happy, have to be fast, and have to keep data integrity. They want their computer back in a working state with all of their apps and files in tact.
1 person likes this

Share this post


Link to post
Share on other sites

Posted

[quote name='Intrinsica' timestamp='1353416928' post='595335828']
I seem to notice more and more that people's solution to a computer that doesn't work or is infected seems to be "step 1: format the machine." It's bizarre, for me a format has always been the final option, not the first. I would have lots of unhappy customers if I kept taking their laptop away and wiping it. :laugh:
[/quote]Format and reinstall is the only way to be 100% sure the malware is gone. I swear by this and its always my first option. Also you will have less repeats when this happens. Customers are alot careful due to the format and reinstall.
1 person likes this

Share this post


Link to post
Share on other sites

Posted

[quote name='Gotenks98' timestamp='1353418861' post='595335884']Format and reinstall is the only way to be 100% sure the malware is gone. I swear by this and its always my first option. Also you will have less repeats when this happens. [b]Customers are alot careful due to the format and reinstall.[/b][/quote]
Sorry, I disagree. As sc302 said, all wiping their machine will do is send them to someone else next time who will attempt to preserve their data and settings. If someone on my team suggested formatting a machine as the first step, I'd have them removed from my team.

Share this post


Link to post
Share on other sites

Posted

See we like our customers and like referrals. Referrals is free money. I spent 0 advertising dollars to get them in my door. I formatted once and cost a client and a minimum of 10 of their friends. I explained what was needed and she was not happy then when she picked up her computer she wasn't happy that I didn't have everything back to the way it was when she gave it to me. To get her out the door I had to eat it. Never has it happened again. Most people appreciate the effort and understand that if it needs to come back within a week that they should have a backup performed (I charge extra for the backup) but will wipe and rebuild their computer with any software they provide at no additional cost.

Again, that doesn't happen often. Once last year was the last I can remember.

Share this post


Link to post
Share on other sites

Posted

[quote name='Intrinsica' timestamp='1353420631' post='595335956']
Sorry, I disagree. As sc302 said, all wiping their machine will do is send them to someone else next time who will attempt to preserve their data and settings. If someone on my team suggested formatting a machine as the first step, I'd have them removed from my team.
[/quote]

I'm with you on this one, I used to just wipe and reinstall, but once I was trained up in a repair shop on how to remove malware thoroughly, formatting is only the very last option if all else fails.

I became pretty good at killing malware that more often than not, once I had done all my manual steps, scanners such as malwarebytes wouldn't find any leftovers for things like Antivirus 2010 fake AVs etc

Share this post


Link to post
Share on other sites

Posted

I would have to agree with both sides...it depends on the malware ...if I can kill it enough to safely get their data off or even get their machine back the better but there are some malware it is just not worth it and and it is better to nuke it and start over

Share this post


Link to post
Share on other sites

Posted

I'm on both sides of this

1) If I was infected with malware (which I have never been) I would restore from a good image. after the malware was removed I would not use the installation in its current state. I would never again trust it.
2) None of us can be 100% sure we got everything it's impossible. Having said that when i'm done I am pretty confident the infection is gone. Rarely do I reformat and very rarely do I get any systems immediately back.
3) 3 hours can be about right. Hell a full scan with malwarebytes is usually 40 mins. I also do an external scan with kaspersky rescue from outside of windows. That can be another 40 mins or longer. I usually remove all temp and internet temp files (usually with ccleaner) to make the scans go as fast as possible.
4) If I had to format and reinstall I don't see my customers saying bad things about. It's not they would loose all their data.
1 person likes this

Share this post


Link to post
Share on other sites

Posted

[quote name='warwagon' timestamp='1353425924' post='595336198']
3) 3 hours can be about right. Hell a full scan with malwarebytes is usually 40 mins. I also do an external scan with kaspersky rescue from outside of windows. That can be another 40 mins or longer. I usually remove all temp and internet temp files to make the scans go as fast as possible.
[/quote]

I always run CCleaner before Malwarebytes, works a treat to get all the junk cleared out before you scan for infection. Those two go together like peanut butter and jelly ;)

Share this post


Link to post
Share on other sites

Posted

[quote name='Charisma' timestamp='1353426180' post='595336214']
I always run CCleaner before Malwarebytes, works a treat to get all the junk cleared out before you scan for infection. Those two go together like peanut butter and jelly ;)
[/quote]

Correct, if you don't remove those internet temp files first 1 scan can EASILY! TAKE 2 hour - 3 hours. Yesterday I removed someones internet temp files, they had over 100,000 Internet temp files.

Share this post


Link to post
Share on other sites

Posted

the only thing with ccleaner is that you must run under each profile. Gets annoying when you have 5 profiles.

Share this post


Link to post
Share on other sites

Posted

[quote name='warwagon' timestamp='1353426322' post='595336226']
Correct, if you don't remove those internet temp files first 1 scan can EASILY! TAKE 2 hour - 3 hours. Yesterday I removed someones internet temp files, they had over 100,000 Internet temp files.
[/quote]
I once saw it remove over 15GB of temp files. I was floored...

Share this post


Link to post
Share on other sites

Posted

[quote name='Charisma' timestamp='1353426419' post='595336234']
I once saw it remove over 15GB of temp files. I was floored...
[/quote]

I sometimes use ccleaner, but sometimes I remove the internet temp files by hand and then rerun ccleaner for the rest of the files. ccleaner takes FOREVER to remove what takes far less time doing it by hand. As far as the reinstalls go, before I format I also backup their software registry Hive. I then run that through a product key finder and it extracts a lot of their product keys which allows me to reinstall some of their stuff for them, like office, norton and such.

Share this post


Link to post
Share on other sites

Posted

[quote name='warwagon' timestamp='1353425924' post='595336198']
I'm on both sides of this

1) If I was infected with malware (which I have never been) I would restore from a good image. after the malware was removed I would not use the installation in its current state. I would never again trust it.
2) None of us can be 100% sure we got everything it's impossible. Having said that when i'm done I am pretty confident the infection is gone. Rarely do I reformat and very rarely do I get any systems immediately back.
3) 3 hours can be about right. Hell a full scan with malwarebytes is usually 40 mins. I also do an external scan with kaspersky rescue from outside of windows. That can be another 40 mins or longer. I usually remove all temp and internet temp files (usually with ccleaner) to make the scans go as fast as possible.
4) If I had to format and reinstall I don't see my customers saying bad things about. It's not they would loose all their data.
[/quote]

Just to put something out there.

If you actually know what you are doing, then yes you can be 100% certain it is gone. If you send a customer a machine where you are only pretty certain it is gone, then that's really bad.

That is just inviting all sorts of headaches, especially if you didn't get it and they have their identity stolen.

If you cannot take the time to be certain you have eliminated the threat then send them to someone else or close shop.

Man, I really am getting more like Ramsay as time goes on...

Share this post


Link to post
Share on other sites

Posted

If you do a Windows 8 clean install, it will wipe out everything. So yes, it will wipe out the malware as well.

Share this post


Link to post
Share on other sites

Posted

[quote name='Shane Nokes' timestamp='1353426880' post='595336274']
Just to put something out there.

If you actually know what you are doing, then yes you can be 100% certain it is gone. If you send a customer a machine where you are only pretty certain it is gone, then that's really bad.

That is just inviting all sorts of headaches, especially if you didn't get it and they have their identity stolen.

If you cannot take the time to be certain you have eliminated the threat then send them to someone else or close shop.

Man, I really am getting more like Ramsay as time goes on...
[/quote]

If you want to go through every registry key and reverse engineer every file on the hard drive be my guest. What I'm saying is using the tools that I use, they tell me the system is clean. The issue they came in with is no longer there. I inspect the system and known malware locations, and running processes, host files, .... nobody can be 100% sure.

The last scan of many I do, is an external system scan with a kaspersky rescue disc, just to make sure I do the best I can to find infections that are trying to hide from the running OS.

Share this post


Link to post
Share on other sites

Posted

I never had an issue with a customer being mad because of a format and reinstall. I have had issues where one of our other technicians tried to clean a system and return it to a customer only to have them come back again. I would sooner say in the position I am in I would get more angry people with the removal than I would the clean install. If the customer has data they must keep I boot them to something where they can back up the files to an external they provide. Once that is done then I blast away the system. Either way the risk of ID theft and such is too great to let the customer just leave with a simple removal.
1 person likes this

Share this post


Link to post
Share on other sites

Posted

[quote name='warwagon' timestamp='1353427061' post='595336284']
If you want to go through every registry key and reverse engineer every file on the hard drive be my guest. What I'm saying is using the tools that I use, they tell me the system is clean. The issue they came in with is no longer there. I inspect the system and known malware locations, and running processes, host files, .... nobody can be 100% sure.
[/quote]

Yes exactly, if I tell my clients that do their banking and sensitive information that I could spend 3 or more hours fixing it, or spend the same amount of time re-installing. Most of them prefer re-installing.

It is much faster for me to install fresh and install their programs, than it is to try to mess with it. This is why I format, not because I am too stupid to clean it. But when people bank and have their tax stuff on there, you better be damn sure they prefer to wipe it.

I have my methods, you have yours. This post was not to get on me for my format choice. In my experience, it is much faster, and after I do a format I make a disk image and give it to them if they need it.

Share this post


Link to post
Share on other sites

Posted

[quote name='warwagon' timestamp='1353427061' post='595336284']


If you want to go through every registry key and reverse engineer every file on the hard drive be my guest. What I'm saying is using the tools that I use, they tell me the system is clean. The issue they came in with is no longer there. I inspect the system and known malware locations, and running processes, host files, .... nobody can be 100% sure.

The last scan of many I do, is an external system scan with a kaspersky rescue disc, just to make sure I do the best I can to find infections that are trying to hide from the running OS.
[/quote]

Doing that is not necessary to ensure the system is clean.

You can be certain and if you're not confident in your work being 100% accurate it has no business going back to a customer.

Going back to the Ramsay point. If you work in a restaurant are going to serve food you think isn't spoiled or food that you know isn't spoiled?

If it is the former the then I don't want you in my kitchen. :p

Share this post


Link to post
Share on other sites

Posted

[quote name='warwagon' timestamp='1353427061' post='595336284']
If you want to go through every registry key and reverse engineer every file on the hard drive be my guest. What I'm saying is using the tools that I use, they tell me the system is clean. The issue they came in with is no longer there. I inspect the system and known malware locations, and running processes, host files, .... no body can be 100% sure.
[/quote]

I so agree...one has to remember also you can not spent many hours or even days on a machine if you are in business , you are paid for volume of machines you put thru and your roi (return on investment) diminishes each hour you work on a machine. For the sake of discussion let's say you charge $200 (or something eqivilent in your currency) to fix it, 4 hours to reload it $50 an hour, 8 hours to find and kill malware $25 an hour and you have worked twice as hard

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0

  • Recently Browsing   0 members

    No registered users viewing this page.