Jump to content



Photo

Malware infection question


  • Please log in to reply
52 replies to this topic

#1 xWhiplash

xWhiplash

    Neowinian Senior

  • Joined: 07-March 08

Posted 20 November 2012 - 12:45

Usually when I have somebody come up to me with a computer that has Malware on it, I simply re install everything for them. Say what you want abotu it, but it is much faster to re-install than spend potentially days fixing the computer and making sure it is right before they go back to their banking.

So my question is this, I usually do a format, and re-install. Will a Windows 8 Clean Install Upgrade get rid of infections? I only ask because it still does make a Windows.Old folder if I remember. Couldn't the malware be in there when it is all done?

Lastly, has there been any word as to the $40 Windows 8 upgrade and installing it on a fresh drive? When I installed it, I needed Windows 7 fully installed before in order to get 8 to activate.


#2 Dot Matrix

Dot Matrix

    Neowinian Senior

  • Tech Issues Solved: 6
  • Joined: 14-November 11
  • Location: Upstate New York
  • OS: Windows 8.1
  • Phone: Nokia Lumia 920

Posted 20 November 2012 - 12:49

You should be able to format the HDD with the upgrade media, yes. At least I could with mine...

#3 OP xWhiplash

xWhiplash

    Neowinian Senior

  • Joined: 07-March 08

Posted 20 November 2012 - 12:52

You should be able to format the HDD with the upgrade media, yes. At least I could with mine...


Ah I gotcha. So I think what I am understanding right is that I DO need to have some previous Windows version installed, but when I boot with the Windows 8 media, I can format it there just like Windows 7? That is probably why it did not work for me, nothing was on the drive when I tried.

#4 sc302

sc302

    Neowinian Senior

  • Tech Issues Solved: 25
  • Joined: 12-July 05
  • Location: NJ, USA

Posted 20 November 2012 - 13:01

3 hours, if it takes longer than 3 hours you are doing it wrong or they have a million files or so or a computer built in 1990.

I spend a few hours cleaning it, if it comes back within a week, which rarely does, I wipe and rebuild. You need new techniques.

On to your question, if you don't delete the partition and reformat the infection can still be in the boot sector. In the past, when doing a clean install from a upgrade disk you would just need to put in your old os media (xp, vista, etc).

#5 Dot Matrix

Dot Matrix

    Neowinian Senior

  • Tech Issues Solved: 6
  • Joined: 14-November 11
  • Location: Upstate New York
  • OS: Windows 8.1
  • Phone: Nokia Lumia 920

Posted 20 November 2012 - 13:02

Ah I gotcha. So I think what I am understanding right is that I DO need to have some previous Windows version installed, but when I boot with the Windows 8 media, I can format it there just like Windows 7? That is probably why it did not work for me, nothing was on the drive when I tried.


I also have 3 HDD's in my machine, which could have triggered the option to pop up. :p

#6 Nick H.

Nick H.

    Neowinian Senior

  • Tech Issues Solved: 15
  • Joined: 28-June 04
  • Location: Switzerland

Posted 20 November 2012 - 13:08

3 hours, if it takes longer than 3 hours you are doing it wrong or they have a million files or so or a computer built in 1990.

I spend a few hours cleaning it, if it comes back within a week, which rarely does, I wipe and rebuild. You need new techniques. If you don't format, the infection can still be in the boot sector.

I seem to notice more and more that people's solution to a computer that doesn't work or is infected seems to be "step 1: format the machine." It's bizarre, for me a format has always been the final option, not the first. I would have lots of unhappy customers if I kept taking their laptop away and wiping it. :laugh:

#7 sc302

sc302

    Neowinian Senior

  • Tech Issues Solved: 25
  • Joined: 12-July 05
  • Location: NJ, USA

Posted 20 November 2012 - 13:25

I seem to notice more and more that people's solution to a computer that doesn't work or is infected seems to be "step 1: format the machine." It's bizarre, for me a format has always been the final option, not the first. I would have lots of unhappy customers if I kept taking their laptop away and wiping it. :laugh:


No one would trust me to do squat and word of mouth would be nil. Have to keep people happy, have to be fast, and have to keep data integrity. They want their computer back in a working state with all of their apps and files in tact.

#8 Gotenks98

Gotenks98

    Neowinian

  • Joined: 18-December 01

Posted 20 November 2012 - 13:41

I seem to notice more and more that people's solution to a computer that doesn't work or is infected seems to be "step 1: format the machine." It's bizarre, for me a format has always been the final option, not the first. I would have lots of unhappy customers if I kept taking their laptop away and wiping it. :laugh:

Format and reinstall is the only way to be 100% sure the malware is gone. I swear by this and its always my first option. Also you will have less repeats when this happens. Customers are alot careful due to the format and reinstall.

#9 Nick H.

Nick H.

    Neowinian Senior

  • Tech Issues Solved: 15
  • Joined: 28-June 04
  • Location: Switzerland

Posted 20 November 2012 - 14:10

Format and reinstall is the only way to be 100% sure the malware is gone. I swear by this and its always my first option. Also you will have less repeats when this happens. Customers are alot careful due to the format and reinstall.

Sorry, I disagree. As sc302 said, all wiping their machine will do is send them to someone else next time who will attempt to preserve their data and settings. If someone on my team suggested formatting a machine as the first step, I'd have them removed from my team.

#10 sc302

sc302

    Neowinian Senior

  • Tech Issues Solved: 25
  • Joined: 12-July 05
  • Location: NJ, USA

Posted 20 November 2012 - 14:34

See we like our customers and like referrals. Referrals is free money. I spent 0 advertising dollars to get them in my door. I formatted once and cost a client and a minimum of 10 of their friends. I explained what was needed and she was not happy then when she picked up her computer she wasn't happy that I didn't have everything back to the way it was when she gave it to me. To get her out the door I had to eat it. Never has it happened again. Most people appreciate the effort and understand that if it needs to come back within a week that they should have a backup performed (I charge extra for the backup) but will wipe and rebuild their computer with any software they provide at no additional cost.

Again, that doesn't happen often. Once last year was the last I can remember.

#11 Detection

Detection

    Detecting stuff...

  • Joined: 30-October 10
  • Location: UK
  • OS: 7 SP1 x64

Posted 20 November 2012 - 14:37

Sorry, I disagree. As sc302 said, all wiping their machine will do is send them to someone else next time who will attempt to preserve their data and settings. If someone on my team suggested formatting a machine as the first step, I'd have them removed from my team.


I'm with you on this one, I used to just wipe and reinstall, but once I was trained up in a repair shop on how to remove malware thoroughly, formatting is only the very last option if all else fails.

I became pretty good at killing malware that more often than not, once I had done all my manual steps, scanners such as malwarebytes wouldn't find any leftovers for things like Antivirus 2010 fake AVs etc

#12 mduren2445

mduren2445

    Neowinian

  • Joined: 02-March 06

Posted 20 November 2012 - 14:59

I would have to agree with both sides...it depends on the malware ...if I can kill it enough to safely get their data off or even get their machine back the better but there are some malware it is just not worth it and and it is better to nuke it and start over

#13 +warwagon

warwagon

    Only you can prevent forest fires.

  • Tech Issues Solved: 2
  • Joined: 30-November 01
  • Location: Iowa

Posted 20 November 2012 - 15:38

I'm on both sides of this

1) If I was infected with malware (which I have never been) I would restore from a good image. after the malware was removed I would not use the installation in its current state. I would never again trust it.
2) None of us can be 100% sure we got everything it's impossible. Having said that when i'm done I am pretty confident the infection is gone. Rarely do I reformat and very rarely do I get any systems immediately back.
3) 3 hours can be about right. Hell a full scan with malwarebytes is usually 40 mins. I also do an external scan with kaspersky rescue from outside of windows. That can be another 40 mins or longer. I usually remove all temp and internet temp files (usually with ccleaner) to make the scans go as fast as possible.
4) If I had to format and reinstall I don't see my customers saying bad things about. It's not they would loose all their data.

#14 Charisma

Charisma

    e-1337-ist

  • Tech Issues Solved: 1
  • Joined: 02-May 10
  • Location: Galactic Sector ZZ9 Plural Z Alpha

Posted 20 November 2012 - 15:43

3) 3 hours can be about right. Hell a full scan with malwarebytes is usually 40 mins. I also do an external scan with kaspersky rescue from outside of windows. That can be another 40 mins or longer. I usually remove all temp and internet temp files to make the scans go as fast as possible.


I always run CCleaner before Malwarebytes, works a treat to get all the junk cleared out before you scan for infection. Those two go together like peanut butter and jelly ;)

#15 +warwagon

warwagon

    Only you can prevent forest fires.

  • Tech Issues Solved: 2
  • Joined: 30-November 01
  • Location: Iowa

Posted 20 November 2012 - 15:45

I always run CCleaner before Malwarebytes, works a treat to get all the junk cleared out before you scan for infection. Those two go together like peanut butter and jelly ;)


Correct, if you don't remove those internet temp files first 1 scan can EASILY! TAKE 2 hour - 3 hours. Yesterday I removed someones internet temp files, they had over 100,000 Internet temp files.