52 replies to this topic

[xWhiplash]

Usually when I have somebody come up to me with a computer that has Malware on it, I simply re install everything for them. Say what you want abotu it, but it is much faster to re-install than spend potentially days fixing the computer and making sure it is right before they go back to their banking.

So my question is this, I usually do a format, and re-install. Will a Windows 8 Clean Install Upgrade get rid of infections? I only ask because it still does make a Windows.Old folder if I remember. Couldn't the malware be in there when it is all done?

Lastly, has there been any word as to the $40 Windows 8 upgrade and installing it on a fresh drive? When I installed it, I needed Windows 7 fully installed before in order to get 8 to activate.

[Dot Matrix]

You should be able to format the HDD with the upgrade media, yes. At least I could with mine...

[xWhiplash]

Dot Matrix, on 20 November 2012 - 12:49, said:

You should be able to format the HDD with the upgrade media, yes. At least I could with mine...

Ah I gotcha. So I think what I am understanding right is that I DO need to have some previous Windows version installed, but when I boot with the Windows 8 media, I can format it there just like Windows 7? That is probably why it did not work for me, nothing was on the drive when I tried.

[+sc302]

3 hours, if it takes longer than 3 hours you are doing it wrong or they have a million files or so or a computer built in 1990.

I spend a few hours cleaning it, if it comes back within a week, which rarely does, I wipe and rebuild. You need new techniques.

On to your question, if you don't delete the partition and reformat the infection can still be in the boot sector. In the past, when doing a clean install from a upgrade disk you would just need to put in your old os media (xp, vista, etc).

[Dot Matrix]

xWhiplash, on 20 November 2012 - 12:52, said:

Ah I gotcha. So I think what I am understanding right is that I DO need to have some previous Windows version installed, but when I boot with the Windows 8 media, I can format it there just like Windows 7? That is probably why it did not work for me, nothing was on the drive when I tried.

I also have 3 HDD's in my machine, which could have triggered the option to pop up.

[Intrinsica]

sc302, on 20 November 2012 - 13:01, said:

3 hours, if it takes longer than 3 hours you are doing it wrong or they have a million files or so or a computer built in 1990.

I spend a few hours cleaning it, if it comes back within a week, which rarely does, I wipe and rebuild. You need new techniques. If you don't format, the infection can still be in the boot sector.

I seem to notice more and more that people's solution to a computer that doesn't work or is infected seems to be "step 1: format the machine." It's bizarre, for me a format has always been the final option, not the first. I would have lots of unhappy customers if I kept taking their laptop away and wiping it.

[+sc302]

Intrinsica, on 20 November 2012 - 13:08, said:

I seem to notice more and more that people's solution to a computer that doesn't work or is infected seems to be "step 1: format the machine." It's bizarre, for me a format has always been the final option, not the first. I would have lots of unhappy customers if I kept taking their laptop away and wiping it.

No one would trust me to do squat and word of mouth would be nil. Have to keep people happy, have to be fast, and have to keep data integrity. They want their computer back in a working state with all of their apps and files in tact.

[Gotenks98]

Intrinsica, on 20 November 2012 - 13:08, said:

I seem to notice more and more that people's solution to a computer that doesn't work or is infected seems to be "step 1: format the machine." It's bizarre, for me a format has always been the final option, not the first. I would have lots of unhappy customers if I kept taking their laptop away and wiping it.

Format and reinstall is the only way to be 100% sure the malware is gone. I swear by this and its always my first option. Also you will have less repeats when this happens. Customers are alot careful due to the format and reinstall.

[Intrinsica]

Gotenks98, on 20 November 2012 - 13:41, said:

Format and reinstall is the only way to be 100% sure the malware is gone. I swear by this and its always my first option. Also you will have less repeats when this happens. Customers are alot careful due to the format and reinstall.

Sorry, I disagree. As sc302 said, all wiping their machine will do is send them to someone else next time who will attempt to preserve their data and settings. If someone on my team suggested formatting a machine as the first step, I'd have them removed from my team.

[+sc302]

See we like our customers and like referrals. Referrals is free money. I spent 0 advertising dollars to get them in my door. I formatted once and cost a client and a minimum of 10 of their friends. I explained what was needed and she was not happy then when she picked up her computer she wasn't happy that I didn't have everything back to the way it was when she gave it to me. To get her out the door I had to eat it. Never has it happened again. Most people appreciate the effort and understand that if it needs to come back within a week that they should have a backup performed (I charge extra for the backup) but will wipe and rebuild their computer with any software they provide at no additional cost.

Again, that doesn't happen often. Once last year was the last I can remember.

[Detection]

Intrinsica, on 20 November 2012 - 14:10, said:

Sorry, I disagree. As sc302 said, all wiping their machine will do is send them to someone else next time who will attempt to preserve their data and settings. If someone on my team suggested formatting a machine as the first step, I'd have them removed from my team.

I'm with you on this one, I used to just wipe and reinstall, but once I was trained up in a repair shop on how to remove malware thoroughly, formatting is only the very last option if all else fails.

I became pretty good at killing malware that more often than not, once I had done all my manual steps, scanners such as malwarebytes wouldn't find any leftovers for things like Antivirus 2010 fake AVs etc

[mduren2445]

I would have to agree with both sides...it depends on the malware ...if I can kill it enough to safely get their data off or even get their machine back the better but there are some malware it is just not worth it and and it is better to nuke it and start over

[warwagon]

I'm on both sides of this

1) If I was infected with malware (which I have never been) I would restore from a good image. after the malware was removed I would not use the installation in its current state. I would never again trust it.
2) None of us can be 100% sure we got everything it's impossible. Having said that when i'm done I am pretty confident the infection is gone. Rarely do I reformat and very rarely do I get any systems immediately back.
3) 3 hours can be about right. Hell a full scan with malwarebytes is usually 40 mins. I also do an external scan with kaspersky rescue from outside of windows. That can be another 40 mins or longer. I usually remove all temp and internet temp files (usually with ccleaner) to make the scans go as fast as possible.
4) If I had to format and reinstall I don't see my customers saying bad things about. It's not they would loose all their data.

[Charisma]

warwagon, on 20 November 2012 - 15:38, said:

3) 3 hours can be about right. Hell a full scan with malwarebytes is usually 40 mins. I also do an external scan with kaspersky rescue from outside of windows. That can be another 40 mins or longer. I usually remove all temp and internet temp files to make the scans go as fast as possible.

I always run CCleaner before Malwarebytes, works a treat to get all the junk cleared out before you scan for infection. Those two go together like peanut butter and jelly

[warwagon]

Charisma, on 20 November 2012 - 15:43, said:

I always run CCleaner before Malwarebytes, works a treat to get all the junk cleared out before you scan for infection. Those two go together like peanut butter and jelly

Correct, if you don't remove those internet temp files first 1 scan can EASILY! TAKE 2 hour - 3 hours. Yesterday I removed someones internet temp files, they had over 100,000 Internet temp files.