|
|
 FAQ
 Search
 Memberlist
 Usergroups
 Register
 Profile
 Private messages
 Log in
|
|
| Author |
Message |
walterbyrd
Guest
|
 Posted: Fri Oct 27, 2006 1:47 am Post subject: How would you fix a badly infected PC? |
 |
|
Please note: I am not asking about prevention.
Let's suppose somebody gives you a PC that is loaded with malware, and
it's your job to fix it.
What is the fastest, easiest, way to go about it?
Is there any way to clean the machine without loading any new software
on it?
Would it be best way to clean the machine without booting the machine
from the infected drive? For example should the hdd be removed, and
connected to another PC as a second drive? Or, should you boot from a
CD, then have a networked computer actually clean the drive? And what
software woud you use to clean the infected drive? Can the process be
automated?
Thanks, in advance. |
|
| Back to top |
|
 |
|
|
Barry Watzman
Guest
|
| Posted: Fri Oct 27, 2006 4:09 am Post subject: Re: How would you fix a badly infected PC? |
|
|
SOME infections and malware ... even by themselves (a single infection)
.... are nearly unremoveable. And it's very common to find that if a
machine has one infection, it has multiple infections. The similarities
to sexually transmitted diseases are pronounced. If someone has an
infection, then either they no "protection", or bad ueage habits, or
both. And either or both can lead to multiple infections.
Frankly, if a machine is badly infected, I prefer to wipe the hard drive
and reinstall from scratch. This is the most sure way to really fix the
problem. But it's drastic and takes a fair amount of time (days, if
there is a lot of software and the machine has lots of external
peripherals (scanner, multiple printers, webcam ...)).
I don't like to boot the machine or do the fix on the infected machine.
If you boot from the machine, the infections can get control of the
machine before the repair software and prevent the infection(s) from
being removed.
Booting from a repair CD would be fine, except that almost by definition
such a CD is "old" and may not have signatures for relatively new
infections. There are techniques for "updating" a bootable antivirus
CD, but it tends to be messy/time-consuming. This is an ok starting
point, but still not as good as I'd like.
Other than a total wipe and reinstall, what I prefer is to temporarily
connecting the infected hard drive to another machine that has currently
updated AV software. This however can be cumbersome from a hardware
perspective as it requires opening and possibly removing the drive.
Still, with USB interfaces it's a lot easier than it used to be when you
had to use an IDE interface, a process that could mean opening up and
temporarily reconfiguring TWO machines.
As for software, any of (and preferably several of) the current, fully
updated AV and malware packages.
walterbyrd wrote:
| Quote: | Please note: I am not asking about prevention.
Let's suppose somebody gives you a PC that is loaded with malware, and
it's your job to fix it.
What is the fastest, easiest, way to go about it?
Is there any way to clean the machine without loading any new software
on it?
Would it be best way to clean the machine without booting the machine
from the infected drive? For example should the hdd be removed, and
connected to another PC as a second drive? Or, should you boot from a
CD, then have a networked computer actually clean the drive? And what
software woud you use to clean the infected drive? Can the process be
automated?
Thanks, in advance.
|
--
Posted via a free Usenet account from http://www.teranews.com |
|
| Back to top |
|
|
smackedass
Guest
|
| Posted: Fri Oct 27, 2006 4:20 am Post subject: Re: How would you fix a badly infected PC? |
|
|
| Quote: | What is the fastest, easiest, way to go about it?
|
Re install. After you back up data first, of course. You can run 16
different spyware/virus programs, you can "remove" all of the malware. But,
often, the damage is done, the registry is toast, God only knows what else
has happened. You can spend hours and hours trying to "fix" the hard drive,
but it may never happen. Spare yourself the aggravation; back up the data,
and re-install, from the manufacturer's installation disk, if possible.
smackedass |
|
| Back to top |
|
|
Mister
Guest
|
| Posted: Fri Oct 27, 2006 5:41 am Post subject: Re: How would you fix a badly infected PC? |
|
|
DITTO!!!
On Thu, 26 Oct 2006 23:20:06 GMT, "smackedass"
<kemanospamcomputer@verizon.net> wrote:
| Quote: |
What is the fastest, easiest, way to go about it?
Re install. After you back up data first, of course. You can run 16
different spyware/virus programs, you can "remove" all of the malware. But,
often, the damage is done, the registry is toast, God only knows what else
has happened. You can spend hours and hours trying to "fix" the hard drive,
but it may never happen. Spare yourself the aggravation; back up the data,
and re-install, from the manufacturer's installation disk, if possible.
smackedass
|
|
|
| Back to top |
|
|
walterbyrd
Guest
|
| Posted: Fri Oct 27, 2006 7:17 am Post subject: Re: How would you fix a badly infected PC? |
|
|
Barry Watzman wrote:
| Quote: | Frankly, if a machine is badly infected, I prefer to wipe the hard drive
and reinstall from scratch. This is the most sure way to really fix the
problem. But it's drastic and takes a fair amount of time (days, if
there is a lot of software and the machine has lots of external
peripherals (scanner, multiple printers, webcam ...)).
|
Another potential problem with removing malware with a wipe/reinstall
is that
the owner of the PC have not have all the CDs required to re-install
all of the software. Or, the CDs may be in bad condition. Or, the PC
owner may have the CDs, but not the registration numbers. I have also
known people to deliberately hide important data files in program
directories.
Still you may be right. I think some exec from microsoft even said that
the only way to be sure was to "nuke it from space" - refering to the
famous line from Alian II.
| Quote: | Still, with USB interfaces it's a lot easier than it used to be when you
had to use an IDE interface, a process that could mean opening up and
temporarily reconfiguring TWO machines.
|
I like the idea of external USB drives. But, I don't know if all PCs
will boot from such a drive. I think some of the older PCs may not. |
|
| Back to top |
|
|
Far Canal
Guest
|
| Posted: Fri Oct 27, 2006 7:52 am Post subject: Re: How would you fix a badly infected PC? |
|
|
walterbyrd wrote
| Quote: |
Far Canal wrote:
Are you asking a question for the sake of it or do you have a problem
that requires fixing? There is no cure all for malware, like there
isn't a fix for every trojan or virus. Your childish *what if*
questions are pointless.
You've been around Usenet for some time - so WTF are you multiposting
this all over the place?
alt.certification.a-plus
alt.comp.virus
alt.comp.anti-virus
alt.privacy.spyware
Why do you have such a bug up your butt? My question was neither
childish, nor pointless. I happen to know that malware infected PCs are
very common. I am often tasked with cleaning such machines (as are many
people who work with PCs). The question is entirely relevant, and
appropriate, where I have posted it.
|
It's very apparent you've learned jack *** from what little work you've
done.
| Quote: | Yes, I posted to all of four different groups. So what? I did that
because not every person reads every group. I wanted an answer, or at
least a discussion, so naturally I want to reach as wide a group as
possible. I only posted to groups where I thought the question was
appropriate.
|
Instead of being a *** in one group, you've gone for the jackpot in
4 groups. Multiposting is ignorant and *** stupid.
| Quote: | Sorry to have put you into such a snit, and caused you to go into such
a hissy-fit.
|
|
|
| Back to top |
|
|
Mister
Guest
|
| Posted: Fri Oct 27, 2006 8:43 am Post subject: Re: How would you fix a badly infected PC? |
|
|
Normally I would just let this go, but...
Far Canal reminds me of the tough guy who wants to beat up the loud
guy at a party, instead of just ignoring him. While the loud guy may
be annoying, he is completely harmless, much like the question that
was asked.
Instead of just ignoring the question, you had to brush up on your
language skills and reply with an ignorant response. I will probably
get a similar ignorant, if not stupid response to my post as well from
you.
In any case, I think I will ask a so called "stupid question" on a
weekly basis and multipost it just to annoy you.
Question #1:
How much will 16K of conventional memory cost?
On Fri, 27 Oct 2006 03:52:44 +0100, Far Canal <me@privacy.net> wrote:
| Quote: | walterbyrd wrote
Far Canal wrote:
Are you asking a question for the sake of it or do you have a problem
that requires fixing? There is no cure all for malware, like there
isn't a fix for every trojan or virus. Your childish *what if*
questions are pointless.
You've been around Usenet for some time - so WTF are you multiposting
this all over the place?
alt.certification.a-plus
alt.comp.virus
alt.comp.anti-virus
alt.privacy.spyware
Why do you have such a bug up your butt? My question was neither
childish, nor pointless. I happen to know that malware infected PCs are
very common. I am often tasked with cleaning such machines (as are many
people who work with PCs). The question is entirely relevant, and
appropriate, where I have posted it.
It's very apparent you've learned jack *** from what little work you've
done.
Yes, I posted to all of four different groups. So what? I did that
because not every person reads every group. I wanted an answer, or at
least a discussion, so naturally I want to reach as wide a group as
possible. I only posted to groups where I thought the question was
appropriate.
Instead of being a *** in one group, you've gone for the jackpot in
4 groups. Multiposting is ignorant and *** stupid.
Sorry to have put you into such a snit, and caused you to go into such
a hissy-fit.
|
|
|
| Back to top |
|
|
|
|
Steven L Umbach
Guest
|
| Posted: Fri Oct 27, 2006 9:00 am Post subject: Re: How would you fix a badly infected PC? |
|
|
As others have said the best solution would be a pristine install of the
operating system and applications. Having said that if I wanted to try and
clean it up I would first boot into Safe Mode and scan from there. Trend
Micro offers the free Sysclean that is a command line virus detection and
removal program that does not need to be installed. You only need to run
Sysclean and the latest pattern file from a common folder or even from a
flash drive. Beyond that you can also boot into Bart's PE and do the same.
Steve
"walterbyrd" <walterbyrd@iname.com> wrote in message
news:1161895656.714044.262080@m7g2000cwm.googlegroups.com...
| Quote: | Please note: I am not asking about prevention.
Let's suppose somebody gives you a PC that is loaded with malware, and
it's your job to fix it.
What is the fastest, easiest, way to go about it?
Is there any way to clean the machine without loading any new software
on it?
Would it be best way to clean the machine without booting the machine
from the infected drive? For example should the hdd be removed, and
connected to another PC as a second drive? Or, should you boot from a
CD, then have a networked computer actually clean the drive? And what
software woud you use to clean the infected drive? Can the process be
automated?
Thanks, in advance.
|
|
|
| Back to top |
|
|
Barry Watzman
Guest
|
| Posted: Fri Oct 27, 2006 9:12 am Post subject: Re: How would you fix a badly infected PC? |
|
|
Re: "I like the idea of external USB drives. But, I don't know if all
PCs will boot from such a drive."
You miss the whole point. You do NOT WANT TO BOOT from the drive. You
want to put it on another machine, a clean machine with completely
updated AV software, as a {2nd, 3rd, whatever} drive and run a virus
scan/repair on it. Booting from it is the last thing that you want to
do. Then after it's clean you put it back into the machine that it came
from.
walterbyrd wrote:
| Quote: | Barry Watzman wrote:
Frankly, if a machine is badly infected, I prefer to wipe the hard drive
and reinstall from scratch. This is the most sure way to really fix the
problem. But it's drastic and takes a fair amount of time (days, if
there is a lot of software and the machine has lots of external
peripherals (scanner, multiple printers, webcam ...)).
Another potential problem with removing malware with a wipe/reinstall
is that
the owner of the PC have not have all the CDs required to re-install
all of the software. Or, the CDs may be in bad condition. Or, the PC
owner may have the CDs, but not the registration numbers. I have also
known people to deliberately hide important data files in program
directories.
Still you may be right. I think some exec from microsoft even said that
the only way to be sure was to "nuke it from space" - refering to the
famous line from Alian II.
Still, with USB interfaces it's a lot easier than it used to be when you
had to use an IDE interface, a process that could mean opening up and
temporarily reconfiguring TWO machines.
I like the idea of external USB drives. But, I don't know if all PCs
will boot from such a drive. I think some of the older PCs may not.
|
|
|
| Back to top |
|
|
smackedass
Guest
|
| Posted: Fri Oct 27, 2006 2:04 pm Post subject: Re: How would you fix a badly infected PC? |
|
|
UH-oh, time to update my BSL.
smackie |
|
| Back to top |
|
|
Dustbin Ko0k
Guest
|
| Posted: Fri Oct 27, 2006 8:32 pm Post subject: Re: How would you fix a badly infected PC? |
|
|
Mister wrote:
| Quote: | Normally I would just let this go, but...
Far Canal reminds me of the tough guy who wants to beat up the loud
guy at a party,
|
We prefer them to *** top-posters like you. Bugger off!
--
Posted via a free Usenet account from http://www.teranews.com |
|
| Back to top |
|
|
Mister
Guest
|
| Posted: Fri Oct 27, 2006 11:10 pm Post subject: Re: How would you fix a badly infected PC? |
|
|
Some like it on the top and...
On Fri, 27 Oct 2006 08:32:28 -0700, "Dustbin Ko0k" <dustTurd@jail.gov>
wrote:
| Quote: | Mister wrote:
Normally I would just let this go, but...
Far Canal reminds me of the tough guy who wants to beat up the loud
guy at a party,
We prefer them to *** top-posters like you. Bugger off!
|
Some like it on the bottom.
I guess you like in the bottom. |
|
| Back to top |
|
|
smackedass
Guest
|
| Posted: Fri Oct 27, 2006 11:27 pm Post subject: Re: How would you fix a badly infected PC? |
|
|
There are a few things that I've heard about newspost etiquette that I've
never been able to understand. One, the stigma against cross-posting. As
long as it's not a spam or a troll bait that's being cross-posted, who cares
if you send a message to 2 or more different groups at once? It doesn't
bother me...
And 2 is this thing about top vs. bottom posting. Neither top or bottom
posting much bother me. What does bother me, is if a person replies to a
post (especially a long post), and addresses several different parts of the
post, underneath the parts that they choose to address. This makes a reader
have to read and scrutinize the whole message, from top to bottom, rather
than just look at the pieces that have been responded to. Usually, if I
reply to different pieces of a post, I'll wipe out everything except the
pieces to which I'm responding, and add my own blurb underneath it. Keeps
it more readable, and the topic in focus, I think.
smackedass |
|
| Back to top |
|
|
Sheldon Green
Guest
|
| Posted: Sat Oct 28, 2006 12:59 am Post subject: Re: How would you fix a badly infected PC? |
|
|
been there and have fixed the issue you over and over .. basically all you
have to do is get windows xp ntfs partion on cd like bart pe or ulitmited
boot cd i use ubcd4 and never ran in to a problem i couldn't fix
sheldon green
"walterbyrd" <walterbyrd@iname.com> wrote in message
news:1161895656.714044.262080@m7g2000cwm.googlegroups.com...
| Quote: | Please note: I am not asking about prevention.
Let's suppose somebody gives you a PC that is loaded with malware, and
it's your job to fix it.
What is the fastest, easiest, way to go about it?
Is there any way to clean the machine without loading any new software
on it?
Would it be best way to clean the machine without booting the machine
from the infected drive? For example should the hdd be removed, and
connected to another PC as a second drive? Or, should you boot from a
CD, then have a networked computer actually clean the drive? And what
software woud you use to clean the infected drive? Can the process be
automated?
Thanks, in advance.
|
|
|
| Back to top |
|
|
|
|
Thumper
Guest
|
| Posted: Sat Oct 28, 2006 1:10 am Post subject: Re: How would you fix a badly infected PC? |
|
|
On 26 Oct 2006 13:47:36 -0700, "walterbyrd" <walterbyrd@iname.com>
wrote:
| Quote: | Please note: I am not asking about prevention.
Let's suppose somebody gives you a PC that is loaded with malware, and
it's your job to fix it.
What is the fastest, easiest, way to go about it?
Is there any way to clean the machine without loading any new software
on it?
Would it be best way to clean the machine without booting the machine
from the infected drive? For example should the hdd be removed, and
connected to another PC as a second drive? Or, should you boot from a
CD, then have a networked computer actually clean the drive? And what
software woud you use to clean the infected drive? Can the process be
automated?
Thanks, in advance.
|
I like to put in a clean hard drive in with the operating system and
some utilities on it and clean the infected drive from there.
Thumper |
|
| Back to top |
|
|
|
|
