Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computer Certification > A+ Certification > How would you fix a badly infected PC?

Reply
Thread Tools

How would you fix a badly infected PC?

 
 
walterbyrd
Guest
Posts: n/a
 
      10-26-2006
Please note: I am not asking about prevention.

Let's suppose somebody gives you a PC that is loaded with malware, and
it's your job to fix it.

What is the fastest, easiest, way to go about it?

Is there any way to clean the machine without loading any new software
on it?

Would it be best way to clean the machine without booting the machine
from the infected drive? For example should the hdd be removed, and
connected to another PC as a second drive? Or, should you boot from a
CD, then have a networked computer actually clean the drive? And what
software woud you use to clean the infected drive? Can the process be
automated?

Thanks, in advance.

 
Reply With Quote
 
 
 
 
Barry Watzman
Guest
Posts: n/a
 
      10-26-2006
SOME infections and malware ... even by themselves (a single infection)
.... are nearly unremoveable. And it's very common to find that if a
machine has one infection, it has multiple infections. The similarities
to sexually transmitted diseases are pronounced. If someone has an
infection, then either they no "protection", or bad ueage habits, or
both. And either or both can lead to multiple infections.

Frankly, if a machine is badly infected, I prefer to wipe the hard drive
and reinstall from scratch. This is the most sure way to really fix the
problem. But it's drastic and takes a fair amount of time (days, if
there is a lot of software and the machine has lots of external
peripherals (scanner, multiple printers, webcam ...)).

I don't like to boot the machine or do the fix on the infected machine.
If you boot from the machine, the infections can get control of the
machine before the repair software and prevent the infection(s) from
being removed.

Booting from a repair CD would be fine, except that almost by definition
such a CD is "old" and may not have signatures for relatively new
infections. There are techniques for "updating" a bootable antivirus
CD, but it tends to be messy/time-consuming. This is an ok starting
point, but still not as good as I'd like.

Other than a total wipe and reinstall, what I prefer is to temporarily
connecting the infected hard drive to another machine that has currently
updated AV software. This however can be cumbersome from a hardware
perspective as it requires opening and possibly removing the drive.
Still, with USB interfaces it's a lot easier than it used to be when you
had to use an IDE interface, a process that could mean opening up and
temporarily reconfiguring TWO machines.

As for software, any of (and preferably several of) the current, fully
updated AV and malware packages.


walterbyrd wrote:
> Please note: I am not asking about prevention.
>
> Let's suppose somebody gives you a PC that is loaded with malware, and
> it's your job to fix it.
>
> What is the fastest, easiest, way to go about it?
>
> Is there any way to clean the machine without loading any new software
> on it?
>
> Would it be best way to clean the machine without booting the machine
> from the infected drive? For example should the hdd be removed, and
> connected to another PC as a second drive? Or, should you boot from a
> CD, then have a networked computer actually clean the drive? And what
> software woud you use to clean the infected drive? Can the process be
> automated?
>
> Thanks, in advance.
>


--
Posted via a free Usenet account from http://www.teranews.com

 
Reply With Quote
 
 
 
 
smackedass
Guest
Posts: n/a
 
      10-26-2006

> What is the fastest, easiest, way to go about it?
>


Re install. After you back up data first, of course. You can run 16
different spyware/virus programs, you can "remove" all of the malware. But,
often, the damage is done, the registry is toast, God only knows what else
has happened. You can spend hours and hours trying to "fix" the hard drive,
but it may never happen. Spare yourself the aggravation; back up the data,
and re-install, from the manufacturer's installation disk, if possible.

smackedass


 
Reply With Quote
 
walterbyrd
Guest
Posts: n/a
 
      10-27-2006
Barry Watzman wrote:
> Frankly, if a machine is badly infected, I prefer to wipe the hard drive
> and reinstall from scratch. This is the most sure way to really fix the
> problem. But it's drastic and takes a fair amount of time (days, if
> there is a lot of software and the machine has lots of external
> peripherals (scanner, multiple printers, webcam ...)).
>


Another potential problem with removing malware with a wipe/reinstall
is that
the owner of the PC have not have all the CDs required to re-install
all of the software. Or, the CDs may be in bad condition. Or, the PC
owner may have the CDs, but not the registration numbers. I have also
known people to deliberately hide important data files in program
directories.

Still you may be right. I think some exec from microsoft even said that
the only way to be sure was to "nuke it from space" - refering to the
famous line from Alian II.

> Still, with USB interfaces it's a lot easier than it used to be when you
> had to use an IDE interface, a process that could mean opening up and
> temporarily reconfiguring TWO machines.
>


I like the idea of external USB drives. But, I don't know if all PCs
will boot from such a drive. I think some of the older PCs may not.

 
Reply With Quote
 
Steven L Umbach
Guest
Posts: n/a
 
      10-27-2006
As others have said the best solution would be a pristine install of the
operating system and applications. Having said that if I wanted to try and
clean it up I would first boot into Safe Mode and scan from there. Trend
Micro offers the free Sysclean that is a command line virus detection and
removal program that does not need to be installed. You only need to run
Sysclean and the latest pattern file from a common folder or even from a
flash drive. Beyond that you can also boot into Bart's PE and do the same.

Steve



"walterbyrd" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) ups.com...
> Please note: I am not asking about prevention.
>
> Let's suppose somebody gives you a PC that is loaded with malware, and
> it's your job to fix it.
>
> What is the fastest, easiest, way to go about it?
>
> Is there any way to clean the machine without loading any new software
> on it?
>
> Would it be best way to clean the machine without booting the machine
> from the infected drive? For example should the hdd be removed, and
> connected to another PC as a second drive? Or, should you boot from a
> CD, then have a networked computer actually clean the drive? And what
> software woud you use to clean the infected drive? Can the process be
> automated?
>
> Thanks, in advance.
>



 
Reply With Quote
 
Sheldon Green
Guest
Posts: n/a
 
      10-27-2006
been there and have fixed the issue you over and over .. basically all you
have to do is get windows xp ntfs partion on cd like bart pe or ulitmited
boot cd i use ubcd4 and never ran in to a problem i couldn't fix

sheldon green


"walterbyrd" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) ups.com...
> Please note: I am not asking about prevention.
>
> Let's suppose somebody gives you a PC that is loaded with malware, and
> it's your job to fix it.
>
> What is the fastest, easiest, way to go about it?
>
> Is there any way to clean the machine without loading any new software
> on it?
>
> Would it be best way to clean the machine without booting the machine
> from the infected drive? For example should the hdd be removed, and
> connected to another PC as a second drive? Or, should you boot from a
> CD, then have a networked computer actually clean the drive? And what
> software woud you use to clean the infected drive? Can the process be
> automated?
>
> Thanks, in advance.
>



 
Reply With Quote
 
Tony
Guest
Posts: n/a
 
      11-12-2006
If you want to start fresh, then I would wipe it clean. Use a program such as Driver Magician to
back up all drivers and save the directory to a cd or on a networked drive.

If the machine is a few years old, then you probably do not even need the drivers since most of them
will be included in the latest XP SP2. Boot using the XP CD and that's it.

Tony





On 26 Oct 2006 13:47:36 -0700, "walterbyrd" <(E-Mail Removed)> wrote:

>Please note: I am not asking about prevention.
>
>Let's suppose somebody gives you a PC that is loaded with malware, and
>it's your job to fix it.
>
>What is the fastest, easiest, way to go about it?
>
>Is there any way to clean the machine without loading any new software
>on it?
>
>Would it be best way to clean the machine without booting the machine
>from the infected drive? For example should the hdd be removed, and
>connected to another PC as a second drive? Or, should you boot from a
>CD, then have a networked computer actually clean the drive? And what
>software woud you use to clean the infected drive? Can the process be
>automated?
>
>Thanks, in advance.


 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Re: How include a large array? Edward A. Falk C Programming 1 04-04-2013 08:07 PM
Re: How would you fix a badly infected PC? Far Canal A+ Certification 5 10-30-2006 02:49 AM
Xah's Edu Corner: The Concepts and Confusions of Pre-fix, In-fix, Post-fix and Fully Functional Notations Xah Lee Python 23 03-21-2006 07:02 AM
Xah's Edu Corner: The Concepts and Confusions of Pre-fix, In-fix, Post-fix and Fully Functional Notations Xah Lee Java 22 03-21-2006 07:02 AM
PC could be infected without opening an infected mail?! Doug Fox Computer Security 10 02-28-2004 09:32 PM



Advertisments