How would you fix a badly infected PC?

Please note: I am not asking about prevention.

Let's suppose somebody gives you a PC that is loaded with malware, and
it's your job to fix it.

What is the fastest, easiest, way to go about it?

Is there any way to clean the machine without loading any new software
on it?

Would it be best way to clean the machine without booting the machine
from the infected drive? For example should the hdd be removed, and
connected to another PC as a second drive? Or, should you boot from a
CD, then have a networked computer actually clean the drive? And what
software woud you use to clean the infected drive? Can the process be
automated?

Thanks, in advance.

walterbyrd

SOME infections and malware ... even by themselves (a single infection)
.... are nearly unremoveable. And it's very common to find that if a
machine has one infection, it has multiple infections. The similarities
to sexually transmitted diseases are pronounced. If someone has an
infection, then either they no "protection", or bad ueage habits, or
both. And either or both can lead to multiple infections.

Frankly, if a machine is badly infected, I prefer to wipe the hard drive
and reinstall from scratch. This is the most sure way to really fix the
problem. But it's drastic and takes a fair amount of time (days, if
there is a lot of software and the machine has lots of external
peripherals (scanner, multiple printers, webcam ...)).

I don't like to boot the machine or do the fix on the infected machine.
If you boot from the machine, the infections can get control of the
machine before the repair software and prevent the infection(s) from
being removed.

Booting from a repair CD would be fine, except that almost by definition
such a CD is "old" and may not have signatures for relatively new
infections. There are techniques for "updating" a bootable antivirus
CD, but it tends to be messy/time-consuming. This is an ok starting
point, but still not as good as I'd like.

Other than a total wipe and reinstall, what I prefer is to temporarily
connecting the infected hard drive to another machine that has currently
updated AV software. This however can be cumbersome from a hardware
perspective as it requires opening and possibly removing the drive.
Still, with USB interfaces it's a lot easier than it used to be when you
had to use an IDE interface, a process that could mean opening up and
temporarily reconfiguring TWO machines.

As for software, any of (and preferably several of) the current, fully
updated AV and malware packages.


walterbyrd wrote:
> Please note: I am not asking about prevention.
>
> Let's suppose somebody gives you a PC that is loaded with malware, and
> it's your job to fix it.
>
> What is the fastest, easiest, way to go about it?
>
> Is there any way to clean the machine without loading any new software
> on it?
>
> Would it be best way to clean the machine without booting the machine
> from the infected drive? For example should the hdd be removed, and
> connected to another PC as a second drive? Or, should you boot from a
> CD, then have a networked computer actually clean the drive? And what
> software woud you use to clean the infected drive? Can the process be
> automated?
>
> Thanks, in advance.
>

--
Posted via a free Usenet account from http://www.teranews.com

Barry Watzman

> What is the fastest, easiest, way to go about it?
>

Re install. After you back up data first, of course. You can run 16
different spyware/virus programs, you can "remove" all of the malware. But,
often, the damage is done, the registry is toast, God only knows what else
has happened. You can spend hours and hours trying to "fix" the hard drive,
but it may never happen. Spare yourself the aggravation; back up the data,
and re-install, from the manufacturer's installation disk, if possible.

smackedass

smackedass

Barry Watzman wrote:
> Frankly, if a machine is badly infected, I prefer to wipe the hard drive
> and reinstall from scratch. This is the most sure way to really fix the
> problem. But it's drastic and takes a fair amount of time (days, if
> there is a lot of software and the machine has lots of external
> peripherals (scanner, multiple printers, webcam ...)).
>

Another potential problem with removing malware with a wipe/reinstall
is that
the owner of the PC have not have all the CDs required to re-install
all of the software. Or, the CDs may be in bad condition. Or, the PC
owner may have the CDs, but not the registration numbers. I have also
known people to deliberately hide important data files in program
directories.

Still you may be right. I think some exec from microsoft even said that
the only way to be sure was to "nuke it from space" - refering to the
famous line from Alian II.

> Still, with USB interfaces it's a lot easier than it used to be when you
> had to use an IDE interface, a process that could mean opening up and
> temporarily reconfiguring TWO machines.
>

I like the idea of external USB drives. But, I don't know if all PCs
will boot from such a drive. I think some of the older PCs may not.

walterbyrd

As others have said the best solution would be a pristine install of the
operating system and applications. Having said that if I wanted to try and
clean it up I would first boot into Safe Mode and scan from there. Trend
Micro offers the free Sysclean that is a command line virus detection and
removal program that does not need to be installed. You only need to run
Sysclean and the latest pattern file from a common folder or even from a
flash drive. Beyond that you can also boot into Bart's PE and do the same.

Steve



"walterbyrd" <> wrote in message
news: ups.com...
> Please note: I am not asking about prevention.
>
> Let's suppose somebody gives you a PC that is loaded with malware, and
> it's your job to fix it.
>
> What is the fastest, easiest, way to go about it?
>
> Is there any way to clean the machine without loading any new software
> on it?
>
> Would it be best way to clean the machine without booting the machine
> from the infected drive? For example should the hdd be removed, and
> connected to another PC as a second drive? Or, should you boot from a
> CD, then have a networked computer actually clean the drive? And what
> software woud you use to clean the infected drive? Can the process be
> automated?
>
> Thanks, in advance.
>

Steven L Umbach

been there and have fixed the issue you over and over .. basically all you
have to do is get windows xp ntfs partion on cd like bart pe or ulitmited
boot cd i use ubcd4 and never ran in to a problem i couldn't fix

sheldon green


"walterbyrd" <> wrote in message
news: ups.com...
> Please note: I am not asking about prevention.
>
> Let's suppose somebody gives you a PC that is loaded with malware, and
> it's your job to fix it.
>
> What is the fastest, easiest, way to go about it?
>
> Is there any way to clean the machine without loading any new software
> on it?
>
> Would it be best way to clean the machine without booting the machine
> from the infected drive? For example should the hdd be removed, and
> connected to another PC as a second drive? Or, should you boot from a
> CD, then have a networked computer actually clean the drive? And what
> software woud you use to clean the infected drive? Can the process be
> automated?
>
> Thanks, in advance.
>

Sheldon Green

If you want to start fresh, then I would wipe it clean. Use a program such as Driver Magician to
back up all drivers and save the directory to a cd or on a networked drive.

If the machine is a few years old, then you probably do not even need the drivers since most of them
will be included in the latest XP SP2. Boot using the XP CD and that's it.

Tony





On 26 Oct 2006 13:47:36 -0700, "walterbyrd" <> wrote:

>Please note: I am not asking about prevention.
>
>Let's suppose somebody gives you a PC that is loaded with malware, and
>it's your job to fix it.
>
>What is the fastest, easiest, way to go about it?
>
>Is there any way to clean the machine without loading any new software
>on it?
>
>Would it be best way to clean the machine without booting the machine
>from the infected drive? For example should the hdd be removed, and
>connected to another PC as a second drive? Or, should you boot from a
>CD, then have a networked computer actually clean the drive? And what
>software woud you use to clean the infected drive? Can the process be
>automated?
>
>Thanks, in advance.

Tony