How would you fix a badly infected PC?

Discussion in 'A+ Certification' started by walterbyrd, Oct 26, 2006.

  1. walterbyrd

    walterbyrd Guest

    Please note: I am not asking about prevention.

    Let's suppose somebody gives you a PC that is loaded with malware, and
    it's your job to fix it.

    What is the fastest, easiest, way to go about it?

    Is there any way to clean the machine without loading any new software
    on it?

    Would it be best way to clean the machine without booting the machine
    from the infected drive? For example should the hdd be removed, and
    connected to another PC as a second drive? Or, should you boot from a
    CD, then have a networked computer actually clean the drive? And what
    software woud you use to clean the infected drive? Can the process be
    automated?

    Thanks, in advance.
    walterbyrd, Oct 26, 2006
    #1
    1. Advertising

  2. SOME infections and malware ... even by themselves (a single infection)
    .... are nearly unremoveable. And it's very common to find that if a
    machine has one infection, it has multiple infections. The similarities
    to sexually transmitted diseases are pronounced. If someone has an
    infection, then either they no "protection", or bad ueage habits, or
    both. And either or both can lead to multiple infections.

    Frankly, if a machine is badly infected, I prefer to wipe the hard drive
    and reinstall from scratch. This is the most sure way to really fix the
    problem. But it's drastic and takes a fair amount of time (days, if
    there is a lot of software and the machine has lots of external
    peripherals (scanner, multiple printers, webcam ...)).

    I don't like to boot the machine or do the fix on the infected machine.
    If you boot from the machine, the infections can get control of the
    machine before the repair software and prevent the infection(s) from
    being removed.

    Booting from a repair CD would be fine, except that almost by definition
    such a CD is "old" and may not have signatures for relatively new
    infections. There are techniques for "updating" a bootable antivirus
    CD, but it tends to be messy/time-consuming. This is an ok starting
    point, but still not as good as I'd like.

    Other than a total wipe and reinstall, what I prefer is to temporarily
    connecting the infected hard drive to another machine that has currently
    updated AV software. This however can be cumbersome from a hardware
    perspective as it requires opening and possibly removing the drive.
    Still, with USB interfaces it's a lot easier than it used to be when you
    had to use an IDE interface, a process that could mean opening up and
    temporarily reconfiguring TWO machines.

    As for software, any of (and preferably several of) the current, fully
    updated AV and malware packages.


    walterbyrd wrote:
    > Please note: I am not asking about prevention.
    >
    > Let's suppose somebody gives you a PC that is loaded with malware, and
    > it's your job to fix it.
    >
    > What is the fastest, easiest, way to go about it?
    >
    > Is there any way to clean the machine without loading any new software
    > on it?
    >
    > Would it be best way to clean the machine without booting the machine
    > from the infected drive? For example should the hdd be removed, and
    > connected to another PC as a second drive? Or, should you boot from a
    > CD, then have a networked computer actually clean the drive? And what
    > software woud you use to clean the infected drive? Can the process be
    > automated?
    >
    > Thanks, in advance.
    >


    --
    Posted via a free Usenet account from http://www.teranews.com
    Barry Watzman, Oct 27, 2006
    #2
    1. Advertising

  3. walterbyrd

    smackedass Guest


    > What is the fastest, easiest, way to go about it?
    >


    Re install. After you back up data first, of course. You can run 16
    different spyware/virus programs, you can "remove" all of the malware. But,
    often, the damage is done, the registry is toast, God only knows what else
    has happened. You can spend hours and hours trying to "fix" the hard drive,
    but it may never happen. Spare yourself the aggravation; back up the data,
    and re-install, from the manufacturer's installation disk, if possible.

    smackedass
    smackedass, Oct 27, 2006
    #3
  4. walterbyrd

    walterbyrd Guest

    Barry Watzman wrote:
    > Frankly, if a machine is badly infected, I prefer to wipe the hard drive
    > and reinstall from scratch. This is the most sure way to really fix the
    > problem. But it's drastic and takes a fair amount of time (days, if
    > there is a lot of software and the machine has lots of external
    > peripherals (scanner, multiple printers, webcam ...)).
    >


    Another potential problem with removing malware with a wipe/reinstall
    is that
    the owner of the PC have not have all the CDs required to re-install
    all of the software. Or, the CDs may be in bad condition. Or, the PC
    owner may have the CDs, but not the registration numbers. I have also
    known people to deliberately hide important data files in program
    directories.

    Still you may be right. I think some exec from microsoft even said that
    the only way to be sure was to "nuke it from space" - refering to the
    famous line from Alian II.

    > Still, with USB interfaces it's a lot easier than it used to be when you
    > had to use an IDE interface, a process that could mean opening up and
    > temporarily reconfiguring TWO machines.
    >


    I like the idea of external USB drives. But, I don't know if all PCs
    will boot from such a drive. I think some of the older PCs may not.
    walterbyrd, Oct 27, 2006
    #4
  5. As others have said the best solution would be a pristine install of the
    operating system and applications. Having said that if I wanted to try and
    clean it up I would first boot into Safe Mode and scan from there. Trend
    Micro offers the free Sysclean that is a command line virus detection and
    removal program that does not need to be installed. You only need to run
    Sysclean and the latest pattern file from a common folder or even from a
    flash drive. Beyond that you can also boot into Bart's PE and do the same.

    Steve



    "walterbyrd" <> wrote in message
    news:...
    > Please note: I am not asking about prevention.
    >
    > Let's suppose somebody gives you a PC that is loaded with malware, and
    > it's your job to fix it.
    >
    > What is the fastest, easiest, way to go about it?
    >
    > Is there any way to clean the machine without loading any new software
    > on it?
    >
    > Would it be best way to clean the machine without booting the machine
    > from the infected drive? For example should the hdd be removed, and
    > connected to another PC as a second drive? Or, should you boot from a
    > CD, then have a networked computer actually clean the drive? And what
    > software woud you use to clean the infected drive? Can the process be
    > automated?
    >
    > Thanks, in advance.
    >
    Steven L Umbach, Oct 27, 2006
    #5
  6. been there and have fixed the issue you over and over .. basically all you
    have to do is get windows xp ntfs partion on cd like bart pe or ulitmited
    boot cd i use ubcd4 and never ran in to a problem i couldn't fix

    sheldon green


    "walterbyrd" <> wrote in message
    news:...
    > Please note: I am not asking about prevention.
    >
    > Let's suppose somebody gives you a PC that is loaded with malware, and
    > it's your job to fix it.
    >
    > What is the fastest, easiest, way to go about it?
    >
    > Is there any way to clean the machine without loading any new software
    > on it?
    >
    > Would it be best way to clean the machine without booting the machine
    > from the infected drive? For example should the hdd be removed, and
    > connected to another PC as a second drive? Or, should you boot from a
    > CD, then have a networked computer actually clean the drive? And what
    > software woud you use to clean the infected drive? Can the process be
    > automated?
    >
    > Thanks, in advance.
    >
    Sheldon Green, Oct 27, 2006
    #6
  7. walterbyrd

    Tony Guest

    If you want to start fresh, then I would wipe it clean. Use a program such as Driver Magician to
    back up all drivers and save the directory to a cd or on a networked drive.

    If the machine is a few years old, then you probably do not even need the drivers since most of them
    will be included in the latest XP SP2. Boot using the XP CD and that's it.

    Tony





    On 26 Oct 2006 13:47:36 -0700, "walterbyrd" <> wrote:

    >Please note: I am not asking about prevention.
    >
    >Let's suppose somebody gives you a PC that is loaded with malware, and
    >it's your job to fix it.
    >
    >What is the fastest, easiest, way to go about it?
    >
    >Is there any way to clean the machine without loading any new software
    >on it?
    >
    >Would it be best way to clean the machine without booting the machine
    >from the infected drive? For example should the hdd be removed, and
    >connected to another PC as a second drive? Or, should you boot from a
    >CD, then have a networked computer actually clean the drive? And what
    >software woud you use to clean the infected drive? Can the process be
    >automated?
    >
    >Thanks, in advance.
    Tony, Nov 12, 2006
    #7
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. wylbur37

    How do you know you didn't get infected by Swen?

    wylbur37, Nov 17, 2003, in forum: Computer Support
    Replies:
    28
    Views:
    780
    M Mullen
    Nov 28, 2003
  2. wylbur37

    How do you know you didn't get infected by Swen?

    wylbur37, Nov 17, 2003, in forum: Computer Security
    Replies:
    21
    Views:
    953
  3. Doug Fox
    Replies:
    10
    Views:
    704
    donutbandit
    Feb 28, 2004
  4. Far Canal

    Re: How would you fix a badly infected PC?

    Far Canal, Oct 27, 2006, in forum: A+ Certification
    Replies:
    5
    Views:
    386
    SBFan2000
    Oct 30, 2006
  5. richard
    Replies:
    4
    Views:
    529
    Mike Yetto
    Jan 31, 2010
Loading...

Share This Page