Full Version: Re-install or back up?
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
In case of "emergency", let's say a nasty virus (really really nasty) has managed to attack your computer, what do you do? Do you re-install Windows or do you rely on the antivirus to clean the mess up and hope everything's OK afterwards?
As I do this for a living my advice is that you do a cleaning, not inserting any usb flash or drive until it's cleaned, backup, and then if it was a nasty one reinstall. But you need to asses the situation. I do a lot of cleaning with combofix and hijack this. If the combination of these two cant at least bring it into a normal boot then i boot up mini pe or mini xp from hirens boot cd, backup and then reinstall. There's also some cleaning tools on hiren's cd.
If your AV didn't block it in the first place chances are it's not going to clean it up. Some scanner might that didn't have realtime protection to attempt to stop it in the first place because we haven't seen what it can do yet. This is really dependent on what the virus is and what it is doing on your system though. If it's a destructive virus, perhaps it messes up your computer to the point of no repair forcing you to reformat. There's usually ways to get rid of it otherwise though to have your original virus-free system back, but it depends on if you want to spend money to have someone else fix it, or if the user themselves, are capable of doing anything with it.
I usually don't re-install anything, the pests I get are harmless, a quick scan and  the AV deletes them in an instant. I have friends though who constantly have trouble getting rid of the viruses they picked up one way or another and they just got used to re-install Windows every time this happens, although to me this sounds like a bad idea.
You rely on people like me :) We can actually tell if a re-install is necessary, or not. Not to mention we can remove everything else without too much difficulty usually. I helped someone with a Zero infection which was being persistent and we still had it fixed before 10 replies.
1. msconfig 
2. services.msc
3. Safe mode
4. Boot Linux from cd/hdd, Pe, view  hidden files and suspicious ones in some locations like explorer, system32, Windows, anything looks weird
5. Research on the Internet
6. Now the situation becomes nasty. Bleepingcomputer?
7. Now, I am really nervous. A format would have saved me this much time (~1-6) ... 

And just forgot, disconnect the Internet first :))

I had such big and constant problems with Windows XP before. Ahh, how I miss windows xp's ram usage :) . 

And all SA team members are really skillful and helpful, including RDCA. I can assure you of this!
The worst thing I had is I was having coffee and an email arrived, automatically opened itself to display message and my computer logged off. Had a backup to play with the virus cleaning. Cleaned it with all kinds of av, cleaners, anti malware, anti hijack, tried registry restore, msconfig, messed around in registry - nothing helped. When you try to log on, it logs you off automatically. So annoying. Can't remember though what was the name
Is it W32.Pirite (or Parite, I'm not entirely sure) ? 
What do you guys do to get into this much trouble? I haven't had a malware problem in *wait, let me think*... 2009-2010 I think.
Wort virus I had was a ransomeware trojan years ago, but back then this was a crappy PC that I didn't really care about so I did anything I wanted to that PC, I used it as a test PC for any kind of software I could find. It was good when my main interest was in computer security. That slowly evolved over to programming though as I got deeper into the security side of things which gave me visibility to the programming portion. There was some interesting malware back then in the earlier 2000's. A little bit more intimidating than today's malware becuase they would be right in your face. Now most of today's malware is all hidden because it has purpose moreso than just aiming to destroy your data. There was even one I had, where it would speed things up, and change the voltages I believe for the components in your PC, and which aimed to actually completely destroy your PC by changing BIOS configurations after a reboot, (not just the data) and rendering it unusable until you bought new hardware.