Is malware removal worth the effort?

LOL It's true, it would drive me nuts

 

Lol

My statement does not demand trust or state a fact that can be common to all. An observation on my part is all it is. Your experience may differ. Take it as you will.

 

It doesn't worry me at all. I only care about active malware.

 

Thanks J_L.

Why would anyone make up something in this forum is beyond me. A forum where 99% of users are extremely knowledgeable. Accusations of mere insignificance is just insulting.

Regards.

 

The problem with cleaning malware by using reinstall:

1. Unless you take some additional steps, you will clean the system, but you will not prevent a reinfection, since the system will be the same.
2. It does not solve the problem, it is avoiding it. When you go deeper, you might actually find out, how it works and essentially, how to prevent it.
3. You will clean the system, but you will not be able to restore system to the previous state with all the setting, in the end, the user will not thank you.

System imaging is so complex and problematic, that for a common user, it is completely unimaginable. Besides, applying it afterwards will not help.

Malware is not a magic, like AV companies or most articles led people to believe, that just by visiting a webpage, you will get infected miraculously. It works like this: a javascript will run a hidden iframe download, the file will download into the cache, visual basic script will copy it to the temp folder and create a startup entry and upon restart, it will gain admin rights. If you prevent any of those steps, it will fail, because unlike a hacker, malware is dumb, it is pre-configured to follow a programing and simply can not work, if some steps are not done, like exe in temp will not run with UAC enabled.

So cleaning the malware from critical areas will do just fine, instead of focusing on cleaning the specific malware, just focus on those areas, like check startup entries, tasks, services, third party drivers and so on. Malware scanners are good to get rid of some leftovers, but not the cleaning itself.

 

I have not come across malware for a long time on my own machine but if I did, I probably would just start anew.

For others, I would just download Hitman Pro and MBAM to try and determine the type of malware. I would not bother reinstalling if it's mere adware as these people would most likely face the same issues again anyway.
If I suspect signs of rootkit though, I would either find a rescue disc or reinstall provided there is a way to reactivate.

 

No, if you have available an Imaging (a.k.a. Back Up) solution.

 

I think this thread is worth mentioning here
https://www.wilderssecurity.com/thre...ir-your-system-after-a-malware-attack.384090/

 

I never reinstalled or restored OS from backup. Non-sense.
Well I haven't any malware for years but my wife had once and people I help also have this time to time.
And the main reason I hadn't is that I use to clean systems manually or semi-automatic with selected software.

So you only can say smth like "wipe the disk when got serious malware! Format isn't sufficient!" if you've never try to clean it ny yourself and understand how it works.
TairikuOkami described this almost exhaustively. Everyone should reread his post.

Any type of malware should have it's launcher in some startup areas. Well not just registry, but sure startup locations are limited and well-known at least for special antimalware utilities.

When cleaning PC after infection by hands I always strive to eliminate all remnants of malware. It's not so difficult if speaking about filesystem. It's really easy. The key factors here are good file manager which shows you all 'hidden' data (I use TC or DoubleCommander) and the timestamp of the malware executable. Just find all files that have the same (or close to that) time of creation - and most of them will be malware-related.

Sure, most of the work is done with my software helpers like AnVir Task Manager, AdwCleaner, UVK, Zemana, DrWeb, herd etc.
I just need to clean some tailings and get sure the system is fixed (should be read as: startup is clean, tmp-files are removed, malware-created files and folders too).

You'd say - it takes time! Well, but have I said I've got no malware for years? This is only due to the experience obtained in struggle. Now I new safe techniques, safe software, real system security holes (sure these aren't 'lack of updates', admin rights, or even 'flash player' - real disaster are Chrome, Adobe reader, bundled installers from scam links in Google and user stupidity as always).
All this helps me keep my own PCs AV-free as well as malware free and my OS setup - unrestricted: user should WORK on his PC not waste time struggling with UAC, dropped rights, waiting for eternally lasting AV-scans and so on.

And sure - there are better reasons to take a coffee-break than need of OS reinstall or restore ;-)

 

I never bother with malware removal. The systems I'm responsible for all have current images and keep the user data separate. This includes my personal rigs at home too.

If there is a malware issue I simply do a tried and tested restore. Simple as this post is short.

 

Yes, 10 minutes and all is back to normal. Too bad that most people I know don't have backups so I have to clean their systems if they do manage to get infected.

 

No. It's simply not worth it it. When your infected you have to detach all network interfaces and use a good disk scrubber to totally delete all bytes on the disk.

Then you can re-image after nuking the device. But that is for more common malware families.

APT type malware you just take a loss, destroy the hard drives if they have confidential information on them and throw the hardware in the bin.

 

Why would you do that? Just restoring a clean image is enough.

 

I'm also wondering why would one delete/erase before restoring/reinstalling an OS? I can understand if you are selling your computer to third parties and you are concerned about private info...

 

Speak for yourself. Many IT professionals like me, power users, advanced users already know how powerful is to do and restore system images for a better computing life.

 

I agree with @roger_m

@ComputerSaysNo
If you are thinking of MBR infections, Image for Linux (and other Terabyte Unlimited products) has two features when restoring a backup which take care of that easily:
1. Write Standard MBR
2. Restore First Track

https://www.wilderssecurity.com/threads/terabyte-product-release-thread.305838/page-39#post-2551554

 

It's possible to put malware in the service area of a drive. The firmware, where normal OS operations and file system can't get at it.

And with newer intel systems being always on and running things outside of the OS, malware can sit there too. (all that trusted computing stuff and remote maintenance)

In both cases it's easier to destroy the hardware and replace, rather than go on a bug hunt.

 

I would absolutely restore an image. Too much work to clean it an have questionable results.

 

"Rapid Delta Restore"

I have the free version. can someone please explain what this is?

I use a usb 3 ultra stick to restore an image. is this Rapid Delta Restore makes thing any faster?

 

I don't know how it works, but it is only available with the paid version. The free version allows you to create full or differential images, but no incremental which is also very fast.

 

Why nonsense? If I were a computer technician I would certainly try to clean machines manually so to learn how to do it quickly and effectively knowing that most people requiring this service have no backup images. I think restoring an image makes a lot of sense for normal knowledgeable users and IT professionals managing a network of computers in a company.

Most restores are under 15 minutes why bother with a manual cleanup that sometimes would take hours. I live in Seoul which is arguably one of the most connected cities in the world in terms of the internet, from experience it is very difficult to find somebody to cleanup a computer, most of the time repair shops and after service teams will tell you they will only reinstall the OS for you, as a cleanup could be too time consuming. To each his own.

 

I would rather scrub the disk clean first than leave it infected and restore a image. Sometimes you have no choice but to scrub if you work with sensitive data.

I only use government certified disk cleaners that erase HPA and DCO sectors. Malware can hide in those areas.

When your working with SSD drives I also secure erase those drives after I scrub them.

I also agree with the poster who said you put the hardware in the rubbish bin after being breached by a APT threat actor.

 

Well, everyone of us speaks about himself and his own experience and point of view. I thought it was apriori so.
I suppose wipe, format, scrub and 'trashway' for disks to be excessive and paranoidal in usual life. Well they may be the only way for corporate use however...