Backing up files before HD wipe

Discussion in 'malware problems & news' started by Dregg Heda, May 2, 2009.

Thread Status:
Not open for further replies.
  1. Dregg Heda

    Dregg Heda Registered Member

    Joined:
    Dec 13, 2008
    Posts:
    830
    Im gonna wipe my HD and I was wondering if there was a chance that the malware could have penetrated my documents? Is it safe to back these files up or should I wipe the whole thing. Thanks in advance guys!
     
  2. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,095
    Location:
    Mountaineer Country
    Is your machine currently infected? If not then it should not be a problem.

    You could probably back up the files anyways and scan them thoroughly before restoring them. AFAIK, malware doesn't run by itself and needs something to trigger it like an autorun file. If you mistakenly back up malware to some sort of media and it has an autorun.inf file and you have no protection against autoruns and/or executable then yes, you can get infected again by simply plugging in the device or media.

    If you were infected by a nasty file infector that attached itself to many files then IMO a complete wipe would be a good idea.
     
  3. Dregg Heda

    Dregg Heda Registered Member

    Joined:
    Dec 13, 2008
    Posts:
    830
    Thanks for the info innerpeace. I suspect my machine is infected and I just feel like starting from scratch. I am basically thinking of backing some word documents, school work basically.

    I suspect that the malware has infected me while surfing as soon after I ended my session winpatrol jumped up warning me that several IE helper add-ons had been added to the registry, in spite the fact that I had not added any add-ons myself! Hell I dont even use IE! Although it is possible that I had accidentally opened it while surfing, links from legitimate programs on my comp always open in IE, before closing it immediately.

    So I guess its unlikely that the malware has spread to my documents.

    PS: Are file infectors the only types of viruses that would have spread to my documents or are there other kinds?
     
  4. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,095
    Location:
    Mountaineer Country
    By word documents are you meaning msword? If so, from reading Rmus's threads I know that it's possible for one to contain exploit code. Are all of the word documents you have created by you? If so, your most likely ok to back them up. I would still scan all documents before backing them up and right before restoring them.

    Have you scanned your whole machine with good scanner/s to find out what your dealing with? If it's something easy to deal with then you may not need to nuke your machine or at least feel more comfortable about backing up your documents.
     
  5. Dregg Heda

    Dregg Heda Registered Member

    Joined:
    Dec 13, 2008
    Posts:
    830
    Yea msword. Ive scanned my machine with mbam, avira free and prevx 3.0 and come up with nothing so far. Since my last scan more IE add-ons have been added to the registry. Winpatrol claims these are from legitimate programs on my system, but why would my programs be adding add-ons to IE without any prompting from me or even asking for my permission? Is it natural for legitimate apps to be added to IE without the permission of the user? Is it possible winpatrol is informing me about other changes to my system but wrongly characterising them as IE add-ons? The programs in question seem to have nothing to do with IE. As an example winpatrol claimed that windows explorer had added an add-on to IE? Does this even make sense?
     
  6. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,095
    Location:
    Mountaineer Country
    Java, Flash, Adobe, etc. can add add-ons to IE. You can check which ones you have in the Control Panel - Internet Options - Programs tab - then click Manage Add-ons. I don't use IE so I only have 8.

    I have read that Adobe's add-on is installed without many knowing about it. I'm not sure about Winpatrol. I believe it has a tab you can click to see which add-ons you have or it detected.

    I don't know. Hopefully someone else will jump in and advise.

    I'm glad your scans came up clean. I'm pretty sure that most scanners will check your add-ons because the bad guys want you to have their "free" add-ons. You might post a screenshot of the WinPatrol add-ons tab which I just looked it up and they call it IE Helpers. I think that is what we want. Also see if you can get more info by using the "Info" button. You could also post a report if it's not too big.
     
Loading...
Thread Status:
Not open for further replies.