Can all viruses be removed?

Discussion in 'malware problems & news' started by DCM, Apr 12, 2009.

Thread Status:
Not open for further replies.
  1. DCM

    DCM Registered Member

    Joined:
    May 25, 2004
    Posts:
    234
    My son in law told me that his father had (may still have) a computer (PC) that somehow got a virus.

    He is not computer literate so called for help. After four visits by a technician at a cost of several hundred dollars, they told him that his virus could not be removed. After each visit, they told him it was fixed until the last time.

    He gave up and bought a Mac.

    I cannot believe that there is any such thing as a virus that is impossible to remove because if this was the case, we would all be subject to it and our computers would not be running.

    Is there such a thing?

    I told him that the easiest to solve worst case would involve simply replacing the hard drive and reinstalling all software (screened for a virus while installing). I think it could be fixed without replacing the drive but that would be an alternative.

    Any thoughts on this?

    Thanks
     
    Last edited: Apr 13, 2009
  2. rollers

    rollers Registered Member

    Joined:
    Sep 13, 2004
    Posts:
    439
    Sounds like he was ripped off. Normally a format and reload is the best option if there are stubborn or suspected hidden parts to a virus.
    There are lots of articles on here about removal and lots of program suggestions to do the cleaning.............usually free ones too.
     
  3. Huupi

    Huupi Registered Member

    Joined:
    Sep 2, 2006
    Posts:
    2,024
    Bad,bad,bad Greedy morons thrive on innocent people,its everywhere !!
    A reinstall/format cost just time not money.
    Advice him to get a good imaging program.
     
  4. DCM

    DCM Registered Member

    Joined:
    May 25, 2004
    Posts:
    234
    That's what I thought. I have reformated and reinstalled in the past with no problems or residuals remaining.

    None were for viruses but I did have a program that wrote to the master boot record and if I remember right, formatting did not solve that one but I found a way to get rid of it from one of these forums.

    His son thought he might have thrown away the computer but if he did not, I will get the son to bring it over and we will have a shot at cleaning it up.

    Thanks for taking the time to help.
     
  5. zapjb

    zapjb Registered Member

    Joined:
    Nov 15, 2005
    Posts:
    3,520
    Location:
    USA - Back in a real State in time for a real Pres
    Sometimes a format isn't as good as running Darik's Boot And Nuke.
     
  6. tipstir

    tipstir Registered Member

    Joined:
    Jun 9, 2008
    Posts:
    830
    Location:
    SFL, USA
    Yes Wipe IT Used by NASA, DOD an etc.. Takes a while to do but after your done everything it wiped clean, then I reformat. A Lot of these so called pest can be removed, but some are so badly infected it not much you can do for them.
     
  7. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,633
    Location:
    U.S.A. (South)
    I dealt with enough file infector viruses to just plain stubborn to go away viruses that try to resist reformat and actually do, so my opinion is thoroughly WIPE the drive (in my case TWICE) for good measure to drive away the foul code attached and/or deeply embedded in the Hard Drive's system to ensure a proper eradication.

    Aside from that i have applied an imaged restore over the affected virus hit once but still have seen risiduals of it even though the apps and programs returned to normal again.

    Some are very difficult on purpose and require a decent full and thorough wipe then reformatt and if you're lucky enough to have an image you can be right back in business before too awful long. And yes i agree, they (viruses) can cost money and a lot of time to return matters back to normal again. And it seems they are getting worse all the time.

    Maybe their trying to put Microsoft Systems out of the business.
     
  8. wat0114

    wat0114 Guest

    I'm not entirely sure but wouldn't a "fixmbr" from the Recovery Console (booting from XP disk for example)) resolve this?

    Great advice!
     
  9. DCM

    DCM Registered Member

    Joined:
    May 25, 2004
    Posts:
    234
    I think that the "fixmbr" is what I did years ago to get rid of something that wouldn't go away in the mbr.
     
  10. Fly

    Fly Registered Member

    Joined:
    Nov 1, 2007
    Posts:
    2,069
    Could you explain why a simple reformat of the harddrive (assuming you have only one) is not enough ? (Booting up with the Windows XP CD (BIOS settings: the CD player gets checked first at reboot, formatting NTFS, installing OS) (There are of course BIOS infections, but they are rare.)

    How could a virus resist reformatting ?

    I've heard of hidden partitions, would they not be detected during the installation process, and if they wouldn't, how could malware exercise control from there ? (Btw, I'm not sure what EXACTLY a hidden partition is)

    And about the MBR: would a reformat not overwrite that ?
     
  11. Steven Avery

    Steven Avery Registered Member

    Joined:
    Nov 13, 2007
    Posts:
    110
    Hi Folks,

    The techies like imaging programs. However be sure the imaging program has a file-by-file alternative (some do, some don't) if the image does not take (e.g. a new puter or problems on the restore) or there is a separate file-by-file backup of all important documents, pics, email etc. Or both. The thread is interesting, I just want to mention this on the side because I think imaging is sometimes given a Panacea Place.

    Steven
     
  12. Jazz

    Jazz Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    37
    Location:
    London, UK
    Imaging software, period.

    I think a lot of Users get confused by the 'formatting' process, personally. The way to go, is as follows: -

    Back up all pertinent data, delete all partitions, create a new one (more if required), then format and lastly install.


    Then use your imaging software to create a 'clean' image and away you go, which you can restore in no time at all.

    NB I am in no way teaching people to 'suck eggs'.
     
  13. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,698
    Of course they can. Just delete the partition table on the "infected" disk and the problem is solved.
    Mrk
     
  14. Jazz

    Jazz Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    37
    Location:
    London, UK

    What I said. ;)
     
  15. fcukdat

    fcukdat Registered Member

    Joined:
    Feb 20, 2005
    Posts:
    569
    Location:
    England,UK
    Current malware dose'nt survive R&R

    However the following scenario's can cause the re-appearance of malware/issue's and might suggest that they have.

    1)Malware has compromised removable media storage device's and they are not cleaned when the R&R is performed.Plug them in after R & R and go back to square 1 again.

    2)Visiting a compromised(hosting attack code) yet trusted site shortly after reinstallation before applying security patch's etc

    3)In the case of DNS hijack on routers,R&R does not reset the router's settings and so search results still potentially hijacked.

    4)The owner of the computer is prone to PEBKAC errors and dose not practice safe hex so immediately goes out and re infects the clean computer.

    The list could go on but principally these are the 4 top reasons why *infections* appear to survive R & R which of course they have'nt or at least not on the formatted drive:thumb:
     
  16. SourMilk

    SourMilk Registered Member

    Joined:
    Mar 31, 2006
    Posts:
    630
    Location:
    Hawaii
    Same song - Always have a clean image offline.

    SourMilk out
     
  17. raakii

    raakii Registered Member

    Joined:
    Sep 1, 2008
    Posts:
    593
    I also wanted to know more about this issue.I guess 90% of common virus cannot stand reinstall of windows(or image restore c partition alone).
     
  18. tipstir

    tipstir Registered Member

    Joined:
    Jun 9, 2008
    Posts:
    830
    Location:
    SFL, USA
    I would use WipeIT that destroys the Partition, data, files anything on the HDD will be wiped out!
     
  19. raakii

    raakii Registered Member

    Joined:
    Sep 1, 2008
    Posts:
    593
    Deleting both virus and data is a kids job , deleting the virus alone is difficult.If an virus withstands os reinstall(i havent faced such a situation), how could be deleted without deleting all the data?
     
  20. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    Boot sector viruses can create bad sectors.
    Do they use the bad sectors to keep a copy of themselves around? Maybe.
    How would it restore itself after wipe and reinstall even if it did?
    Chkdsk is it's data recovery tool.
    Heck, using Chkdsk and bad sectors, malware could even circumvent Rollback software. Cheeky buggers.

    99.5% of wiping programs do not wipe:
    1. Bad sectors
    2. Reallocated space
    3. Hidden partitions

    If malware resides in any of the three above then it will or can return.
    Add in a timer and you will go crazy trying to figure out how you got infected.

    P.S.
    HDDErase.exe
     
  21. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,698
    If they "hide" their presence in bad sectors, still after the format they will be useless, as they have no hook in the system via dll or something.
    Mrk
     
  22. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    chkdsk is a bad sector data recovery tool.
    Since I am not a malware expert I can only surmise how it would reinfect.

    inf, batch or worm that creates its own process?

    Would it reinfect on reboot after restoring?
     
    Last edited: May 13, 2009
  23. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,698
    You say you don't know how chkdisk works - but you claim that malware is reinstated to life via chkdisk, irresponsible I'd say, hmm?

    Data on disk, on whichever sector, good or bad, has no meaning whatsoever without relation to the operating system running on it. Assume you replace the OS with linux, bsd, windows 64-bit, what that data means - nothing all, pure garbage.

    Once you remove the infected OS, which has hacked libraries, files, registry entries, whatnot, data is meaningless.

    Example: take a windows virus and place it on linux and run chkdisk (fsck). What happens? Nothing at all. Just bytes taking space.

    Mrk
     
  24. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    I like this idea. A simple workaround to the issue postulated.

    As for chkdsk, I know the documentation states it recovers data from bad sectors.

    I know that malware can create bad sectors for storage and persistence.

    How a chkdsk is auto initiated after a reinstall procedure, I will have to search for answers.
     
Loading...
Thread Status:
Not open for further replies.