Computer infected...Why not just reformat?

Discussion in 'other security issues & news' started by Devinco, Sep 1, 2004.

Thread Status:
Not open for further replies.
  1. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    Hello Friends of the Wild,

    I know it probably won't happen to you with all the security programs and safe hex. But let's say you are one of the following.

    1. An average computer user with no firewall, outdated anti-virus, no backup, and thinks it is too much trouble to update Windows.
    2. You have a major lapse of judgement by disabling all your security programs, firewall, lose all your backup images, and you open an infected email attachment.
    3. You are infected with some new malware that is able to bypass all your security measures (unlikely, I know) and your backup images are all corrupt.

    So either way, let's say your computer was seriously compromised and you have no way to just restore a backup. I know it is just a machine, but I would kind of feel like my computer was raped. I would not try to go through a thorough disinfection process like HJT log analysis (although I think those guys are heroes). I would do damage control, isolate the computer from the internet and others on the LAN, attempt to backup whatever important data I could, and reformat. Even if the HJT disinfection process was completely successful, I would still have a lingering uneasy feeling that maybe something was still there. So why not just reformat and start over with a clean slate and do it right this time?

    What do you think about this? What would you do?
     
  2. luv2bsecure

    luv2bsecure Infrequent Poster

    Joined:
    Feb 9, 2002
    Posts:
    713
    With the scenario in your post - and with the above quote being the key - then yes, I would say that would be wise.

    I know I am preaching to the choir and I sing this song all the time, but, having a good, clean, "perfect system" drive image is a must in today's computing environment.

    John
    Luv2BSecure

    .
     
  3. K0zani

    K0zani Registered Member

    Joined:
    Aug 30, 2004
    Posts:
    9
    Here here !

    Totally agree. I know the downtime might seem ponderous but it seems as the best solution. This is something I have been considering of late. Been having way to many wierd things happening (and watching wierd patterns ie, hijacking files since sigyate been installed and watching) and just maybe a clean install would fix it all up and Not load all those programs back up.

    cheers~

    K...

    ~this quote is open for rent. please see the owner of this sig for rates~
     
  4. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    Thanks guys! :)
     
  5. darkmatter

    darkmatter Registered Member

    Joined:
    Jul 19, 2004
    Posts:
    25
    Definitely reformat!!!

    No other alternative, just dont think i could go back online with a system that had been comprimised that heavily without reformating. I know its a pain to reformat but at least you know when you do get up and running your computer is clean!!
     
  6. rerun2

    rerun2 Registered Member

    Joined:
    Aug 27, 2003
    Posts:
    338
    With some people I have talked to (that might fit in your average computer user category) they seem to only have two serious concerns after an infection. Be able to get their computer working as fast as possible so that they can continue to use it for online activities, work, gaming, etc. Second is to recover data that they regularly use docs, programs, mp3s, etc. And reformatting generally goes against these 2 concerns.

    Rarely do they ever ask how they got infected or how to prevent infection in the future. In fact out of all the people I have helped with their computers, only one has been really interested in the precautions necessary to prevent a future infection.
     
  7. luv2bsecure

    luv2bsecure Infrequent Poster

    Joined:
    Feb 9, 2002
    Posts:
    713
    Hi rerun2!

    Just a thought....

    I kept having to call the satellite repair people because my TV picture was getting fuzzy, (or I'd lose it altogether). All I wanted was to get my TV back and with a decent picture! On the third trip, one of the guys said, "Has nobody told you folks what to do to keep this from happening again?" It needed a certain kind of brace because of the placement of my dish. I was grateful for the advice and took it willingly - even though it would cost me a few extra bucks. I just needed a little simple education.

    John
    Luv2BSecure

    .
     
  8. rerun2

    rerun2 Registered Member

    Joined:
    Aug 27, 2003
    Posts:
    338
    Hi John

    Oh I know exactly what you mean and believe me I have tried educating despite having a "student" that may not want to listen. It just kind of seems to fall on deaf ears at times. Thinking that they were just absent minded that one time and that it wont happen again. Or that the payload isnt worth the trouble it is to actually learn and maintain a clean computer. I just thought I would offer a different view on how the average computer users think (at least the ones i have encountered).

    I mean I dont mind sharing what experience i have with computers at all with others, but sometimes a person can only do so much when someone isnt willing to learn you know?
     
  9. luv2bsecure

    luv2bsecure Infrequent Poster

    Joined:
    Feb 9, 2002
    Posts:
    713
    Oh, I agree 100%. My post was, in fact, agreeing with your assessment. The metaphor being me as the average satellite TV dish owner. It's just up to us to educate, educate, educate - which I'm sure you do being a Wilders member!

    John
    Luv2BSecure
     
  10. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    Thanks Rerun2 for the view from the other perspective.
    People want what they want right now without any concern for future consequences.
    I just hope you are very well paid for doing such a difficult tedious job. It looks like you will continue to have a steady stream of repeat customers! :)
     
    Last edited: Sep 1, 2004
  11. 14:55

    14:55 Guest

    Knock it flat 'n' rebuild would be my approach in the wake of a compromise.

    However,you'd be staggered at the number of people out there who don't even know how to reformat/clean reinstall.
    I'm not being insulting,but it aint rocket science,is it?In fact,it's a whole less complicated than running the gamut of clean-up applications after the fact,struggling to clean the system...(Indeed,never being certain that there wasn't still a backdoor/concealed nasty waiting to pounce again)

    I have tried to place links to reformatting guides on spyware/hijack forums,just incase anyone would feel happier to go down that route.Very few folks bother to take note.They are panicking because they never bothered to back up anything,ever,and it is imperitive to them that nothing is lost aside from the infectors.

    Oh,and good grief..don't even dare suggest the ditching of illegal file-sharing apps!

    You certainly have your work cut out for you,Gents.Am full of admiration for your tireless attempts at educating those (at times) unwilling to learn.
     
  12. Charmed2

    Charmed2 Guest

    But then again, you certainly wouldn't want to format just because you got hit by a browser hijack
     
  13. 15:32

    15:32 Guest

    Heh..possibly not.Though,I must say,in the case of sp.html,it'd be my first recourse.I'm just expressing a personal opinion.I know,it's awful when women do that!!

    You'll often see that a browser hijacking is the tip of the iceberg.A HijackThis! log will reveal the presence of trojans,worms,dialers,shot LSPs...I just reckoned it'd be a good idea to explain how to reformat.Perhaps,some people would much rather "wipe the slate clean"-they just don't know how.That's all.
     
  14. GlobalForce

    GlobalForce Regular Poster

    Joined:
    Jun 30, 2004
    Posts:
    3,581
    Location:
    Garden State, USA
    By Devinco :
    Until reality bites!

    I feel it served good purpose for me to address these issues early on. I was aware of the many pitfalls being online would present, and wanted to go about doing this in a calculated fashion. I enjoy the peace of mind this attitude brings,
    and have learned much from research and reading provided by many sources throughout the web.

    Interests vary greatly among individuals, the ability to maintain a secure and stable system plus an understanding of the maintenance involved go a long way toward this comfort. There's only so much time in the hourglass for those who
    do not share views presented here.

    Though I do much reading :ninja:, you amid others Devinco, have enlightened me on more than a few occasions.

    GF
     
  15. GlobalForce

    GlobalForce Regular Poster

    Joined:
    Jun 30, 2004
    Posts:
    3,581
    Location:
    Garden State, USA
    By 15:32 :
    That's very true.

    Among many, many good sites, I've found the pages of The Elder Geek and Black Viper very helpful and informative for persons willing to learn and expand their computer know-how. I think it's great that such purposeful individuals are out
    there, making a difference, sharing.

    I hope someday, I can return the favor...

    GF ;)
     
  16. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    GlobalForce,

    You are very kind, thank you. :)
    I appreciate your posts and the many friends I have found here.
    If we can help one person be more secure, then it is worth it.
     
  17. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    Hi 14:55,

    You wouldn't happen to have some of those links to good reformatting guides still, would you?
     
  18. 14:55

    14:55 Guest

    Hi,Devinco!

    I am enjoying this thread you started.

    See the links to Black Viper's guide,and that of The Elder Geek as posted by Global Force.Those are the ones I most commonly use.Black Viper's is particularly good since it has step by step screenshots.
    Of course,I have found that fdisk seems daunting and too complicated for beginners.That's where third-party disk wiping utilities come in handy.There are plenty around.Acronis is a personal favourite,but it isn't free.I have in the past used iolo's Drive Scrubber 15 day trial version.I need to use this type of programme for secure data destruction,but they'll blitz nasty,stubborn Trojans no problem!

    There are lots more reinstallation guides for 98,2000..even 95!

    I'll dig out the URLs I've been stashing-but perhaps members who use the latter three platforms would know of better guides than I.
    To present them all in an easy-reference central location would be a smart idea.Along with download links to free firewalls (For 98,2000,ME especially)-and a summary of how to activate XP's inbuilt.
     
  19. GlobalForce

    GlobalForce Regular Poster

    Joined:
    Jun 30, 2004
    Posts:
    3,581
    Location:
    Garden State, USA
    Welcome, Guest 14:55 !

    Are you one and the same (aka- 14:27, 15:00) from "General Topics?"

    It's hard to tell what others have seen on the pages here, just thought I'd tip you off to these two...

    "Tassie's Tips" and "Favorite Freeware".
    The first one is written in the format you've described.

    Though a pinch OT, a show of = enjoyment :D.

    Best Regards,
    GF ;)
     
    Last edited: Sep 4, 2004
  20. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    I absolutely recommend reformatting, just try to get as many updated versions of drivers and programs as you can downloaded BEFORE you format. At the very least you should get the drivers for your network card and/or modem, video card, motherboard, and sound card. Reformatting may not be rocket science, but it really sucks when you've just reinstalled and found out you need to get online to get the driver needed to.. get.. online.

    Getting the latest install files of the software you use is a good idea, and if you can slipstream the latest service pack for your version of windows then you can save a lot of time & disk space. A good, free, utility for slipstreaming is nLite. It not only creates a slipstreamed CD image, but it also removes a lot of unnecessary components that you would otherwise have to turn off. nLite runs you through a wizard that gives you a checklist for things to remove (including things like Windows Messenger and the Alexa components), and it even lets you insert 3rd party drivers. In all it takes about 10 mins to go through and create the image for you to burn to CD, and it can save upwards of an hour installing service packs and tweaking down settings for security.

    The more you can get done before you get online again, the better off you will be. When I reformat a computer, I get it as close to being 100% done as possible before I put it online.

    Even besides getting rid of malware, doing a clean install every so often is a good idea. 99% of the time someone asks me why their computer isn't running as smoothly as it used to, and has weird glitchy annoyances (barring malware problems), it turns out they haven't reformatted in a couple years. "A couple years" seems to be the average lifespan for an average user (even XP), although it's not always noticable until after the format. If you install & try out a lot of different security and/or tweaking programs, then that time is reduced even further.

    As far as drive wiping utilities, you can also check out Eraser, it's free and it can create a 'nuke disk' that will wipe every sector of your harddrive. Some harddrive manufacturers will put their own software on the MBR (Maxtor's MaxBlast, for example) that will actually slow things down, despite claims to the contrary.. getting rid of that kind of thing is an added bonus to getting rid of anything else that might be there (boot sector viruses, for example.)
     
  21. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    GF and 14:55,

    Thanks. Both of those install guides are very helpful. I had read those a while ago but forgot about them.
     
  22. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    Hi Notok,

    Great info. Thank you. The nLite slipstream program looks really nice. Here is the Home Page and the download from Major Geeks for those who can't find it.

    I'll check out the Eraser nuke disk as well. That also sounds good.
    People with very old computers that have a BIOS that is not capable of accessing the full size of today's big HDs may still need to use the MaxBlast (or equivalent) software.

    Thanks again!
     
  23. GlobalForce

    GlobalForce Regular Poster

    Joined:
    Jun 30, 2004
    Posts:
    3,581
    Location:
    Garden State, USA
    This sounds too good Notok, thanks for putting this thread back on track. I took a look at their homepage and Wow, slipstreamed CD image!

    http://img84.exs.cx/img84/2705/Capture9-4-2004-64538PM.jpg


    I've got a few questions if you wouldn't mind. They say you need "framework" installed, I checked my add/remove and couldn't locate this, does it go by a different name?

    And on their download page, they list two beta versions, what's your preference and why? In addition to this, would you unzip the self-extractor to your C: drive, or is there a default directory?

    Please bear in mind, I am not up to tech speed yet...

    Finally, I see the framework 1.1 at the bottom. Does this come standard on xp home, or would this be needed in addition?
    Is it VB runtime?

    I hope these questions don't sound hounded, just excitement ;).
    I would greatly appreciate further input on this, TIA.

    GF
     
  24. GlobalForce

    GlobalForce Regular Poster

    Joined:
    Jun 30, 2004
    Posts:
    3,581
    Location:
    Garden State, USA
    Sorry, kinda jumped the gun. That's the ".Net Framework."
    Yep, got it...

    GF
     
  25. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    Aaargh!! I had a nicely thought out and formatted response written out, and right when I was finishing up my browser crashed.

    The self extractor defaults to C:\Program Files\nLite, which should be fine. I don't think that the self extractor will create start menu shortcuts, so you'll probably have to create those yourself if you decide to go with that rather than the installer. I personally just went with the installer, but either should be just fine.

    As far as which version, the newest version has a few more options, but isn't a verified stable release. I haven't had any problems with the latest version, but if it gives you any problems you can use the last stable version.

    Hehe, well this program does a pretty good job of explaining what's what, I don't think you need to be tech level to understand what you want to do. If you really want to play with removing a lot of stuff, you can always check out their forums. They also have a sticky for what not to remove for particular programs and why. Since everyone here is security minded, we have all probably spent plenty of time trying to kill certain things like messenger, so you know those things aren't going to be a problem. Just don't remove a lot of stuff that you aren't sure about, read the descriptions of things noting what's titled in green and what's titled in red, and you should be fine. In "services" for example, I only removed Alerter, clipbook, messsenger, remote registry, telnet server, and UPnP, you probably don't want to remove much more.. for example I found out the hard way that some of my low level security software depends on Terminal Services to run, but I found that out by turning it off, rather than removing it, so it was easy enough to turn back on.

    You should also make sure to de-select "Disable SFC (File Protection)" towards the end, SFC has been a saving grace in terms of stability and even security (to a lesser extent) by watching system files for changes and replacing with a clean version if it detects a change. I have no idea why this is checked by default, it may save you from cleaning up some empty folders, but the benefits of having it there are far greater.


    Hehe, better watch out or you might find yourself being a tech geek after all..

    And yeah, it requires Microsoft's .NET Framework. For anyone that finds they don't have it, you can get it from Windows Update.
     
Loading...
Thread Status:
Not open for further replies.