How To Fix a Malware Infected Computer

Discussion in 'malware problems & news' started by Chiron, Jul 7, 2012.

Thread Status:
Not open for further replies.
  1. Chiron

    Chiron Registered Member

    Joined:
    Jun 6, 2010
    Posts:
    174
    Hello, I've written an article in which I explain How to Fix a Malware Infected Computer. It's meant to show people how to fix any type of damage which could have been caused by malware.

    Please let me know what you think.

    Thanks.
     
  2. Keatah

    Keatah Registered Member

    Joined:
    Jan 13, 2011
    Posts:
    853
    I'm of the school of using disk images/backups to restore a mal-ware infected system. It's a 100% solution that is super easy to do.

    The general prerequisites for this to work is that you have a recent backup and that your style of computing means you keep your working datasets separate from the main image. This is so that you may restore the system and plug your data back into it. This is a good philosophy regardless! And backups not only ensure against mal-ware, but hardware failures and user goofs and all sorts of other misfortunes.

    An image restore kills mal-ware 100%. And you get your custom system settings back and all your installed software is fully operational. The way it was before. There is no doubt as to if you "missed" something or forgot some settings. And it takes 20-minutes. There's no need to learn and become familiar with how a mal-ware payload works. There's no headache and no lengthy and incomprehensible removal procedures to follow. And you are SURE you're running clean

    Backups FTW!
     
  3. Keatah

    Keatah Registered Member

    Joined:
    Jan 13, 2011
    Posts:
    853
    The amount of time spent downloading utilities and scans and executing byzantine procedures is just not worth it; especially if you want to be 100% confident your system is clean and stable and secure. Just troll through the mal-ware removal forms (and your own article) to see what I mean. Who wants to spend that much time ripping into a system like that? I sure as hell don't! Maybe if you like doing it as a hobby - then it's ok. But most of us just want to be on our way.

    My professional advice is to grab the user data and re-build the system from the ground up. And that's assuming you don't have a working disk image(backup). If you do then use it!

    A re-build or restore means you get a clean o/s with no marks or traces of mal-ware. You are golden. And a restore means 5 minutes of your time to get it going. Starting a restore is easy. Go have some tea while the process completes!

    Restoring from a backup is usually a fixed amount of time, you know exactly how long it is going to take. It is stress-free. And the result is a 100% perfect system. If you never made a backup image, the 2nd or 3rd time you contract mal-ware should convince you to do so.

    Remember, with manual mal-ware removal you can spend hours or days running tedious scanners and not fully understand what has transpired. Nor can you be be confident of the results or be sure your settings are restored. And what about the registry and obscure not-often-used system files? Are those in order? Listen, repaired mal-ware computers exhibit problems later when you use a "new" function or feature for the first time, typically. Or ofttimes the user reports that "something isn't right" or the system is unstable. Perhaps it can't take an update, or something like that.

    Computers work on exact specific events and there is no ambiguity involved as the processor steps through the instructions one by one. Let us be sure that our systems are restored to perfection after a mal-ware attack.

    "Nuke it from orbit. It's the only way to be sure."
     
    Last edited: Jul 8, 2012
  4. Chiron

    Chiron Registered Member

    Joined:
    Jun 6, 2010
    Posts:
    174
    This sounds like advice which I should add to How to Stay Safe While Online. I will add this.

    Thanks.

    I don't want to do this either. That's why I wrote How to Stay Safe While Online. However, many of those who don't know how to properly protect their computer will eventually need guides on how to clean infections and how to fix damage. I agree 100% that it is all preventable, but I still have to write the article for those who only learn that too late.

    Most users really don't want to do this, but it was also mentioned in my article. Also, I do believe that you can tell with nearly 100% certainty that your computer is now clean of active malware. Please read my article about How to Know If Your Computer Is Infected and let me know of any problems you find with it in this topic.

    Thank you.
     
  5. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,582
    Location:
    European Union
    I agree with you that imaging is the safest restore method when confronted with a malware infection, but using different procedures to clean up a system is a great learning experience that you might not want to skip!
     
  6. Mild_Manered

    Mild_Manered Registered Member

    Joined:
    Jun 16, 2012
    Posts:
    40
    Location:
    usa
    Not to toss a wrench into the workings here, but what about a sophisticated rootkit like a BIOS rootkit attack? How is an average user like myself going to be 100% certain a rootkit infection like this is gone?
     
  7. RJK3

    RJK3 Registered Member

    Joined:
    Apr 4, 2011
    Posts:
    855
    Not a particularly common threat, and average users like ourselves would be unlikely to run into it.

    The first bios rootkit found in the wild was Mebromi - the only purpose of the 'BIOS' aspect is to:
    1. Check if the MBR still contains infected code
    2. Reinfect the MBR if it doesn't have malware code

    With that in mind, if someone kept getting a Mebromi infected MBR after reboot despite formatting the drive and fixing the MBR, then they could assume that they still had the BIOS rootkit.

    Mebromi appears to have copied the method directly from an old proof of concept (both can only infect Award BIOS). Security researchers make us all less safe, most malware authors aren't capable of doing this stuff themselves ;) McAfee have detailed further BIOS rootkits, but all only work on Award BIOSes in the same way as well:
    http://blogs.mcafee.com/mcafee-labs/bioskits-join-ranks-of-stealth-malware

    They aren't sophisticated, and flashing the BIOS would presumably be sufficient to remove that component.
     
  8. Chiron

    Chiron Registered Member

    Joined:
    Jun 6, 2010
    Posts:
    174
    In addition to what RJK3 said, I would like to point out the following.

    If I understand BIOS rootkits correctly, they still have to access the main drive in order to do whatever they were meant to do. Thus, the approaches I recommend in How to Know If Your Computer Is Infected should be able to identify those new processes or additional rootkits. Although my approach may not be able to identify the core cause, at least for BIOS rootkits, I do believe that it would at least be able to indicate that there is malware on the system, and that is exactly what the article was created for.

    That said, can we please continue this conversation in this thread as these worries are more in line with the other article than this one.

    Thanks.
     
  9. Mild_Manered

    Mild_Manered Registered Member

    Joined:
    Jun 16, 2012
    Posts:
    40
    Location:
    usa
    RJK3, thanks for that...I am clueless when it comes to sophisticated rootkits of any type. I have also read of users far more advanced than myself state that they fear them more out of all the different malware.
    I can't help but to believe, that there are quite a few advanced-users on Wilders, that would love for a rootkit to get through their security and get planted deep into their system. Telling the wife, bring me a cold beer and don't interrupt me for any reason, smiling--I'm on a mission, honey! LOL...Am I right?

    Chiron, thanks and I will definitely contact you when or if I get into trouble. I also appreciate your tech-contributions here and over at Gizmo's freeware website! Please keep up the great work.
     
    Last edited: Jul 8, 2012
Loading...
Thread Status:
Not open for further replies.