Is malware removal worth the effort?

Discussion in 'other anti-malware software' started by NonGeek, Jul 11, 2016.

  1. NonGeek

    NonGeek Registered Member

    Joined:
    Dec 28, 2015
    Posts:
    40
    Say that you had a suspiciously slow morning, ran a scan at noon and successfully removed a trojan. However, in those few morning hours, the trojan may have had downloaded a rootkit that is very difficult to detect and remove. Can you ever trust the machine again? Is malware removal worth the effort?

    Or would you rather rebuild the machine (reinstall the OS and programs from original disks, and files from backup) after say every bit of adware that you are getting?
     
  2. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    5,250
    The only time I ever restore from a backup (or do a clean install) is if Windows becomes badly damaged and I am unable to fix it (which is rare). Other than that, I just remove the infection/s.

    I am never paranoid when it comes to security, and if multiple scanners show that the computer is clean, and my own checks indicate the same, I trust that the computer had been fully cleaned. Maybe I'm too trusting, or perhaps, others are too paranoid. It's worth noting, when I'm working on a customers computers, it is rare for them to have full backup of their system. To backup their data, do a a clean install of Windows, restore their data and then install any software they need, would be a lot more work than removing the malware.
     
  3. faircot

    faircot Registered Member

    Joined:
    May 17, 2012
    Posts:
    106
    Location:
    UK
    Rare? It's unheard of in my experience. Over the past 15 years or so I've never come across a private client who has a decent or recent copy of their data. Usually they produce a USB stick or drive and say, "I haven't used this for (insert a number of months) and I don't think it's up to date." They're usually the same people who don't know whether they have a valid AV prog on their system, too.
     
  4. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    4,222
    MS has over the years improved the security of its OS's, starting with Vista and UAC and having with Win 10, smart screen, Windows Defender reached a decent level of protection. With the latest offer of Win 10 on USB or CD as a clean install for Win 7 and Win 8.1 users, I think this method should be adopted for all computers which are officially activated: imagine you have a badly infected machine, all you have to do is to reinstall Windows from a cloud server, if you don't know how to do it, your trusted technician will do it in no time and no hassles. Obviously this operation could also be simplified and automated for people who are not so confident in trouble shooting their own machines...
     
  5. zapjb

    zapjb Registered Member

    Joined:
    Nov 15, 2005
    Posts:
    3,524
    Location:
    USA - Back in a real State in time for a real Pres
    99% + treat their pc like they treat their toaster. It's only a problem when it stops making toast.
     
  6. Overkill

    Overkill Registered Member

    Joined:
    Mar 16, 2012
    Posts:
    2,134
    Location:
    USA
    Once infected, you can never guarantee 100% that ALL remnants are gone, so imo it's best to re-install which is easy to do.
     
  7. TS4H

    TS4H Registered Member

    Joined:
    Nov 5, 2013
    Posts:
    512
    Location:
    Australia
    Its a good skill to have to have to self diagnose and remove infections. However personally, it takes me 5 minutes to restore from a HD to a SSD. Walk away make a coffee and come back.

    Ask yourself this, are you confident that you removed all the infections? Has your malware scanners found all the malware and its remnants? Can you ever trust your PC again without a restore?

    regards.
     
  8. Overkill

    Overkill Registered Member

    Joined:
    Mar 16, 2012
    Posts:
    2,134
    Location:
    USA
    What backup software do you use?
     
  9. Aura

    Aura Registered Member

    Joined:
    Mar 19, 2015
    Posts:
    104
    Location:
    Québec, Canada
    It depends. I wouldn't reinstall, reimage, etc. Windows if a system was to be infected with a PUP, Adware, Spyware, simple password stealer, etc. If the system was infected with a backdoor however, I would clean reinstall it, since there's no way to guarantee at 100% that the system will be safe and secure after removal.

    As for the rootkits, some adware uses rootkits, so I wouldn't reinstall Windows on a system infected by one, I would just remove all of it and move on.
     
  10. Mister X

    Mister X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    1,774
    Location:
    Mexico
    Seems to me @roger_m is talking about to have a system image and you about personal data backup which is completely different. Btw I've also had same experience like @roger_m
     
  11. Mister X

    Mister X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    1,774
    Location:
    Mexico
    Some software has MBR re-writing capabilities, e.gr. Image for Linux (Terabyte Unlimited) which I like very much. Then the rootkit is gone.
     
  12. Aura

    Aura Registered Member

    Joined:
    Mar 19, 2015
    Posts:
    104
    Location:
    Québec, Canada
    In the end, it all comes down to what kind of rootkit you are dealing with.
     
  13. faircot

    faircot Registered Member

    Joined:
    May 17, 2012
    Posts:
    106
    Location:
    UK
    You're right. But a system backup or image is an alien concept for people who can't even keep their important files, pics and music safe, in spite of Microsoft including the facility in its OS over the years.
     
  14. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    1,145
    Location:
    Cape Town, South Africa
    Macrium Reflect with Rapid Delta Restore is very fast, but that feature is only in the free version.

    Personally, I just go back to a previous image. It will generally take more than 5 minutes to remove malware :)

    Edit: I meant paid version, not free version! (Thanks @_bjm).
     
    Last edited: Jul 12, 2016
  15. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,087
    If that happened on my personal computer I would restore an image (Macrium Reflect) and would never totally trust malware removal.
    If I try to fix other people's computer I would first try to remove it and if that fails I would reinstall. Of course in first case I would never be 100% certain that I removed everything.
     
  16. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    1,734
    logfile for that trojan found?
    adware is sometimes called as trojan.xyz because it behave same manner.
    less than a log file is a discussion on wrong basics and pretty pointless. and most of the user wont recognize a real trojan because of silly messages from stupid antivirus.
     
  17. TS4H

    TS4H Registered Member

    Joined:
    Nov 5, 2013
    Posts:
    512
    Location:
    Australia
    You guessed it :thumb:

    @Overkill The data on my partition is only around 60GB. The Data on there is relatively static meaning not many changes occur from week to week. Hence a delta restore is very fast. The read speeds from the HD is not the problem, only write so a backup takes much much longer around 10 min.

    regards.
     
  18. Hiltihome

    Hiltihome Registered Member

    Joined:
    Jul 5, 2013
    Posts:
    561
    Location:
    Baden Germany
    It depends on what kind of infection occurred.

    If a serious malware, or even a backdoor is on a machine, wipe the disk! Formatting may not be enough.
    In all other cases it depends on your knowledge and skill.

    I do malware removal daily, and in almost all cases customers don't have an image, or data backup.
    They often do not have there licences handy, and do not remember there stored passwords....
    In some cases there is software on the machine, that is not avaible for download, and the vendor has gone. (i.e. machine controlling soft)

    In this situation you have no choice, what to do.
     
  19. Hiltihome

    Hiltihome Registered Member

    Joined:
    Jul 5, 2013
    Posts:
    561
    Location:
    Baden Germany
    LOL
    Can't trust you, with that statement.

    Guess you never did it.
     
  20. Keatah

    Keatah Registered Member

    Joined:
    Jan 13, 2011
    Posts:
    853
    I would have to restore the OS and Application drive 100%. There's simply no telling what it did, what settings it changed, and if it's all gone. Besides, a restore takes only a few minutes of my time as opposed to hours of experimenting, testing, and research.
     
  21. Overkill

    Overkill Registered Member

    Joined:
    Mar 16, 2012
    Posts:
    2,134
    Location:
    USA
    Awesome Thanks
     
  22. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    You mean not in the free version.
    Trial it and see for yourself. I can personally vouch for his statement.

    As for the title to this thread, that of course depends on how much you're going to be paid...
     
  23. RJK3

    RJK3 Registered Member

    Joined:
    Apr 4, 2011
    Posts:
    855
    For my own machines, big believer in prevention over cure, and reinstalling/re-imaging.

    For others, it really depends on what I'm seeing and how much time I feel like spending on them. Years ago I'd remove rootkits by hand, but I've not kept up. If it was just a simple trojan or adware then a clean would be the most efficient.
     
  24. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    1,145
    Location:
    Cape Town, South Africa
    Yes typo sorry, I meant in paid version only.
     
  25. hjlbx

    hjlbx Guest

    Most people cannot stand the thought of inactive malware remnants on their system.

    It's causes them severe emotional and mental discomfort... :argh:
     
Loading...