User:Comet Tuttle/Malware

From Wikipedia, the free encyclopedia

Wikipedia:Reference desk/Computing frequently receives questions about how to repair a Windows computer system that has symptoms of infection by a computer virus, Trojan horse, or other malware. Here is a list of recommendations.

First you should decide whether you want to try to repair the system in place and remove the virus or other malware; or whether you want to nuke the system from orbit and reinstall everything from scratch to guarantee a clean system.

  1. "Nuking your system from orbit" means you're going to make a backup of your hard disk, then reformat your hard disk, deleting everything. You will then install Windows, create new user accounts, and install all your applications. Finally you will selectively copy your data files from the backup to the hard disk. This procedure will eradicate any malware from your system files and applications; and should remove malware from your data files.
  2. "Repairing your system in place" means you will run anti-malware and antivirus software to attempt to identify and delete malware that has infected your system. This is more convenient, but it is not possible to be sure you have eradicated all of the malware, or that the system hasn't been damaged by the malware.

Nuking your hard disk from orbit[edit]

Nuke it from orbit. Kill it with fire.
  1. Make sure you have on hand the original discs for Windows and all your applications you have purchased. The Windows disc is often called a Recovery disc.
  2. Back up your computer's hard disk. The remainder of this page will use the term the C drive for your startup disc.
    1. The easiest and fastest way to back up is to buy, beg, or borrow an external USB hard disk that is larger than your hard disk (and preferably the largest hard disk you can afford). As of March 2010, inexpensive external USB 2.0 hard disks are about US$100 for a 1TB drive.
      1. If you can afford a nice big external hard disk for this purpose, you can use a disk utility like Norton Ghost to make a disk image file of the C drive. This file will be really big and will be stored on the external drive. The benefit of using a disk image file is that Ghost can mount the file as though it were a drive, so you can "reach into" the disk image file to retrieve any of your old data; yet the disk image file does not consume the entire drive. A secondary benefit is that since it takes an obvious, intentional action to mount a disk image file, it may be more difficult to re-infect your system by accidentally launching an executable file from the backup.
      2. You could also use Ghost, or similar disk cloning software, to make the external drive into an exact copy of the C drive. See Comparison of disk cloning software and list of disk cloning software.
      3. You could also use more conventional backup software to copy all your files from the C drive to the external drive. ("More conventional" here means software that copies all your files, rather than software that copies all the underlying disk sectors.) See the List of backup software article.
      4. Finally, you could simply use Windows to drag the folders that you want to keep from the C drive over to the backup drive. Normally this means your Documents folder, and any other folders you use to store data that you value.
    2. If you can't afford an external USB hard disk for this purpose, but you have a DVD recordable or CD recordable drive on your computer, an alternative is to use backup software to copy the folders you want to keep onto a series of discs. The disadvantage is that you will be chained to your computer for, usually, hours, switching discs as they gradually fill up. 100GB of JPEG picture files will fill about 22 DVD-R discs.
      1. Some disk cloning software and some backup software will let you back up the contents of your entire hard disk to a series of optical discs.
      2. Alternatively, you could use optical disc authoring software to selectively back up only the folders you want to keep, onto one or several DVDs or CDs.
    3. When your backup is complete, try to remember that it's an infected hard disk. You must treat it like poison. Don't run any executable software from the backup — no applications and no installers. Be very aware that many data files can even carry infections, and you must conscientiously run anti-malware and anti-virus software when you copy data files from the backup to the new C drive; and be sure to perform a scan of those files after copying. This is one reason that the disk image file method of backup is nice — it takes some user effort to mount the disk image in order to access its contents and you can't accidentally run any executables by means of shortcuts or thoughtlessness.
  3. Reformat your hard disk and install a fresh copy of Windows. This will delete everything on your hard disk, so be sure you have backed up everything of value. (Preferably you will have actually backed up everything, just in case.)
    1. Boot up your computer with the Windows disc (or the "recovery disc") in the drive.
    2. Follow the on-screen instructions to "restore your computer to its original state" or "reinstall Windows" or "reformat your hard disk".
  4. When the computer asks you to create user accounts, you will create at least two.
    1. The first account should be an account with administrator rights. From now on, you are only going to log onto that account in order to install software. If your favorite account name is "Tuttle", you might want to call this administrator account "Tuttle-admin".
    2. After Windows has finished installing, create an account without administrator rights. This will be the account you use for your everyday Web browsing, e-mailing, IMming, software development...everything.
      1. The reason you're going to always use a non-administrator account from now on is that if you ever accidentally download and execute a Trojan horse or computer virus in the future, it'll have a much harder time infecting your system files.
  5. Log in with the administrator account and run Windows Update repeatedly until there are no further updates to download and install.
  6. With the administrator account, install antivirus software. See List of antivirus software.
    1. Don't install more than one piece of antivirus software; they will usually "fight" and scan each other endlessly, reducing your computer's performance very significantly. Each vendor assumes its antivirus software is the only antivirus software on the computer, and does not try to accommodate rivals.
  7. With the administrator account, one by one, install each application that you want to install on your computer.
    1. Install from the original discs, or from a fresh download. Do not make use of any installer from your backed-up infected disc. You must treat the executable programs on that disc (like installers and other applications) like poison.
    2. Use each application's update feature to be sure you have the most recent updates.
  8. If you used an external hard disk to make the backup in step #2, log in with the non-administrator account and scan the external drive for malware. See the List of antivirus software article; and some people have recommended Malwarebytes' Anti-Malware.
  9. Copy your data files from your backup (from step #2) to your "Documents" folder on the C drive, including your pictures, videos, music files, saved games, e-mail files (like the big .pst files that Microsoft Outlook uses) ... everything you want to keep.
    1. Do not copy executable files (or close-to-executable files) from the backup, like anything with a filename extension (that is, the last 4 characters of the filename) of .exe, .com, .msi, .bat, or .vbx.
    2. Once the copy is complete, use your anti-malware and antivirus software to scan your Documents folder in order to attempt to clean all your data files that may be infected. This is a very important step!
  10. Start using your computer normally. Be sure to log in each time with the account that does not have administrator rights.
  11. If you have had a malware infection of some sort, you should probably change all your online passwords. Some malware includes keylogger software, and anything you typed while sitting at the infected computer may have been captured and sent to The Bad Guys.

Repairing your system in place[edit]

Repairing your hard disk in place is also known as finding and removing every scrap of virus and malware. Unfortunately, you'll never know whether you got it all.

This solution is cheaper and quicker than nuking your system from orbit; but it is more risky, because no anti-malware software guarantees a fix for your malware problem.

  1. Download and install a malware scanner, such as the free Malwarebytes' Anti-Malware, and scan your hard disk for problems. Remove all the viruses and malware that are identified.
  2. Install antivirus software and perform a full system scan. Remove all the viruses and malware that are identified.
  3. Create an account with no administrator rights from the "User Accounts" Control Panel. From now on, log into your computer with that account, and use it for all your computing activities. This will greatly reduce the likelihood that future viruses and Trojan horses will be able to attack your system files.
    1. If you had previously used an account with administrator rights, many applications will treat you as a brand-new person, and will require you to reconfigure the settings you prefer. This will take some effort if you use many applications, but it's worthwhile for the security you gain as a result of using a non-administrator account.
Retrieved from "https://en.wikipedia.org/w/index.php?title=User:Comet_Tuttle/Malware&oldid=878390775"