Newbie question

  • Thread starter Thread starter lastcall
  • Start date Start date
L

lastcall

I was just wondering, as a newbie to this NG, if after getting a virus
the only way to be 100% sure that the computer is fixed after fixing
or deleting infected files is still to do an OS reload. Would it be
possilbe if files in %systemroot% or %systemroot%/system32 are
affected to run SFC and fix it?

Reason I ask is that I work for small mobile PC repair outfit and the
boss believes that if someone has a virus, the ONLY way to guarantee
it's fixed is an OS reload. Now, he IS the boss but I would, if
possible, like to be able to fix the computers on site more often than
hauling them in to the shop.

I'm sure there are different scenarios and don't expect a tutorial,
just a little feedback as to whether it's possible and if I'm killin
myself dragging all these PCs in to him.

Currently, I'm using Hiren Boot CD (F-Prot for NTFS and Norton for
Fat32 partitions).

Thanks in advance!

Steve
 
lastcall said:
I was just wondering, as a newbie to this NG, if after getting a virus
the only way to be 100% sure that the computer is fixed after fixing
or deleting infected files is still to do an OS reload. Would it be
possilbe if files in %systemroot% or %systemroot%/system32 are
affected to run SFC and fix it?

Reason I ask is that I work for small mobile PC repair outfit and the
boss believes that if someone has a virus, the ONLY way to guarantee
it's fixed is an OS reload. Now, he IS the boss but I would, if
possible, like to be able to fix the computers on site more often than
hauling them in to the shop.

I'm sure there are different scenarios and don't expect a tutorial,
just a little feedback as to whether it's possible and if I'm killin
myself dragging all these PCs in to him.

Currently, I'm using Hiren Boot CD (F-Prot for NTFS and Norton for
Fat32 partitions).

Thanks in advance!
Click to expand...

I'm not one of the experts, but, from what I have seen here and other AV
related forums, it is *not* necessary to reinstall the OS after you clean a
virus. Normally, this is something that is listed at the bottom of the
list, as in, when nothing else works, not the status quo. If you have a
good AV, and the detections are up to date....it should take care of
whatever nasty is on the system. Always have a good back up too, such as
TrendMicro or F-Prot that you can use to double check to be sure it is
clean.

TrendMicro:

http://housecall.trendmicro.com/

F-Prot:

http://www.f-prot.com/products/corporate_users/dos/

To get a bit of information on the various viruses see here:

http://securityresponse.symantec.com/


Be aware that there is a difference between a virurs and a parasite,
spyware, and malware , so go here and read up on some of them if you are not
familiar with them.

To get protection for most, look here, many are free:

http://www.majorgeeks.com/downloads29.html

Read through the various threads here and bone up on some of the
suggestions, cures and enjoy the many debates.... it might help with your
boss....;-)

This should get you started..and there are others here who I'm sure can add
information for you.

Jan :)
 
lastcall wrote:
I was just wondering, as a newbie to this NG, if after getting a virus
the only way to be 100% sure that the computer is fixed after fixing
or deleting infected files is still to do an OS reload. Would it be
possilbe if files in %systemroot% or %systemroot%/system32 are
affected to run SFC and fix it?
Click to expand...

A reload of the OS is not required in the vast majority of cases. Provided
you keep A-V definitions up to date, you'll rid the machine of all known
viruses. The key word here is "known".

IMO, spyware,adware, and malware are much more common and do more harm to a
PC than do most viruses. The same can be said for the Brand X support techs
who insist on formatting and reinstalling for every little quirk.
 
lastcall wrote:


A reload of the OS is not required in the vast majority of cases. Provided
you keep A-V definitions up to date, you'll rid the machine of all known
viruses. The key word here is "known".

IMO, spyware,adware, and malware are much more common and do more harm to a
PC than do most viruses. The same can be said for the Brand X support techs
who insist on formatting and reinstalling for every little quirk.
Click to expand...
Let's just suppose you re-format your drive, because you have had a
virus at 1 time, or your just bored, & are sick of watching the clock
whatever the reason.
Do you have current patches ready to be installed, or do you have to
download ALL of them for the OS?
Do you have the Anti-virus prog up & running with the latest
definitions, or will you have to download that?
Do you have the other misc. programs that stop malware & spyware ready
to install, or will you have to download that?

If you don't have the latest patches, Firewall, & the Anti-spy/Mal ware
as well as other handy progs, you'd be better off having unprotected sex
with a hooker than getting on the internet. Oh, so many nasties will be
waiting at your IP address waiting to infest you.

Keep what you have, & just protect it better, not only by programs, but
by doing google searches on how to keep your machine clean.
 
Jan said:
I'm not one of the experts, but, from what I have seen here and other
AV related forums, it is *not* necessary to reinstall the OS after
you clean a virus. Normally, this is something that is listed at the
bottom of the list, as in, when nothing else works, not the status
quo. If you have a good AV, and the detections are up to date....it
should take care of whatever nasty is on the system. Always have a
good back up too, such as TrendMicro or F-Prot that you can use to
double check to be sure it is clean.

TrendMicro:

http://housecall.trendmicro.com/

F-Prot:

http://www.f-prot.com/products/corporate_users/dos/

To get a bit of information on the various viruses see here:

http://securityresponse.symantec.com/


Be aware that there is a difference between a virurs and a parasite,
spyware, and malware , so go here and read up on some of them if you
are not familiar with them.

To get protection for most, look here, many are free:

http://www.majorgeeks.com/downloads29.html

Read through the various threads here and bone up on some of the
suggestions, cures and enjoy the many debates.... it might help with
your boss....;-)

This should get you started..and there are others here who I'm sure
can add information for you.

Jan :)
Click to expand...

lets see.... 50$ homevisit 35$bench 60$reinstall of windows.....hmmmmm I
think its a money thing.
(they call it call-back work)
like the guy who shingles and misses a nail here + there
a storm blows in and.....hey more work!!!
just my 2cents
-max
 
Geese_Hunter said:
Let's just suppose you re-format your drive, because you have had a
virus at 1 time, or your just bored, & are sick of watching the clock
whatever the reason.
Do you have current patches ready to be installed, or do you have to
download ALL of them for the OS?
Do you have the Anti-virus prog up & running with the latest
definitions, or will you have to download that?
Do you have the other misc. programs that stop malware & spyware ready
to install, or will you have to download that?

If you don't have the latest patches, Firewall, & the Anti-spy/Mal ware
as well as other handy progs, you'd be better off having unprotected sex
with a hooker than getting on the internet. Oh, so many nasties will be
waiting at your IP address waiting to infest you.

Keep what you have, & just protect it better, not only by programs, but
by doing google searches on how to keep your machine clean.
Click to expand...

Geese! ......meanie!! <g>
 
I was just wondering, as a newbie to this NG, if after getting a virus
the only way to be 100% sure that the computer is fixed after fixing
or deleting infected files is still to do an OS reload. Would it be
possilbe if files in %systemroot% or %systemroot%/system32 are
affected to run SFC and fix it?

Reason I ask is that I work for small mobile PC repair outfit and the
boss believes that if someone has a virus, the ONLY way to guarantee
it's fixed is an OS reload. Now, he IS the boss but I would, if
possible, like to be able to fix the computers on site more often than
hauling them in to the shop.

I'm sure there are different scenarios and don't expect a tutorial,
just a little feedback as to whether it's possible and if I'm killin
myself dragging all these PCs in to him.

Currently, I'm using Hiren Boot CD (F-Prot for NTFS and Norton for
Fat32 partitions).
Click to expand...

Reinstalling the OS alone doesn't guarantee much of anything. Current
wisdom states that if the presence has been a remote access backdoor
in which a third party has control of the machine, and thus any
unknown files might have been installed, to be 100% sure a FORMAT and
reinstall is necessary. This should probably be extended to include
ANY malware that downloads and runs files from a third-party site,
since that downloaded file could be changed at any time, and this
would include most adware and spyware.

To me, the decision would rest on who the customer is: how important
100% security is, how much risk is involved with the identified
malware, and how important the data being destroyed is. Some kinds of
data could safely be backed up even after infection. But of course
all of this would take more time than his solution, and doesn't
prevent any "You worked on my machine and the next day blah-blah-blah"
feedback.

Carol
 
madmax said:
lets see.... 50$ homevisit 35$bench 60$reinstall of windows.....hmmmmm I
think its a money thing.
(they call it call-back work)
like the guy who shingles and misses a nail here + there
a storm blows in and.....hey more work!!!
just my 2cents
Click to expand...

Yeah.....you could be right.....I had the experience with a Ford dealership
on one of their used cars......once. ;-))

Jan :)
 
Geese_Hunter said:
Let's just suppose you re-format your drive, because you have had a
virus at 1 time, or your just bored, & are sick of watching the clock
whatever the reason.
Do you have current patches ready to be installed, or do you have to
download ALL of them for the OS?
Click to expand...

....and is your OS still supported? Can you even obtain the
needed patches? I suggest always downloading the patches
and upgrades (as opposed to running them from the remote
location) so that you have a copy of the upgrade or patch
in your backup set.
 
It's amazing how badass some people can talk when they're not face to
face with you....

Your grammar is as bad as your reading comprehension. First off "or
your bored, &..." would actually be "or YOU'RE bored..." meaning the
phrase you are, not posessive.

Regarding your lack of reading comprehension, I stated that I didn't
want to haul them in to the shop. I don't know what part of that you
don't understand. I take the damn thing to the shop where we reload
the damn OS where we are able to update the damn thing! If they're not
too cheap to have or buy an antivirus and maybe a firewall, we put
that on and update that, too. Yes, I said buy, too. This is a business
we don't give !$% away, either.... We also put on Spybot, update and
set it up to immunize.

Your whole point is way off base of the original topic, asking me if I
carry patches and updates in my gig bag. But, yes I do, except for
Windows of course. Takes me 5 minutes to download and reburn on a
CD-RW with Spybot and Norton updates.
 
Hi Carol,

Correct, a "dirty load" doesn't guarantee it's fixed. But that's the
issue.... "guarantee". If we can't, we have to make another trip out
for free if it acts up in a day or two or whatever. He's been bitten
before and wants to make sure it's positively fixed the first time. I
would much rather fix the thing on site if possible.

It seems you're the closest to getting my question. Without being an
expert and knowing what every single virus does, and attacks, is there
any way to at least be like 95% sure you won't be called back a second
time?
 
Thanks much for the links, Jan! I will check them out.

Is it my imagination or are some people in this NG just to flame other
people? Maybe because in person they wouldn't have the balls to say
peep to someone? Maybe cuz they're too "frustrated", can't get the
courage to ask that little cutie to the prom? tee hee hee....

choi!
 
lastcall said:
Thanks much for the links, Jan! I will check them out.

Is it my imagination or are some people in this NG just to flame other
people?
Click to expand...

It happens.
Maybe because in person they wouldn't have the balls to say
peep to someone? Maybe cuz they're too "frustrated", can't get the
courage to ask that little cutie to the prom? tee hee hee....
Click to expand...

In another post there is a guy who is going to get laid if he fixes
his girlfriends computer. For him I would suggest definitely *not*
reloading the OS. So as to set him up for further visits. ;o)

Anyway, a good virus detector can identify affected files and many
will "clean" or otherwise remove the malicious program. It will not
however fix any vulnerabilities that allowed the malware on the system
in the first place. It is possible to research the malware found on the
system and take steps to correct any vulnerabilities (including social
engineering) that may be present.

As far as SFC is concerned, it *should* have kept track of any
updated files in its purview and allow you to "replace" rather than
"clean" affected files (which is what I personally prefer).

IMO, most times a particular malware is revisited, it is because it
came back in the same way it came in before, and not because it
was hiding on the harddrive waiting to reanimate.

Somewhat off topic here, but as a factory level repair person
I couldn't get by with cleaning VCR heads and adjusting the
tape travel path because of our warranty. I had to replace all
"shelf life" rubber products or risk having to replace them for
free if *anything* at all went wrong during our repair warranty
period. This is similar to your situation where you want to give
the customer's machine a clean bill of health. If you do decide
that reinstalling the OS is preferred - take notice of what Geese
Hunter said about having to rebuild through all of the patches
and whatnot - which could be problematical with DCOM RPC
exploit worms wriggling about cyberspace.
 
It happens.


In another post there is a guy who is going to get laid if he fixes
his girlfriends computer. For him I would suggest definitely *not*
reloading the OS. So as to set him up for further visits. ;o)
*g*

Anyway, a good virus detector can identify affected files and many
will "clean" or otherwise remove the malicious program. It will not
however fix any vulnerabilities that allowed the malware on the system
in the first place. It is possible to research the malware found on the
system and take steps to correct any vulnerabilities (including social
engineering) that may be present.

As far as SFC is concerned, it *should* have kept track of any
updated files in its purview and allow you to "replace" rather than
"clean" affected files (which is what I personally prefer).

IMO, most times a particular malware is revisited, it is because it
came back in the same way it came in before, and not because it
was hiding on the harddrive waiting to reanimate.

Somewhat off topic here, but as a factory level repair person
I couldn't get by with cleaning VCR heads and adjusting the
tape travel path because of our warranty. I had to replace all
"shelf life" rubber products or risk having to replace them for
free if *anything* at all went wrong during our repair warranty
period. This is similar to your situation where you want to give
the customer's machine a clean bill of health. If you do decide
that reinstalling the OS is preferred - take notice of what Geese
Hunter said about having to rebuild through all of the patches
and whatnot - which could be problematical with DCOM RPC
exploit worms wriggling about cyberspace.
Click to expand...

Thanks for your response. Points well taken...
 
The MS Windows Security Update CD applies patches to prior to the most
recent IE cumulative, in minutes. Unfortunately it automatically installs IE
6.0sp1, WMP9, DX9b and MDAC 8 (though personally I've had no problem with
any of these - and with the possible exception of WMP9 are part and parcel
of patching the latest known vulnerabilities). It's good for 98, ME, 2k and
XP. While XP patches can be QChained, 9x updates with their need for
frequent reboots take hours - but on the CD 9x patches are apparently also
QChained.

It can be run from the HD which implies that with some editing a version
that gives a choice of installing the above can be knocked up. On eg, a
clean 98SE install, visiting Windows Update after running the CD shows maybe
half a dozen minor patches yet to be applied, eg IDE Hard Drive Cache, Root
Certificates, Critical Updates Notification.

It also, of course, advises to turn on the XP firewall.

Shane
 
lastcall said:
Hi Carol,

Correct, a "dirty load" doesn't guarantee it's fixed. But that's the
issue.... "guarantee". If we can't, we have to make another trip out
for free if it acts up in a day or two or whatever. He's been bitten
before and wants to make sure it's positively fixed the first time. I
would much rather fix the thing on site if possible.

It seems you're the closest to getting my question. Without being an
expert and knowing what every single virus does, and attacks, is there
any way to at least be like 95% sure you won't be called back a second
time?
Click to expand...

I'm not an expert either, and I'm just curious as to how you can actually
guarantee that the user who got the virus won't get reinfected from doing
whatever they did to get infected in the first place. No matter how clean
the system is when it goes back to the customer, in a day or two you could
get a call that it is not working right. This creates the situation where
you and your boss must take the position that the system was clean when it
was returned to the customer, and they take the position that it was not.
The customer is always right. Right?

I'm not asking just to be a wise-girl, but, I can see that this could be a
particular problem in the computer repair business. Without knowing what
viruses do what, and perhaps the user being less than honest in telling you
where all they really go on their internet visits, or what kind of mail they
are opening, how can you prevent the unit from reinfection? AV's,
Mal/Adware prevention programs, etc. only do so much. If the user is lax in
good computer habits, then they can claim that your company is not doing a
good job of cleaning, even by reinstalling the OS. Also, how can you
guarantee 100% that all data that is backed up before the reinstall is not
still infected in any way? That perhaps the AV or others may have missed
something. Even a reinstall of the OS won't guarantee anything if the data
returned to the HD is not 100% clean.

I really think you're asking someone to tell you how to 100% guarantee
something that is uncertain under normal use conditions, and I'm not sure
that is possible. Additionally, some customers will not be satisfied no
matter what you do. All you can do is make the effort. If you insist on
reinstalling the OS every time as a on-site repair, then as the others have
said, be sure to redo each and every patch and update, make sure you have
them on hand to do so on a CD or maybe a Zip file. Be sure they too are
100% bug free before using. Our IT people have infected more of our company
PC's than any outside virus because of carelessly passing around dirty
files.

Jan :)
 
Back
Top