What is the Best way to recover from virus infection

[aprocfu]

Hi, I think that vhen a computer gets infected with a virus the two main Programs that are affected are: Windows and Internet explorer. So I would like to first if by repairign the Windows and installing a registry copy prior to the Virus infection would solve the Windows Virus infection problem. Second do you think that the Internet Explorer can completely be uninstalled and reinstalled freshly so that all the viruses and add-ons that infet it would be gone. I posted this question to see if there is a way to avoid to reinstall Window and all the Application Programs to make sure viruses, windows errors, and Internet Explorer problems are gone

I appreciate your assistance

 

[jdemmi]

Not all viruses effect/impact the registry.

IE can be uninstalled , to a certain degree, but that's typically not necessary after a virus infection and can actually cause more problems than it could ever fix.

Here's what I do....

1. Run removal programs provided by Symantec/McAffee
2. Run full virus scans by at least 3 vendors (Symantec, AVG, TrendMicro, etc0
3. Run Spybot S&D
4. Run Adaware
5. Run Windows Defender
6. Delete all temporary files
7. Delete temporary internet files.
8. Check ADD/REMOVE programs for any programs that I DIDN'T install or intend to install and UNINSTALL them
9. Run a registry cleaner.
10. Run Windows System File Checker "SFC" (from the run window type SFC /SCANNNOW)

Note -- Glary Utilites performs severl of the tasks I mentioned.

Note 2 -- Just because you have the latest virus defs does not mean you CAN'T get a virus. Schedule monthly full scans and weekly quick scans. AT LEAST!
Run a program like Glary Utils that can clean the registry an

-- Jason
"It's Just Ones and Zeros

 

[LilBob]

Your best defense is you. Be vigilant and, as Jason mentioned, run scans on a regular basis. Avast is another excellent AV program available for free download at:

http://www.avast.com/eng/download-avast-home.html

as well as SpywareBlaster

http://www.javacoolsoftware.com/spywareblaster.html

I'm assuming you've updated XP for all service packs as well as all critical updates. Don't wait for Windows to auto update for you, check periodically as they don't send out updates daily (unless a new security problem that's major happens). In IE, you can click on Tools -> Manage Add-ons -> Enable or Disable Add-ons & disable anything there you don't want/need.

If you want to clean out junk files, CCleaner does a better job of cleaning out files.

http://www.ccleaner.com/

Instead of M$ Add/Remove, download Revo Uninstaller. It too does a better and more complete job

http://www.revouninstaller.com/

If you run SFC, be sure to have your OS CD handy. You can also run chkdsk from Command prompt to scan your HD for errors/problems. Sorry, run chkdsk /r to not only check but also repair.

Unless you are really savvy, I would not recommend running a registry cleaner. That could create more problems than what you're experiencing now. If you do, I'd recommend backing up your registry first. Also, set a restore point before adding/deleting anything major.

One last suggestion, back-up all your critical files on a regular basis. If you do pick up a virus, after removing it, shut down System Restore & turn back on. This will erase all previous restore points (& eliminate the chance of you restoring the bug if you use that function).

Hope this helps! Bob

 

[SimonDavies]

In my opinion the best way to recover from a virus infection is a complete rebuild. This way you KNOW that everything is ok rather than having that niggling feeling.

FYI I tend to have a ghost image of a base build that has all my applications pre-installed on it and should I want to rebuild my box I can do it quite quickly.

Simon

The real world is not about exam scores, it's about ability.

 

[LilBob]

'In my opinion the best way to recover from a virus infection is a complete rebuild.'

Glad your not my doctor Simon. I'd hate to think every time I came down with the flu, you'd recommend a complete organ transplant. Ghost images aren't always reliable & you still have to update your apps. I have all my CD apps as well as copies of all my important files but have better ways to spend my time than wiping out my HD & reinstalling everything (something my clients wouldn't like if I told them that was the best solution). JMHO

Bob

 

[SimonDavies]

Bob you need to look at the time it takes you to recover from a virus infection compared to doing a rebuild.

If it takes you 2 days of going thru the registry to try and remove residual entries and removing all files you would be better off spending 30 minutes installing from a ghosted image.

I for one have not had an issue with a virus infection for years, I do however rebuild my systems every 6 - 8 months or so just to keep it tidy (I install a lot of games \ applications and then uninstall them).

I also haven't had any issues with ghosting ever.
I would also add that I am a Config Manager engineer so could just deploy SCCM at home and do it that way, more complex than Ghost however.

As far as clients go, if it takes you two days to try and fix their problems compared to the 1 hour that it takes me to deploy a complete system I know which option the clients would go for. I have seen far more time wasted trying to resolve issues that are simply resolved by doing a rebuild.

Horses for courses tho, if you earn your money on time spent with customers then of course you're going to want to stretch it out. If however you want to provide the best service for your customers you get the work done in the shortest time.

Simon

The real world is not about exam scores, it's about ability.

 

[Grenage]

I generally recommend rebuilds, too. You can't really compare a reinstall/ghost to an organ transplant...

"We can categorically state that we have not released man-eating badgers into the area" - Major Mike Shearer

 

[LilBob]

I provide my clients with quality work in as fast as possible without overlooking anything. That means trying the easiest way to resolve the problem & return the PC in good working order to the client in as short of time as possible (and I warranty my work). I do not charge by the hour and resent your inappropriate comment about gouging my customers. If you recall, aprocfu's original request was how to remove any threat confidently without having to reinstall Windows & all other apps. I was offering aprocfu methods of doing that, not simply telling him to do what he was hoping to avoid.

Bob

 

[goombawaho]

No, no and NO. Rebuilds are not required for many types of malware short of something akin to the great plague. I am a professional and I certify that the below procedure will cure what ails you.

A scan using MalwareByte's Anti-Malware (a free program) followed by a virus scan using one of the products mentioned above (or AVG Free) will take care of about 98% of malware issues.

I would just turn system restore OFF before doing your scans AS LONG AS YOUR SYSTEM IS SOMEWHAT STABLE and you don't think you're going to need the system restore.

My steps:
0. Turn off system restore
1. CCleaner - remove all temp files found
2. Manually delete files in C:\windows\temp (if any)
3. Install and update MBAM and run a FULL scan (reboot as required/prompted)
4. Run a full scan using your anti-virus product that is UP TO DATE.
5. You can run and SFC /SCANNOW just for CYA

All of this can be done in under 2 hours and you just walk away and have burger while the scanning is happening.

 

[twiSSt]

I have to agree with goombawaho - with one additional tool to add DrWeb cd, recently came up against that 98% wall and had one that MBAM would not get, DrWeb did the trick.

Twist

===========================================
Everything will be OK in the end.
If it's not OK, then it's not the end

 

[LilBob]

Thanx for the back-up goombawaho. I forgot to mention MBAM. I run that as well. Like Twist mentioned, not every AV or AM will catch everything & thanx for the tip about DrWeb Twist. I'll check it out.

Bob

 

[goombawaho]

And I should have added to turn system restore back on after a week or so and you're feeling that things are clean - maybe after a 2nd scan just to make sure things didn't creep back in.

As far as something that MBAM doesn't get rid of - I haven't come across that yet and I don't really want to either.

The only problem with MBAM is that some malware will try to prevent you from installing/updating/running the program. If that happens, the first thing to do is rename the installer file. If it won't install, boot to safe mode and try to install.

Then try to run it from safe mode (a quick scan) WITHOUT worrying about updating. If it won't launch - try renaming the executable. Clean what it finds and then reboot.

Then try to update it and run again.

 

[sggaunt]

and if possible run your cleanup tools in Safe mode.


Steve: N.M.N.F.
If something is popular, it must be wrong: Mark Twain

 

[goombawaho]

No - don't run your cleanup tools only in safe mode because some malware will actually hide itself in Safe Mode.

In other words, you can scan in safe mode and remove/repair and then immediately boot into regular mode and run the same tool again and you will find stuff.

I only use scan in safe mode if I CAN'T get it to install/update/scan in regular mode.