Spyhunter has found an infection on my computer and I need to reformat, evidently. The main question I have is how can I safely reinstall Windows with all Windows updates safely? I suspect that each time I reformat, the computer gets reinfected during the installation process.
Asked
Active
Viewed 152 times
1
-
@SmokeDispenser Noted. Well, since the question wasn't exactly the same i didn't vote as a Dupe, Fixed . *threats* are everywhere by the way. – Baptiste Sep 01 '17 at 06:30
-
1I'd argue non-dupe because this question assumes malicious payloads that intend to re-infect after a re-install, while the other question simply wants the data to be irretrievable. Important difference. – Mike Ounsworth Sep 01 '17 at 14:57
-
Dan's boot and nuke bootable CD/ISO. It will wipe, multiple times if you want, all the sectors on your hard drive. Now if the firmware on your hdd was altered then your better off just buying a new hdd. Get a new copy of windows directly from Microsoft. Otherwise, something else on your network is hiding an infection and you need to clean that first. – cybernard Sep 02 '17 at 17:44
-
Is it safe to download Dan's boot and nuke on the infected computer or is there any other way to get the program? – S.W. Sep 06 '17 at 23:17
2 Answers
0
If you have other computers on the network it is possible they are reinfecting your computer.
Another consideration is to make sure you use genuine software only. You can get hashes for Windows ISOs to verify the installation media's authenticity. (If you download ISOs from mirrors it is possible they have been modified to include adware/malware and hashing will guarantee that the media is genuine.)
w21froster
- 68
- 6
0
It's going to be hard to give a satisfying answer because it depends where the virus is hiding. Generally speaking, good malware authors are better at finding places to hide than virus-scanners are at routing them out.
I'm not malware expert, but for the purposes of this question, I'd break malware into the following categories:
- Hides somewhere on the filesystem, maybe by injecting itself into another application. Simply performing a full re-install of Windows should fix this.
- Infects masterboot record. In this case you'll need to fully re-format all attached storage devices, including the partition table and MBR.
- Jumps over the network. In this case it will come back as long as there is one infected machine on the network. Your best-bet is to re-install and apply all Windows Updates (to patch known vulnerabilities in network protocols) prior to connecting the machine to your network (which kinda sounds like a catch-22 unless you're good with firewalls).
- Infects firmware, like BIOS or programmable memory on things like network cards. I have no idea how common this is, but I can imagine it's possible, and it will re-infect when the fresh Windows auto-installs device drivers.
I think a complete partition-level format of the drive and re-install is considered sufficient, but if you're a tinfoil hattist to the point of worrying about hardware / firmware hacks, then you need new hardware.
[This is not my expertise, so I'm open to comments.]
Mike Ounsworth
- 57,707
- 21
- 150
- 207