1
My Windows 10 guest OS running in VirtualBox on Mac OS X seems to have caught an infection. Is there a way to reinstall the OS and wipe any hidden malware, but keep my data files (program customizations, documents not yet backed up to the host, etc.)?
AShelly
Posted 2015-09-11T14:45:45.550
Reputation: 369
5
Malware has become sneakier and nastier. The consensus recommendation from Security Professionals is to wipe and reload from scratch.
If reasonable just recreate the documents. If not then scan them with several different security programs and after if they are Microsoft Office documents open them but do not enable macros.
If you don't want to reload you have often a significantly more work & time to do (18 Pages of Instructions on removal) and the risk remains that you did not remove it all. I've attempted and this can run many hours alone just waiting on scans.
... Put these two factors together, and it's no longer worthwhile to even attempt to remove malware from an installed operating system. I used to be very good at removing this stuff, to the point where I made a significant part of my living that way, and I no longer even make the attempt [to remove malware]. Removing malware Superuser question
Use this as a warning to get serious about Backups and Security on all Computers and VMs. If you did any banking or shopping from that VM, take precautions against Identity Theft.
StackAbstraction
Posted 2015-09-11T14:45:45.550
Reputation: 782
0
This is relative by any infection, is very hard to determinate the level of propagation of your infection, even if the antivirus disinfected your machine there is a posibility to have remains of that infection waiting the precice time to raise again(sounds like a story book).
My Suggestion: Wipe the data(i know is sad) but there you have something good. Since you are working with a Virtual Machine, you could take this as an advice for the next time:
Consider to do Snapshot
Snapshot get freeze the current state of a VM to return to it at any time and from then create another timeline VM.
There are three operations related to snapshots:
You can take a snapshot. This makes a copy of the machine's current state, to which you can go back at any given time later.
If your VM is currently running, select "Take snapshot" from the "Machine" pull-down menu of the VM window.
If your VM is currently in either the "saved" or the "powered off" state (as displayed next to the VM in the VirtualBox main window), click on the "Snapshots" tab on the top right of the main window, and then
- either on the small camera icon (for "Take snapshot") or
- right-click on the "Current State" item in the list and select "Take snapshot" from the menu.
In any case, a window will pop up and ask you for a snapshot name. This name is purely for reference purposes to help you remember the state of the snapshot. For example, a useful name would be "Fresh installation from scratch, no Guest Additions", or "Service Pack 3 just installed". You can also add a longer text in the "Description" field if you want.
Your new snapshot will then appear in the snapshots list. Underneath your new snapshot, you will see an item called "Current state", signifying that the current state of your VM is a variation based on the snapshot you took earlier. If you later take another snapshot, you will see that they will be displayed in sequence, and each subsequent snapshot is derived from an earlier one:
Francisco Tapia
Posted 2015-09-11T14:45:45.550
Reputation: 2 383
1In the case of choosing to keep everything, when you perform a Reset on Windows 10, you can choose it keep your personal files but will still require you to install any desktop applications after the operation is complete. Of course only choosing the option not to keep everything will completely rebuild the registry and not import anything from the existing hive. – Ramhound – 2015-09-11T15:00:03.613
Why type of documents do you have? Warning MS Office files can also be infected with macros. – StackAbstraction – 2015-09-11T19:31:15.777