To clarify: my neighbor got computer infected by PWS:win32/zbot.gen!ap
More info here:
»
www.microsoft.com/securi ··· t.gen!AP»
malwaretips.com/blogs/re ··· t-virus/The way I see it - there is no way to tell if you ever cleaned your system completely after it was infected by that.
So my plan is to:
a) Try to clean it from bootable anti-virus CD
b) Backup user-created content (how)
c) Re-install Windows and reformat HD (full format (or whatever it is called) as opposed to quick) in the process.
Does this sound like a good plan?
I have several questions:
1) What bootable anti-virus CD is considered the best as far as detection and removal go? I found this list:
»
www.raymond.cc/blog/13-a ··· ue-disk/and I have heard about most of them.
2) Is it safe to use CD-RW or DVD-RW for bootable AV disc ( as opposed to -R)? I think yes, because not only rootkit will not be in memory when I boot from CD/DVD, but nothing can be written on finalized DVD-RW without overwriting the whole disc if I am not mistaken. The reason I want to use -RW is because I am not sure that ISO I pick will have network drivers for this laptop and then it will not be able to update itself, so if I use -R it will just be wasted.
3) What is the safe method of backing up user files? I was thinking about uploading them to neighbor's Gmail account. Or burning them to CD but is it safe to do under OS that is possibly infected? I do not intend to backup any executables. Another approach I thought about is to boot from Linux Live CD and copy files to flash drive.
4) Is full format during Windows reinstall a sure way to get rid of whatever he has lurking there? Does it take care of boot sectors or whatever other place rootkit can hide? Or are some other additional steps needed to "zero out" whole disc?
I don't need step-by-step instructions on removing specific virus. I just need answers to items 1..4. Thanks.