dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
2016
JoeSchmoe007
Premium Member
join:2003-01-19
Brooklyn, NY

4 edits

JoeSchmoe007

Premium Member

Feedback needed on virus removal plan.

To clarify: my neighbor got computer infected by PWS:win32/zbot.gen!ap

More info here:

»www.microsoft.com/securi ··· t.gen!AP

»malwaretips.com/blogs/re ··· t-virus/

The way I see it - there is no way to tell if you ever cleaned your system completely after it was infected by that.

So my plan is to:

a) Try to clean it from bootable anti-virus CD
b) Backup user-created content (how)
c) Re-install Windows and reformat HD (full format (or whatever it is called) as opposed to quick) in the process.

Does this sound like a good plan?

I have several questions:

1) What bootable anti-virus CD is considered the best as far as detection and removal go? I found this list:

»www.raymond.cc/blog/13-a ··· ue-disk/

and I have heard about most of them.

2) Is it safe to use CD-RW or DVD-RW for bootable AV disc ( as opposed to -R)? I think yes, because not only rootkit will not be in memory when I boot from CD/DVD, but nothing can be written on finalized DVD-RW without overwriting the whole disc if I am not mistaken. The reason I want to use -RW is because I am not sure that ISO I pick will have network drivers for this laptop and then it will not be able to update itself, so if I use -R it will just be wasted.

3) What is the safe method of backing up user files? I was thinking about uploading them to neighbor's Gmail account. Or burning them to CD but is it safe to do under OS that is possibly infected? I do not intend to backup any executables. Another approach I thought about is to boot from Linux Live CD and copy files to flash drive.

4) Is full format during Windows reinstall a sure way to get rid of whatever he has lurking there? Does it take care of boot sectors or whatever other place rootkit can hide? Or are some other additional steps needed to "zero out" whole disc?

I don't need step-by-step instructions on removing specific virus. I just need answers to items 1..4. Thanks.

lilhurricane
Crunchin' For Cures
Numquam oblita
join:2003-01-11
Purple Zone

1 recommendation

lilhurricane

Numquam oblita

Re: [Trojan] Cleaning PWS:win32/zbot.gen!ap

Hi, please follow all the steps for our forum carefully if you'd like guided assistance. Also please refrain from running more apps or ,making any additional changes to your system :

»Security Cleanup FAQ »Mandatory Steps Before Requesting Assistance

Our FAQ will tell you what programs we need and how to attempt to get them to run . Please note only legitimate, licensed windows installations will be serviced here

It will also show what logs need to be attached to your post - as well as where to locate them

Post back when completed, we'll be waiting

»Security Cleanup FAQ »How to post for assistance
JoeSchmoe007
Premium Member
join:2003-01-19
Brooklyn, NY

JoeSchmoe007

Premium Member

I didn't want guided assistance. Oh well...

lilhurricane
Crunchin' For Cures
Numquam oblita
join:2003-01-11
Purple Zone

lilhurricane

Numquam oblita

Then we shall move you elsewhere - perhaps the main Security forum as per our FAQ
This forum is only for active malware clean-up

Put your seat belt on...we're on our way

goalieskates
Premium Member
join:2004-09-12
land of big

goalieskates to JoeSchmoe007

Premium Member

to JoeSchmoe007
said by JoeSchmoe007:

I didn't want guided assistance. Oh well...

If you don't want help from the experts here, I'm not sure the rest of us would want to touch this. Just sayin' ... what are your priorities here? which is more important, cleaning up the mess or ???

dib22
join:2002-01-27
Kansas City, MO

dib22 to JoeSchmoe007

Member

to JoeSchmoe007

Re: Feedback needed on virus removal plan.

said by JoeSchmoe007:

b) Backup user-created content (how)

I have done a few of these... first I image the drive with macrium reflect (you can mount and browse the image, one of the main reasons I always use macrium reflect on windows boxen).... AND move out any data that you know of (documents, pictures, music, etc).
said by JoeSchmoe007:

3) What is the safe method of backing up user files?

I do the above to an external drive if I have time, or I install another drive into the machine if I am rushed (usb drives are usually considerably slower than SATA/IDE).

The reason I do an image is even when you think you have backed up all of their data, they usually call you in a day or two and say "i cant find x"... having the image allows you to go digging for "x" after the drive has been scraped and re-paved.
said by JoeSchmoe007:

4) Is full format during Windows reinstall a sure way to get rid of whatever he has lurking there?

It should... I re-partition while in the install program, this should cause windows to rebuild the MBR.

On windows 7 just choose custom install, drive options when you get to the "where do you want to install windows", Highlight the drive and delete it.... if the drive is partitioned delete each partition until you are left with an unallocated disk. Just highlight that and hit next to install onto it.

Good luck!
JoeSchmoe007
Premium Member
join:2003-01-19
Brooklyn, NY

1 recommendation

JoeSchmoe007

Premium Member

Just to share what worked for me in this case:

Kaspersky Rescue Disk detected and removed muliple trojans. After that system seemed back to normal.

We backed up user files to DVD-R. I then ran DBan to nuke the hard drive and am now re-installing Windows.
Cronk
join:2005-07-16

Cronk to JoeSchmoe007

Member

to JoeSchmoe007
I'd suggest to be sure to scan the DVD-R with a good antivirus before putting files back on the computer.
JoeSchmoe007
Premium Member
join:2003-01-19
Brooklyn, NY

JoeSchmoe007

Premium Member

said by Cronk:

I'd suggest to be sure to scan the DVD-R with a good antivirus before putting files back on the computer.

Excellent point.