3

So I got this computer from my cousin. As far as I can tell, it has LOTS of back-doors, trojans etc. installed. You can see the installed programs as below w/ lots of activeX:

enter image description here

I fear these backdoors would be integrated to the OS via updates (if such thing is possible). So is the safest course a fresh install or would Kaspersky do just enough so that I tell my cousin that she can use without any concerns?

Edit: What are we looking at?

The OS is in Turkish, this is the Uninstall Program window. The other languages: I don't know. The computer has only Turkish language installed as OS's native language.

Improve this question
10

2 Answers 2

Reset to default
5

Using any of the Antivirus software is no guarantee that they keep your PC clean.

I am not an antivirus expert, but when a virus can breach your system, then there is the chance too it could hide itself from the Antivirus software(s).

E.g. There are a lot of rootkits out there which you can't remove, because they integrated your system such a low level. (You even don't know them, because they are not visible to you or your antivirus)

So I advice you to complete reformat your drive and reinstall your system. And if you don't have any super important data then do not make a backup because if the virus is smart enough it will copy itself to your backup, and infect your system again.

And if you use this computer to buy on the internet or use your net bank, then you definately SHOULD reinstall your system.

+1 Advice: If you connected this computer to your home network, and you use a bad firewall (eg: Microsoft default firewall) then you should inspect your other PC on your network.

Improve this answer
9
  • 1
    What makes the Windows Firewall a "bad" firewall?
    – Darth Android
    Commented Feb 18, 2014 at 17:40
  • Basic, almost no option. (and I know about the advanced filter editor window) Permissive, most of the outbound traffic is not filetered. Give a try to Comodo Firewall, hack around a bit and you will see the differences. :)
    – NoNameProvided
    Commented Feb 18, 2014 at 19:38
  • I will re-install the OS. Although I wonder, would an infected external HDD that contains executables cause problems when I plug in and scan on my clean system (I do not click on anything in the drive) ?
    – Varaquilex
    Commented Feb 18, 2014 at 20:15
  • Outbound isn't filtered by default, but you can turn it on: Step 1: Configuring the Default Outbound Firewall Behavior to Block You ever given an outward blocking firewall to a neophyte computer user? Oh my goodness! They freak out because every time something happens that required some internet usage a popup they don't understand comes up, talking about blocking and allowing suspicious things, possible infections, etc. And then they're on the phone with you telling you they're infected and/or can't get on the Internet. :)
    – Ƭᴇcʜιᴇ007
    Commented Feb 18, 2014 at 20:16
  • @NoNameProvided It's not a fully-featured heavyweight firewall solution... but it's a very solid general/basic firewall. And as techie007 said, I would not filter outbound data by default as a general Windows default, because that would just result in people turning the firewall completely off.
    – Darth Android
    Commented Feb 18, 2014 at 21:29
1

Due to the intrusive and stealthy nature of viruses, your best option is probably to reinstall the OS.

Back up any necessary files (Only take what is ABSOLUTELY NECESSARY, as the virus can replicate using most files and file types, and you don't know the exact location or spread of the virus), and wipe the HDD. Reinstall the OS, and move from there.

Ideally, if you can create an Ubuntu (or other OS that can zero a HDD) boot disk, use the command:

sudo dd if=/dev/zero of=/dev/sda

MAKE SURE THAT sda IS THE HARD DRIVE IF YOU DO THIS!

which completely overwrites the hard drive with 0's. You WILL lose ALL data on the drive, and completely remove the virus from the hard drive. Then reinstall Windows. Make sure to use a clean computer to create the boot disk.

If you deal with sensitive information (finances (such as credit cards), or other information that could be used in identity theft), then I would highly recommend a full wipe and reinstall.

If the computer is completely offline, ideally with the network cable unplugged, then you could probably get away with cleaning up the PC and continuing use on the same OS. I still do not recommend this action, as the virus could travel over removable media that you use.

And as NoNameProvided said, inspect other computers connected to the infected computer. Although they may not seem infected, there are multiple types of infections that are near impossible to detect until it's too late.

Improve this answer
3
  • 2
    While I don't think applies but it should be noted. DO NOT DO THIS METHOD TO AN SSD DRIVE You can cause excess wear to and SSD by zeroing it out like this.
    – AtomicPorkchop
    Commented Feb 18, 2014 at 19:13
  • 1
    @Solignis: Reinstalling the OS is going to be another write cycle over much of the SSD anyway. I agree that SSDs have limited write life, but I think this is a situation where burning one of those writes is much more than fully justified.
    – keshlam
    Commented Feb 18, 2014 at 23:24
  • Yes reloading this OS is another write cycle. But writing over the data on the disk is different than filling the disk with zeros. You do not treat an SSD like you treat a traditional hard disk. When you format an SSD you have to use software that is SSD aware. dd with /dev/zero is not one of those methods.
    – AtomicPorkchop
    Commented Feb 19, 2014 at 22:53

Not the answer you're looking for? Browse other questions tagged .