Running AntiVirus or Format and Reinstall Windows?

Discussion in 'Software' started by Professor-Falken, Oct 3, 2008.

  1. Professor-Falken

    Professor-Falken Kilobyte Poster

    393
    2
    37
    I worked for a small computer store here in Miami, Fl and every time they someone brought a computer with a virus they would backup the music, pictures, and video and Microsoft Office documents and reinstall Windows. They would very rarely if ever run a virus or spyware program because it takes to long. I have followed that same pattern, even though most of the clients computers that I fix dont mind me reinstalling Windows, I dont want to fall into the assumption,
    that this the way to do it. But it does take along time to run Antivirus programs on computes
    what do you think I should do.

    Professor Falken
     
    Certifications: Comptia A+
    WIP: Comptia Network +
  2. Big_nath

    Big_nath Kilobyte Poster

    397
    8
    44
    If it was me i would prefer to remove the virus rather than fresh install, especially if there is lots of apps. I think AV removel tools usually do the job.
     
    Certifications: MCP, MCSA, MCSA:M, MCSE, MCTS
    WIP: A few
  3. BosonMichael
    Honorary Member Highly Decorated Member Award 500 Likes Award

    BosonMichael Yottabyte Poster

    19,183
    500
    414
    Manually removing viruses is time consuming, with no guarantees of removal; reinstalling Windows guarantees that the virus is removed. Lost time is lost money for a computer shop. So you either have to eat the cost, or you have to charge the customer for the time you spent and have unhappy customers.

    However, there is also another reason for reinstalling rather than attempting to remove the virus. Back several years ago, I felt pretty comfortable removing viruses individually. But back then, there weren't as many, they weren't as advanced, and they didn't typically involve rootkits that hide from the OS and from AV apps. Nowadays, that's the case. Sure, you can still manually remove most of the viruses you see... but what about the viruses you don't see? No anti-malware app catches everything - and they're amazingly incapable of removing malware from infected systems. If you miss something, you can guarantee that you'll have an unhappy customer who paid good money to have their computer fixed at your shop, but didn't receive the service they paid for.

    So... unless I can find the malware and fix it within a few minutes with relative certainty that nothing else remains (this certainty comes ONLY with experience), then these days, I'd opt to reinstall, particularly if I worked at a computer shot.
     
    Certifications: CISSP, MCSE+I, MCSE: Security, MCSE: Messaging, MCDST, MCDBA, MCTS, OCP, CCNP, CCDP, CCNA Security, CCNA Voice, CNE, SCSA, Security+, Linux+, Server+, Network+, A+
    WIP: Just about everything!
  4. BosonMichael
    Honorary Member Highly Decorated Member Award 500 Likes Award

    BosonMichael Yottabyte Poster

    19,183
    500
    414
    While AV apps are decent (not great, but decent) at stopping a malware infection before it occurs, they are abysmal at removing malware from a computer that has already been infected.
     
    Certifications: CISSP, MCSE+I, MCSE: Security, MCSE: Messaging, MCDST, MCDBA, MCTS, OCP, CCNP, CCDP, CCNA Security, CCNA Voice, CNE, SCSA, Security+, Linux+, Server+, Network+, A+
    WIP: Just about everything!
  5. Big_nath

    Big_nath Kilobyte Poster

    397
    8
    44
    Thanks bosonmichael, i thought Removal tools were better than that, i'll remember that next time. :biggrin
     
    Certifications: MCP, MCSA, MCSA:M, MCSE, MCTS
    WIP: A few
  6. BosonMichael
    Honorary Member Highly Decorated Member Award 500 Likes Award

    BosonMichael Yottabyte Poster

    19,183
    500
    414
    That's understandable; they used to be better. :)
     
    Certifications: CISSP, MCSE+I, MCSE: Security, MCSE: Messaging, MCDST, MCDBA, MCTS, OCP, CCNP, CCDP, CCNA Security, CCNA Voice, CNE, SCSA, Security+, Linux+, Server+, Network+, A+
    WIP: Just about everything!
  7. greenbrucelee
    Highly Decorated Member Award

    greenbrucelee Zettabyte Poster

    14,292
    265
    329
    I agree with BM, if the virus can't be found and removed within a few minutes and there are still issues with the computer then a fresh install is the best option.

    Some virus scanning software can take a long time to go through all the files and drives on a computer, mine takes 35 minutes and I regularly do a scan (once a week), but installing all the software again can take a lot longer.
     
    Certifications: A+, N+, MCDST, Security+, 70-270
    WIP: 70-620 or 70-680?
  8. hbroomhall

    hbroomhall Petabyte Poster Gold Member

    6,624
    117
    224
    Don't forget though that for some machines, particularly laptops, a reinstall is not so easily possible. If the customer has the reinstall disks then great, but many don't.

    Do you have a big library of these? If not how do you reinstall? With a generic install disk? So you need drivers by the ton!

    A busy shop will have a lot of tools, but sometimes a generic reinstall isn't the best thing.

    There are no easy answers here - you have to rely on experience.

    Harry.
     
    Certifications: ECDL A+ Network+ i-Net+
    WIP: Server+
  9. Bluerinse
    Honorary Member

    Bluerinse Exabyte Poster

    8,878
    181
    256
    I have to agree with Harry. A re-install is a great idea but it is not always as easy as it sounds. The vast majority of the clients i see, cant even remember where they have put their OS media, drivers disks and applications like Office.. they all mysteriously vanish into thin air. Even if you have all the necessary media, it's still a long process bringing a computer back from the dead. Yeah, it's slow to scan for malware too, especially if you need, which is often the case, to use several different programs to remove obvious traces of malware. However, compare that to a re-install and you'll find that the correct answer is.. *it depends*.
     
    Certifications: C&G Electronics - MCSA (W2K) MCSE (W2K)
  10. Obinna Osobalu

    Obinna Osobalu Banned

    539
    7
    0
    Just go easy on the formats because with each format the read/write sector of the hard drive is actually strained, hence the HDD depreciates the last format percentage. That is if you reformat a HDD for the first time and ut depreciates by 10% depending on the gravity of the fault, the next time you format that system it will depreciate by 20%. It gets to a point when you format and you just have to get a new HDD. Try running as much AV before you resort to formatting....
     
    Certifications: MCITP:SA,MCTS(x5),MCSE2K3;MCSA2K3:M;MCP
    WIP: EDA7,70-652,Project+,MSP(70-632)
  11. Teebor

    Teebor Nibble Poster

    61
    0
    23
    Erm, I think you are talking about a failing HDD here where each time a format occurs the drive will highlight errors and write them out of the usable area.

    I've never seen anything like this occur on a HDD under normal circumstances.

    To the OP, you could run antivirus, adaware, spybot, hackthis, and lots of other programs for an entire day and the PC will still be infected and unusable.

    Formatting takes a few minutes and then you are on to installing windows, its much quicker and more effective. Its the choice I would make unless I know there is data on there that I can't possibly rescue before performing the operation.
     
    Certifications: A+, Network +, MCSA, CCNA, Coupla MCP's
    WIP: CCNP BCMSN, CVOICE, ITIL
  12. Obinna Osobalu

    Obinna Osobalu Banned

    539
    7
    0

    Of course you dont get to see it, beause you never knew it goes like that. But maybe you should start taking a reading of the HDD whenever you format them. You are A+ ain't you... Trust me it goes like that. FORMATS INCREASES OR AFFECTS THE READ/WRITE SECTOR.
     
    Certifications: MCITP:SA,MCTS(x5),MCSE2K3;MCSA2K3:M;MCP
    WIP: EDA7,70-652,Project+,MSP(70-632)
  13. Teebor

    Teebor Nibble Poster

    61
    0
    23
    I have two portable HDD on my desk right now which I am just formatting again so my girlfriend can use them as I don't need them any more. I've formatted these things so many times now I have lost count and they still register the same now as they did when I first set them up (and prior to me just formatting them now)
     
    Certifications: A+, Network +, MCSA, CCNA, Coupla MCP's
    WIP: CCNP BCMSN, CVOICE, ITIL
  14. brucereid

    brucereid New Member

    2
    0
    1
    Installing Windows would be my preference too. As said here time is too precious to be lost and then again you never know where the virus may have kept its traces only to reappear despite all the effort put in to clear it performing the scan. When I was new to PC I used to save haphazardly now just ensure nothing important is saved in the drive where OS is loaded and no sooner a major virus problem surfaces I format the drive getting rid of all problems.
     
  15. Leehaa

    Leehaa Gigabyte Poster

    1,648
    21
    91
    If it's busy, I like to recover data, then fresh install.

    If there is some time, I like to play nurse.

    Go through a series of things and play by experience - there are certain things to look for that will indicate how bad it is...if however, I get to the point where virus scans and other stuff i've done hasn't worked and I keep referring to the registry (or have been at it for a couple of hours solid and still there are issues) I give up...and do clean install.
     
    Certifications: MCP, MCDST, ITIL v3, MBCS, others...
    WIP: BSc IT & Computing, RHCE
  16. Mathematix

    Mathematix Megabyte Poster

    969
    35
    74
    Many people make the mistake of believing that a format does actually get rid of all viruses, but this is not true. By their very nature they are very small programs that can effectively reside anywhere on the HD surface where the read/write heads can reach. A format in itself does not write to the entire surface of an HD, and given that viruses do not need registry entries and are generally very small, there is the slimmest chance that a format can fail to overwrite any the bytes that constitute a virus. This can mean that after a fresh install the problem caused by the virus remains.

    The only way that you are guaranteed to get rid of a virus short of trashing the HD itself, would be to find a utility that will 'wipe' the entire surfaces of your HD by covering it with binary '0' values - effectively making it virgin and getting rid of viruses and minor errors. After doing this it is impossible to recover any data as it will have been destroyed.

    Once the wiping phase is complete and a reinstall done you can bet your money that your machine really is clean! :biggrin
     
    Certifications: BSc(Hons) Comp Sci, BCS Award of Merit
    WIP: Not doing certs. Computer geek.
  17. michael78

    michael78 Terabyte Poster

    2,085
    29
    141
    I would backup all the files and wipe the PC because as others have said it's difficult to be 100% sure that the virus has been removed. These days from a personal point of view I have all my documents stored on a NAS device so now all I have to do is backup my Internet Favourites, games saves and Outlook mailbox and I can wipe the OS and reinstall without the worry of loosing anything.
     
    Certifications: A+ | Network+ | Security+ | MCP | MCDST | MCTS: Hyper-V | MCTS: AD | MCTS: Exchange 2007 | MCTS: Windows 7 | MCSA: 2003 | ITIL Foundation v3 | CCA: Xenapp 5.0 | MCITP: Enterprise Desktop Administrator on Windows 7 | MCITP: Enterprise Desktop Support Technician on Windows 7
    WIP: Online SAN Overview, VCP in December 2011
  18. Teebor

    Teebor Nibble Poster

    61
    0
    23
    ok there is a lot wrong with what you wrote but I will just start with this.

    Even after using a "utility" to "wipe" the surface by writing to it with binary "0" values the data can still be recovered.

    If you REALLY wanted to you can recover the data even after you do this up to 6 times, but it does require specialist equipment.

    Now I'm not sure what the name of the equipment is called I think it is a quantum interference detector (but don't quote me on that) can be used to recover data even further beyond that.

    How do I know? I used to perform data destruction for a company that had to ensure the data was gone. Even after performing a complete wipe 8 times (writing all zero's and ones) we had to ram a screwdriver or nail through the drive ensuring that the HDD platters are pierced at least once before it was accepted as being destroyed.

    Then they were sent to be crushed/shredded/whatever
     
    Certifications: A+, Network +, MCSA, CCNA, Coupla MCP's
    WIP: CCNP BCMSN, CVOICE, ITIL
  19. Mathematix

    Mathematix Megabyte Poster

    969
    35
    74
    Okay, and there is a lot wrong with your interpretation of what I'm saying.

    A virus cannot recover itself from a wipe in the same way that the tools that you once used to 'look' for data that has been wiped - a virus simply does not have that capability written into it. If the virus is working by attaching itself to another binary, then that binary, to all intents and purposes cannot be corrupt. If it is, then the virus is also useless.

    If the malware is functioning more like a worm, in that it doesn't require a host binary to wreak havoc, if it is corrupted it cannot 'reassemble' itself.

    The context that you are looking at is using tools for collecting fragments of supposedly securely wiped data. My stance is that such tools are not available to the virus, nor does it have such functionality written in. This raises the question of how viruses reappear when the suspect file has already been deleted? Well that would be because the actual core of the problem resides in another binary that you haven't yet found.

    How do I know this? Because I have one or two ideas for writing self-replicating binaries and the potential issues with doing such a thing. Also, I'm a low-level programmer. :)
     
    Certifications: BSc(Hons) Comp Sci, BCS Award of Merit
    WIP: Not doing certs. Computer geek.
  20. Mathematix

    Mathematix Megabyte Poster

    969
    35
    74
    Also, when backing up files be sure to only back up those files that you trust! Viruses can hide themselves anywhere. It is possible for an innocent looking .jpg file to actually be a binary, and once launched install a virus on your system. This is the very worst case scenario, of course.
     
    Certifications: BSc(Hons) Comp Sci, BCS Award of Merit
    WIP: Not doing certs. Computer geek.

Share This Page

Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.