Clean Install or Restore from Backup

[silkunicorn]

Hello,

I suspect that my PC is infected with virus because it has been very
slow doing anything. I have already used Windows XP Backup utility to
backup "My Documents & Settings" to an external drive. My question is:
should I do a clean install of Windows XP or should I reinstall
Windows XP then use my backup to restore all of my settings? If I do
the later one, will the virus be transfered alongwith the restore?

I am using Windows XP Home SP3.

Any suggestions/comments are much appreciated.

Thank you.

 

[Leythos]

Hello,

I suspect that my PC is infected with virus because it has been very
slow doing anything. I have already used Windows XP Backup utility to
backup "My Documents & Settings" to an external drive. My question is:
should I do a clean install of Windows XP or should I reinstall
Windows XP then use my backup to restore all of my settings? If I do
the later one, will the virus be transfered alongwith the restore?

I am using Windows XP Home SP3.

Any suggestions/comments are much appreciated.

Thank you.

The only way to be sure your PC is clean is to wipe it and reinstall
from scratch in a clean environment - that's what we do when we have to
certify that a computer has been cleaned of malware.

Before you restore anything you need to get quality antivirus software
on the computer.

I suggest that you export your files/email/stuff to a USB drive and then
copy them back after you've rebuilt, patched, updated, AV protected, and
then scanned all of of the files on the USB drive for malware, before
you copy them back to the computer.

If you've not learned how and why you were compromised you're bound to
repeat the same thing that got you compromised the first time.

 

[Ken Blake, MVP]

I suspect that my PC is infected with virus because it has been very
slow doing anything.

That suspicion *may* be correct, but you should certainly not proceed
on the assumption that it's correct until you've verified it.

Do you run an anti-virus program? An anti-spyware program? Which ones
are they (there are far from being equally good)? Are they kept up to
date?

Does either the anti-virus or anti-spyware program report any
infections? What do they report?

What does "very slow" mean? Please put a number on it, even if
approximate.

What programs do you have starting automatically when Windows starts
(if you don't know, press Windows key +R, type MSConfig, and look on
its startup tab)?

I have already used Windows XP Backup utility to
backup "My Documents & Settings" to an external drive. My question is:
should I do a clean install of Windows XP or should I reinstall
Windows XP then use my backup to restore all of my settings? If I do
the later one, will the virus be transfered alongwith the restore?

Sorry, I'm having trouble understanding what you mean by the
difference between those two choices. Please clarify.

And bear in mind that when you reinstall Windows, you will lose many
settings that you were not able to back up. Moreover, you will have to
reinstall all your programs.

For those reasons, and because it's a lot of work, I recommend
reinstalling Windows only as a last resort, when nothing else works.
Reinstallation is hardly ever a good choice when you have a virus
infection. There are several good anti-virus programs that should be
able to remove your infection far more simply than reinstalling.

 

[silkunicorn]

That suspicion *may* be correct, but you should certainly not proceed
on the assumption that it's correct until you've verified it.

Do you run an anti-virus program? An anti-spyware program? Which ones
are they (there are far from being equally good)? Are they kept up to
date?

Does either the anti-virus or anti-spyware program report any
infections? What do they report?

What does "very slow" mean? Please put a number on it, even if
approximate.

What programs do you have starting automatically when Windows starts
(if you don't know, press Windows key +R, type MSConfig, and look on
its startup tab)?


Sorry, I'm having trouble understanding what you mean by the
difference between those two choices. Please clarify.

And bear in mind that when you reinstall Windows, you will lose many
settings that you were not able to back up. Moreover, you will have to
reinstall all your programs.

For those reasons, and because it's a lot of work, I recommend
reinstalling Windows only as a last resort, when nothing else works.
Reinstallation is hardly ever a good choice when you have a virus
infection. There are several good anti-virus programs that should be
able to remove your infection far more simply than reinstalling.

Thank you for the response.

Yes, I have run several anti-virus/spyware programs already (AVG
Internet Security 2011, Malwarebytes, SuperAntispyware and Spyware
Terminator). They all found spywares except AVG and all infected items
have been deleted. I did it twice and both times were done while at
Safe Mode.

When I said 'slow', I mean the response of my clicks on any programs.
It took a long time whenever I tried to open a program, even My
Computer or My Documents (at least 5-10 minutes). When I tried to open
My Documents, it gave me an error saying "a security threat, am I sure
want to open it". If I said yes, it'll open without any problem. I
scanned the folder with AVG 2011 and it didn't find any infections.

If I do a clean install, I know it will wipe the whole drive clean and
no previous infections will be installed. I know I will have to
reinstall all the programs/drivers, etc.

But if I restore my PC using the Backup I did from my external drive,
which includes "My Documents & Settings", I afraid whatever viruses I
might have would be back to my PC, am I correct? Since I don't really
know where do the virus(ex) reside since all infections supposedly
have been deleted, but my PC still has no improvement whatsoever. The
virus could have been resided in the Registry entries, which I afraid
of.

Any further comments/suggestions are much appreciated.

Thank you everyone.

 

[Ken Blake, MVP]

Thank you for the response.

You're welcome. Glad to help.

Yes, I have run several anti-virus/spyware programs already (AVG
Internet Security 2011,

Not a great choice, but not a terrible one, either.

Malwarebytes, SuperAntispyware

Both good choices.

and Spyware
Terminator). They all found spywares except AVG and all infected items
have been deleted. I did it twice and both times were done while at
Safe Mode.

When I said 'slow', I mean the response of my clicks on any programs.
It took a long time whenever I tried to open a program, even My
Computer or My Documents (at least 5-10 minutes).

OK, that *is* very slow.

When I tried to open
My Documents, it gave me an error saying "a security threat, am I sure
want to open it". If I said yes, it'll open without any problem. I
scanned the folder with AVG 2011 and it didn't find any infections.

Try running combofix. Go here:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

 

[Peter Foldes]

silkunicorn

Just sticking my nose in for a moment. Malwarebytes should not be run in Safe Mode.
It should be run when you are in Normal Mode since it works better and finds more
than running it in Safe Mode. This is by design and is stated as such by
Malwarebytes

--
Peter
Please Reply to Newsgroup for the benefit of others
Requests for assistance by email can not and will not be acknowledged.
This posting is provided "AS IS" with no warranties, and confers no rights.
http://www.microsoft.com/protect

 

[silkunicorn]

silkunicorn

Just sticking my nose in for a moment. Malwarebytes should not be run in Safe Mode.
It should be run when you are in Normal Mode since it works better and finds more
than running it in Safe Mode. This is by design and is stated as such by
Malwarebytes

--
Peter
Please Reply to Newsgroup for the benefit of others
Requests for assistance by email can not and will not be acknowledged.
This posting is provided "AS IS" with no warranties, and confers no rights.http://www.microsoft.com/protect

Peter, I did run Malwarebytes in Normal mode as well. Several months
ago, my friend's PC has a virus and when I scanned it with
Malwarebytes in Normal mode, it didn't find anything. But when I
scanned it in Safe Mode, it detected a virus and once I deleted it,
his PC was back to normal. That's why I have run Malwarebytes in both
Normal and Safe modes on and off since then.

Here's my latest update: I decided to go with the "Clean Install"
option and reinstall Windows XP. I was having problems getting on line
because even after I downloaded all drivers from the Dell disc that
came with my system, I still not able to detect my Broadband
connection. So I went to Dell "Drivers and Downloads" website and
download those drivers that I think I will need, including the
"graphic" and the "Broadband". Now my PC is running normally and am
still re-installing all the softwares. Though it's a lot of work, at
least I know I have a clean PC.

Thank you to everyone for your suggestions/comments.

 

[glee]

Peter, I did run Malwarebytes in Normal mode as well. Several months
ago, my friend's PC has a virus and when I scanned it with
Malwarebytes in Normal mode, it didn't find anything. But when I
scanned it in Safe Mode, it detected a virus and once I deleted it,
his PC was back to normal. That's why I have run Malwarebytes in both
Normal and Safe modes on and off since then.
snip

There are situations when running RKILL or other utilities will not be
successful in stopping malware processes so that MBAM can run in normal
mode, and I have started in Safe Mode in order to run MBAM to remove the
most troublesome modules of the malware. Then MBAM can be run
successfully in normal mode (Full Scan) to remove the remaining pieces.