Virus infection on a T60 ==> how best to reinstall WindowsXP? Can Isafely still use the special Win

S

ship

Also, he made another post
and I'm pretty sure there was no evidence his OS even had an infection;
that is, his AV program found suspect files in the the temp directory
and unopened e-mail attachments.

How can I discover *for sure* whether I have an actual infection or
whether
the above a just viruses that have been lying dormant (e.g. in emails)
and which have never
actually been exectuted?

Ship (OP)
 
S

ship

From carmel:
It has some information that might prove useful to you. You might be
interested in: DriverMax <http://www.innovative-sol.com/drivermax/>
also. It could save you a lot of time. Prior to running it, do insure
that you have the latest drivers installed.

Driver max sounds like it allows you to upload your current drivers
onto
their website and then download them again into your freshly formatted
computer.

But surely this is extremely dangerous in my case where I have been
infected, because a virus could burn itself into one of my drivers and
would then be unwittingly re-installed, no?

Ship
 
F

FromTheRafters

ship said:
How can I discover *for sure* whether I have an actual infection or
whether
the above a just viruses that have been lying dormant (e.g. in emails)
and which have never
actually been exectuted?

The fact that they reside in temp files is no guarantee that they don't
exist elsewhere as well.

You can attempt to fix your computer by using the various antimalware
programs available, but if you want to feel confident about the results
it is best to restore to factory specifications and rebuild from there.
My gut feeling, in view of how many things were reportedly found, is
that safe practices were not in place on this computer - all the more
reason to flatten and rebuild at this point.

The lying thief "The Real Truth MVP" (even its moniker is a lie) may be
right about the temp files. If you clear the temp files out, a
subsequent scan may come up clean. If you are happy with that as a
result, then so be it. Personally, I feel that you should familiarize
yourself with the use of the restore partition and getting the updates
installed.
 
S

ship

The fact that they reside in temp files is no guarantee that they don't
exist elsewhere as well.

You can attempt to fix your computer by using the various antimalware
programs available, but if you want to feel confident about the results
it is best to restore to factory specifications and rebuild from there.
My gut feeling, in view of how many things were reportedly found, is
that safe practices were not in place on this computer - all the more
reason to flatten and rebuild at this point.

The lying thief "The Real Truth MVP" (even its moniker is a lie) may be
right about the temp files. If you clear the temp files out, a
subsequent scan may come up clean. If you are happy with that as a
result, then so be it. Personally, I feel that you should familiarize
yourself with the use of the restore partition and getting the updates
installed.

Ok... one thing though - what is to stop a virus from infecting all
your
previous restore points? (not to mention the restore process
itself...)

I am certainly leaning toward a complete flatten plus rebuild.

(I remain nervous that reinstalling msWindowsXP may prove hard even
though I have a valid Product Key on the back... but shall probably
risk it anyhow!)

Ship
 
D

Daave

I really think you are worrying yourself needlessly, ship!

More comments inline.
Ok... one thing though - what is to stop a virus from infecting all
your
previous restore points? (not to mention the restore process
itself...)

If a person had an *actual* infection at one point in time (this is
_not_ the same thing as suspicious temp files and unopened e-mail
attachments), then using System Restore to go back to a point in time
when the infection was active would be a very bad thing to do! That is
why it is recommended to turn it off, then on again (this deletes all
the old restore points) once the infection is successfully removed. But
if you never had an infection, those points aren't necessarily
"infected." Still, it would be wise to clean house anyway (with regard
to System Restore).
I am certainly leaning toward a complete flatten plus rebuild.

It may very well not be necessary, but at least you would finally have
peace of mind. :)
(I remain nervous that reinstalling msWindowsXP may prove hard even
though I have a valid Product Key on the back... but shall probably
risk it anyhow!)

It depends on the method you use. If you use the hidden recovery
partition, there might not even be a need to enter a Product Key (I know
Dells work that way). If you obtain a generic OEM XP Pro installation
CD, then your Product Key from the COA sticker *will* work. If for some
reason, automatic activation over the Internet doesn't occur, simply
follow the prompts for telephone activation.

I'm sure your recovery partition is fine. I doubt very much that the
malware writers were targetting *your* particular make and model of PC!
If you're truly that paranoid, take out the hard drive and obliterate it
and purchase a new one. :) (Then again, you might start worrying about
your CMOS chip being infected... :) )

But seriously, stop being so nervous!
 
E

Elmo

ship said:
Ok... one thing though - what is to stop a virus from infecting all
your
previous restore points? (not to mention the restore process
itself...)

Most a/v software checks the restore point files for malware and deletes
infected dates.
I am certainly leaning toward a complete flatten plus rebuild.

(I remain nervous that reinstalling WindowsXP may prove hard even
though I have a valid Product Key on the back... but shall probably
risk it anyhow!)

Just disinfect, check with other software listed below, and trust that
the malware was removed by the software designed to remove it.

Malwarebytes© Corporation
http://www.malwarebytes.org/mbam/program/mbam-setup.exe

SuperAntispyware
http://www.superantispyware.com/superantispywarefreevspro.html
 
D

David H. Lipman

From: "ship" <[email protected]>

| From carmel:
| Driver max sounds like it allows you to upload your current drivers
| onto
| their website and then download them again into your freshly formatted
| computer.

| But surely this is extremely dangerous in my case where I have been
| infected, because a virus could burn itself into one of my drivers and
| would then be unwittingly re-installed, no?

| Ship

What viruses ?

NONE were viruses in your log excerpts !

Therefore -- NO!
 
F

FromTheRafters

FTR said [some stuff]

[...]
You can attempt to fix your computer by using the various antimalware
programs available, but if you want to feel confident about the
results
it is best to restore to factory specifications and rebuild from
there.
My gut feeling, in view of how many things were reportedly found, is
that safe practices were not in place on this computer - all the more
reason to flatten and rebuild at this point.
[...]

Personally, I feel that you should familiarize yourself
with the use of the restore partition and getting the
updates installed.

....and then you - "ship" said...

Ok... one thing though - what is to stop a virus from infecting all
your previous restore points? ...

***
Don't confuse "Restore Points" with the EISA restore partition. These
are totally different things.
***

.... (not to mention the restore process itself...)

***
This is known to have happened (not infection specifically, but
interference nonetheless).
***

I am certainly leaning toward a complete flatten plus rebuild.

(I remain nervous that reinstalling msWindowsXP may prove hard even
though I have a valid Product Key on the back... but shall probably
risk it anyhow!)

[...]

***
After several attempts to install and dual boot Linux/Windows XP on this
laptop, I finally gave up. I figured I'd just use an XP Pro CD that I
had to reinstall XP. I discovered the "Access IBM" button brought up the
option to restore from the hidden partition.

Easy as falling off a log - as they say.

Afterward, to avoid having to go through the update process (service
packs) in the future, I imaged the harddrive (with MaxBlast - powered by
Acronis) so I could recover more easily the next time. I *still* have
the EISA partition intact even though I probably won't need to use it
again.
***
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top