Windows 8 and 8.1 Forums


How effective is the full reset?

  1. #1


    Posts : 8
    Windows 8

    How effective is the full reset?


    After having been hit on two different computers with W8, I have done full resets and come out clean... or so it seems.

    Now I learn that the full resets are not 100% effective. Is it possible that it's totally effective with some malware, but not other?

    Thanks!

      My System SpecsSystem Spec

  2. #2


    Posts : 1,875
    Windows 10 Pro Prieview x64


    What do Windows 8 Refresh and Reset my PC really do? - Super User

    • The PC boots into the Windows Recovery Environment (Windows RE).
    • Windows RE erases and formats the hard drive partitions on which Windows and personal data reside.
    • Windows RE installs a fresh copy of Windows.
    • The PC restarts into the newly installed copy of Windows.
    So assuming your recovery partition was not infected (if you use that not install media) then it should be OK. It might be more convenient to make an image of your whole drive (with all your partitions, programs etc) before getting the virus so you can wipe (and zero) the drive and re-install that. You could use something like Macrium Reflect FREE Edition - Information and download
      My System SpecsSystem Spec

  3. #3


    The malware you have to worry about surviving a reinstall is the rootkit. It writes a hidden boot partition that usually does not show up on Windows disk management. In a case like that, you may wish to consider wiping the whole drive if you want to make a truly clean start.

    It will show up if you use a bootable partition manager, such as GParted. It is usually found at the end of the drive, as a hidden partition, 1 - 10 MB in size (depending on the variant). Since the partition is hidden & registered as the boot partition, it will always run before the OS starts, thereby insuring full control over the OS.

    Or you can run TDSSKiller to see if you are infected. TDSSKiller is generally able to fix these.

    GParted -- A free application for graphically managing disk device partitions

    TDSSKiller Download
    Last edited by Borg 386; 17 Jun 2014 at 08:23.
      My System SpecsSystem Spec

  4. #4


    Posts : 8
    Windows 8


    Quote Originally Posted by adamf View Post
    What do Windows 8 Refresh and Reset my PC really do? - Super User

    • The PC boots into the Windows Recovery Environment (Windows RE).
    • Windows RE erases and formats the hard drive partitions on which Windows and personal data reside.
    • Windows RE installs a fresh copy of Windows.
    • The PC restarts into the newly installed copy of Windows.
    So assuming your recovery partition was not infected (if you use that not install media) then it should be OK. It might be more convenient to make an image of your whole drive (with all your partitions, programs etc) before getting the virus so you can wipe (and zero) the drive and re-install that. You could use something like Macrium Reflect FREE Edition - Information and download
    The above sounds like Greek to me, but I think I can get a pristine version somewhere. I've been proactive since nothing's wrong but then I'll know my options. Could a virus that survived be dormant?
      My System SpecsSystem Spec

  5. #5


    Posts : 8
    Windows 8


    Quote Originally Posted by Borg 386 View Post
    The malware you have to worry about surviving a reinstall is the rootkit. It writes a hidden boot partition that usually does not show up on Windows disk management. In a case like that, you may wish to consider wiping the whole drive if you want to make a truly clean start.
    Is there a way to know if I have any rootkit?

    OK, I went around doing my homework and this is what I found:

    Microsoft Malware Protection Center - Rootkits

    They hit my bank account this month, but I took new precautions. The Windows machine is for fun, the money stuff... I go to Chromebook.
    Last edited by Tibetan Monkey; 17 Jun 2014 at 09:51.
      My System SpecsSystem Spec

  6. #6


    Using the above mentioned GParted will show you if it's there. Since it's a Boot Partition Manager, it runs before the OS. Any sector that is set to hidden & boot is highly suspect. That's one good way to know. There are rootkit scanners, such as TDSSKiller (which is very good at detecting them & constantly being updated), but if the scanner fails to detect a new variant rootkit, it'll still be there & it'll be reported as clean.

    That's why if I have any doubt I use GParted to have a closer look see.

    There are various rootkit scanners out there, and several AV's & Malware scanners now have them built in & part of the scanning process. However, not one thing gets everything 100% of the time.

    You just have to keep your eye out for suspicious behavior. If your PC starts acting up one day when it didn't have a problem yesterday, it's probably caught something.
      My System SpecsSystem Spec

  7. #7


    Posts : 8
    Windows 8


    Quote Originally Posted by Borg 386 View Post
    Using the above mentioned GParted will show you if it's there. Since it's a Boot Partition Manager, it runs before the OS. Any sector that is set to hidden & boot is highly suspect. That's one good way to know. There are rootkit scanners, such as TDSSKiller (which is very good at detecting them & constantly being updated), but if the scanner fails to detect a new variant rootkit, it'll still be there & it'll be reported as clean.
    Let me get this straight. I buy a Windows machine and nowhere it says that I should make a mirror image of it. So assume I have rootkits that are immune to most everything, is there a way to get a clean original from Microsoft?

    Did I fall into a trap product of my own ignorance?
      My System SpecsSystem Spec

  8. #8


    Posts : 8
    Windows 8


    Quote Originally Posted by Tibetan Monkey View Post
    Quote Originally Posted by Borg 386 View Post
    Using the above mentioned GParted will show you if it's there. Since it's a Boot Partition Manager, it runs before the OS. Any sector that is set to hidden & boot is highly suspect. That's one good way to know. There are rootkit scanners, such as TDSSKiller (which is very good at detecting them & constantly being updated), but if the scanner fails to detect a new variant rootkit, it'll still be there & it'll be reported as clean.
    Let me get this straight. I buy a Windows machine and nowhere it says that I should make a mirror image of it. So assume I have rootkits that are immune to most everything, is there a way to get a clean original from Microsoft?

    Did I fall into a trap product of my own ignorance?
    I guess I could...

    The first answer below seems to provide plenty of good advice --not provided my MS.

    Now, at the time of a confirmed infection, take the following steps:


    1. Check your credit and bank accounts. By the time you find out about the infection, real damage may have already been done. Take any steps necessary to secure your cards, bank account, and identity. Change passwords at any web site you accessed from the compromised computer. Do not use the compromised computer to do any of this.


    windows - How do I get rid of malicious spyware, malware, viruses or rootkits from my PC? - Super User

    ***

    Lucky me I followed my own gut instinct and did just that. The guy recommends to stop fighting the rootkits and use the mirror image you created before. I didn't create anything so my machine may be compromised and I'm using another computer to take care of business.

    Something extremely weird that may show that I've been attacked with the equivalent of a nuke. Last night I was peeking into the compromised Email, with a Chromebook, last thing before going to sleep. This morning the Chromebook was down. The manufacturer quickly provided me with a download and was up and running again, with my OS intact. It seems they may have nuked me after noticing they couldn't infect me. Or it may all have been coincidence.

    I may or may not back the money lost but many lessons have been learned.

    ***

    Sorry, what is this?
    Use System Image Backup

    What happened to Backup and Restore? - Windows Help
    Last edited by Tibetan Monkey; 17 Jun 2014 at 21:16.
      My System SpecsSystem Spec

  9. #9


    No, you didn't fall into a trap due to ignorance. While MS suggests you make backup files, making a system image is something that is left up to you.

    This is the tutorial on how to make a system image. Keep them on an external HDD & it's a good idea to keep 2 or 3 from different times in reserve in case you do make one that is infected by accident.

    System Image - Create in Windows 8

    Rootkits are not immune from wiping the entire HDD. If you do a reset without wiping the drive, then they could survive. If you want a truly fresh start, format the drive with a program like DBAN, reinstall windows & then make a system image. Here is a list of programs to wipe the drive.

    Five hard disk cleaning and erasing tools - TechRepublic

    Rootkits are not the only things that can steal your banking credentials. There are a plethora of malware programs out there designed to do just that without needing a rootkit.

    If you have a MS installation disk that came with the PC, you have a clean source, provided it's a genuine licensed Windows CD. If you need a disk, you can d/l it by following this tutorial.

    Windows 8 and Windows 8.1 ISO - Download or Create

    If you purchased Windows 8/8.1 and have a "retail" Windows 8/8.1 product key, then this tutorial will show you how to create or download an upgrade Windows 8 ISO or full Windows 8.1 Update ISO file.
    You will need to have your Windows 8 or 8.1 product key number from your retail box package OR online order information in the confirmation email for your purchase.
      My System SpecsSystem Spec

  10. #10


    Posts : 8
    Windows 8


    Quote Originally Posted by Borg 386 View Post
    If you have a MS installation disk that came with the PC, you have a clean source, provided it's a genuine licensed Windows CD. If you need a disk, you can d/l it by following this tutorial.

    Windows 8 and Windows 8.1 ISO - Download or Create

    If you purchased Windows 8/8.1 and have a "retail" Windows 8/8.1 product key, then this tutorial will show you how to create or download an upgrade Windows 8 ISO or full Windows 8.1 Update ISO file.
    You will need to have your Windows 8 or 8.1 product key number from your retail box package OR online order information in the confirmation email for your purchase.
    Sorry, that sounds like an actual solution!? (I'm jumping in joy!)

    Wait, I bought two computers with W8 but don't know anything about discs or product keys.
      My System SpecsSystem Spec

Page 1 of 2 12 LastLast
How effective is the full reset?
Related Threads
So I have been using ie 11 since coming to win 8, just not a google fan. But my concern is that sometimes when going to full screen mode I notice that on some sites screen will only go to full browser view rather than blowing out to all 4 corners of my screen. I rather like that, you can increase...
How to Reset Your Local User Account Password with Password Reset Disk in Windows 8 and 8.1 If you have previously created a password reset disk on a USB flash drive for your local user account in Windows 8, then this will show you how to use it to reset your password with a new password to be...
Hello all, I've been having a very annoying problem for quite a while now. When I play games or use any sort of full screen program, it refuse to stay in full screen and flickers to the desktop after a 10-30 minute period...I'm aware this is probably another program trying to take control, but I...
Hello all, I've been having a very annoying problem for quite a while now. When I play games or use any sort of full screen program, it refuse to stay in full screen and flickers to the desktop after a 10-30 minute period...I'm aware this is probably another program trying to take control,...
Hi all. I have a full windows 8.1 tablet (not RT), original and comes with Office too, (got the keys). The internal eMMc is 32GB so I learnt from windows that the recovery partition can be copied to a USB. So I did and windows asked, do I want to delete the recovery partition, so I deleted it to...
I upgraded my dv6 to Windows 8 and wasn't completely happy with the way it was running so I decided to do a full reset including all of my files. Its been going for a few hours now and only up to 32%. Just wanted to know if anyone else has done this and how long it took.
Source A Guy
Eight Forums Android App Eight Forums IOS App Follow us on Facebook