How effective is the full reset?

[Tibetan Monkey]

After having been hit on two different computers with W8, I have done full resets and come out clean... or so it seems.

Now I learn that the full resets are not 100% effective. Is it possible that it's totally effective with some malware, but not other?

Thanks!

 

[adamf]

What do Windows 8 Refresh and Reset my PC really do? - Super User

• The PC boots into the Windows Recovery Environment (Windows RE).
• Windows RE erases and formats the hard drive partitions on which Windows and personal data reside.
• Windows RE installs a fresh copy of Windows.
• The PC restarts into the newly installed copy of Windows.

So assuming your recovery partition was not infected (if you use that not install media) then it should be OK. It might be more convenient to make an image of your whole drive (with all your partitions, programs etc) before getting the virus so you can wipe (and zero) the drive and re-install that. You could use something like Macrium Reflect FREE Edition - Information and download

 

[Borg 386]

The malware you have to worry about surviving a reinstall is the rootkit. It writes a hidden boot partition that usually does not show up on Windows disk management. In a case like that, you may wish to consider wiping the whole drive if you want to make a truly clean start.

It will show up if you use a bootable partition manager, such as GParted. It is usually found at the end of the drive, as a hidden partition, 1 - 10 MB in size (depending on the variant). Since the partition is hidden & registered as the boot partition, it will always run before the OS starts, thereby insuring full control over the OS.

Or you can run TDSSKiller to see if you are infected. TDSSKiller is generally able to fix these.

GParted -- A free application for graphically managing disk device partitions

TDSSKiller Download

 

[Tibetan Monkey]

What do Windows 8 Refresh and Reset my PC really do? - Super User

• The PC boots into the Windows Recovery Environment (Windows RE).
• Windows RE erases and formats the hard drive partitions on which Windows and personal data reside.
• Windows RE installs a fresh copy of Windows.
• The PC restarts into the newly installed copy of Windows.

So assuming your recovery partition was not infected (if you use that not install media) then it should be OK. It might be more convenient to make an image of your whole drive (with all your partitions, programs etc) before getting the virus so you can wipe (and zero) the drive and re-install that. You could use something like Macrium Reflect FREE Edition - Information and download

The above sounds like Greek to me, but I think I can get a pristine version somewhere. I've been proactive since nothing's wrong but then I'll know my options. Could a virus that survived be dormant?

 

[Tibetan Monkey]

The malware you have to worry about surviving a reinstall is the rootkit. It writes a hidden boot partition that usually does not show up on Windows disk management. In a case like that, you may wish to consider wiping the whole drive if you want to make a truly clean start.

Is there a way to know if I have any rootkit?

OK, I went around doing my homework and this is what I found:

Microsoft Malware Protection Center - Rootkits

They hit my bank account this month, but I took new precautions. The Windows machine is for fun, the money stuff... I go to Chromebook.

 

[Borg 386]

Using the above mentioned GParted will show you if it's there. Since it's a Boot Partition Manager, it runs before the OS. Any sector that is set to hidden & boot is highly suspect. That's one good way to know. There are rootkit scanners, such as TDSSKiller (which is very good at detecting them & constantly being updated), but if the scanner fails to detect a new variant rootkit, it'll still be there & it'll be reported as clean.

That's why if I have any doubt I use GParted to have a closer look see.

There are various rootkit scanners out there, and several AV's & Malware scanners now have them built in & part of the scanning process. However, not one thing gets everything 100% of the time.

You just have to keep your eye out for suspicious behavior. If your PC starts acting up one day when it didn't have a problem yesterday, it's probably caught something.

 

[Tibetan Monkey]

Using the above mentioned GParted will show you if it's there. Since it's a Boot Partition Manager, it runs before the OS. Any sector that is set to hidden & boot is highly suspect. That's one good way to know. There are rootkit scanners, such as TDSSKiller (which is very good at detecting them & constantly being updated), but if the scanner fails to detect a new variant rootkit, it'll still be there & it'll be reported as clean.

Let me get this straight. I buy a Windows machine and nowhere it says that I should make a mirror image of it. So assume I have rootkits that are immune to most everything, is there a way to get a clean original from Microsoft?

Did I fall into a trap product of my own ignorance?

 

[Tibetan Monkey]

Using the above mentioned GParted will show you if it's there. Since it's a Boot Partition Manager, it runs before the OS. Any sector that is set to hidden & boot is highly suspect. That's one good way to know. There are rootkit scanners, such as TDSSKiller (which is very good at detecting them & constantly being updated), but if the scanner fails to detect a new variant rootkit, it'll still be there & it'll be reported as clean.

Let me get this straight. I buy a Windows machine and nowhere it says that I should make a mirror image of it. So assume I have rootkits that are immune to most everything, is there a way to get a clean original from Microsoft?

Did I fall into a trap product of my own ignorance?

I guess I could...

The first answer below seems to provide plenty of good advice --not provided my MS.

Now, at the time of a confirmed infection, take the following steps:

1. Check your credit and bank accounts. By the time you find out about the infection, real damage may have already been done. Take any steps necessary to secure your cards, bank account, and identity. Change passwords at any web site you accessed from the compromised computer. Do not use the compromised computer to do any of this.

windows - How do I get rid of malicious spyware, malware, viruses or rootkits from my PC? - Super User

***

Lucky me I followed my own gut instinct and did just that. The guy recommends to stop fighting the rootkits and use the mirror image you created before. I didn't create anything so my machine may be compromised and I'm using another computer to take care of business.

Something extremely weird that may show that I've been attacked with the equivalent of a nuke. Last night I was peeking into the compromised Email, with a Chromebook, last thing before going to sleep. This morning the Chromebook was down. The manufacturer quickly provided me with a download and was up and running again, with my OS intact. It seems they may have nuked me after noticing they couldn't infect me. Or it may all have been coincidence.

I may or may not back the money lost but many lessons have been learned.

***

Sorry, what is this?
Use System Image Backup

What happened to Backup and Restore? - Windows Help

 

[Borg 386]

No, you didn't fall into a trap due to ignorance. While MS suggests you make backup files, making a system image is something that is left up to you.

This is the tutorial on how to make a system image. Keep them on an external HDD & it's a good idea to keep 2 or 3 from different times in reserve in case you do make one that is infected by accident.

http://www.eightforums.com/tutorials/8956-system-image-create-windows-8-a.html

Rootkits are not immune from wiping the entire HDD. If you do a reset without wiping the drive, then they could survive. If you want a truly fresh start, format the drive with a program like DBAN, reinstall windows & then make a system image. Here is a list of programs to wipe the drive.

Five hard disk cleaning and erasing tools - TechRepublic

Rootkits are not the only things that can steal your banking credentials. There are a plethora of malware programs out there designed to do just that without needing a rootkit.

If you have a MS installation disk that came with the PC, you have a clean source, provided it's a genuine licensed Windows CD. If you need a disk, you can d/l it by following this tutorial.

http://www.eightforums.com/tutorials/18309-windows-8-windows-8-1-iso-download-create.html

If you purchased Windows 8/8.1 and have a "retail" Windows 8/8.1 product key, then this tutorial will show you how to create or download an upgrade Windows 8 ISO or full Windows 8.1 Update ISO file.

You will need to have your Windows 8 or 8.1 product key number from your retail box package OR online order information in the confirmation email for your purchase.

 

[Tibetan Monkey]

If you have a MS installation disk that came with the PC, you have a clean source, provided it's a genuine licensed Windows CD. If you need a disk, you can d/l it by following this tutorial.

http://www.eightforums.com/tutorials/18309-windows-8-windows-8-1-iso-download-create.html

If you purchased Windows 8/8.1 and have a "retail" Windows 8/8.1 product key, then this tutorial will show you how to create or download an upgrade Windows 8 ISO or full Windows 8.1 Update ISO file.

You will need to have your Windows 8 or 8.1 product key number from your retail box package OR online order information in the confirmation email for your purchase.

Sorry, that sounds like an actual solution!? (I'm jumping in joy!)

Wait, I bought two computers with W8 but don't know anything about discs or product keys.

 

[Borg 386]

This tutorial will show you how to find the keys:

http://www.eightforums.com/tutorials/27129-product-key-find-windows-8-a.html

 

[Tibetan Monkey]

This tutorial will show you how to find the keys:

http://www.eightforums.com/tutorials/27129-product-key-find-windows-8-a.html

So, just because I own a W8 computer within warranty I get a free download? Just want to make sure before I put my brain to it.

Thanks!

 

[Tibetan Monkey]

If you have a MS installation disk that came with the PC, you have a clean source, provided it's a genuine licensed Windows CD. If you need a disk, you can d/l it by following this tutorial.

http://www.eightforums.com/tutorials/18309-windows-8-windows-8-1-iso-download-create.html

If you purchased Windows 8/8.1 and have a "retail" Windows 8/8.1 product key, then this tutorial will show you how to create or download an upgrade Windows 8 ISO or full Windows 8.1 Update ISO file.

You will need to have your Windows 8 or 8.1 product key number from your retail box package OR online order information in the confirmation email for your purchase.

I have the product key from the computer now. No disc here but got another W8 computer with it.

I got the sequence confused. I d/l first to the disc then flashdrive then format it, then install it. Or something like that.

 

[Borg 386]

Anyone can d/l the Windows ISO file. But in order for it to work, you have to have a valid key

You have the options of installing it from the Flash Drive or from a CD. It would be a good idea to take the drive to a PC with a burner, burn it to a CD, write the key # on it & then put it in a safe place. That way you always have a clean source installation file. Since you mentioned you didn't have a CD drive, you'll be installing from a USB.

http://www.eightforums.com/tutorials/2227-create-bootable-usb-dvd-windows-8-iso.html

http://www.eightforums.com/tutorials/15458-uefi-bootable-usb-flash-drive-create-windows.html

 

[adamf]

burn it to a CD, write the key # on it & then put it in a safe place.

That will be a DVD. Sorry to be a pedant.

 

[Borg 386]

burn it to a CD, write the key # on it & then put it in a safe place.

That will be a DVD. Sorry to be a pedant.

Allright, allright....DVD. I have an excuse....I'm old LOL