post infection review

Posted on 2012-09-17
Last Modified: 2013-11-22
Are there any specific best practices on actions to take on a PC after you know it got infected with malware/trojan? At both a user and system level.

I saw some mention of checking registry and config of browser, how and why. And anything above and beyond?

I scanned the system using malwarebytes and ESET online scanner and both coming up clean.
Question by:pma111
    LVL 4

    Accepted Solution

    Personally, I backup any personal documents and whatnot, format, and do a clean OS install any time I run across a known previously infected PC.  It may or may not be overkill, but for the time it takes it is, in my mind, well worth the peace of mind.  Since most individuals don't do so regularly anyway, I find that it ends up being a good thing more often than not simply to get rid of the other bloating that has occurred as programs have been installed and never used again.  Users tend to appreciate the extra responsiveness and new-ish feel of the PC after as well.
    LVL 28

    Assisted Solution

    Typically unless the infection is massive, I assume a clean report on MWB and your AV solution means it's OK. Secondary to that, I caution users to report any continued weirdnesses that are new to the computer. If they continue to appear, I would try and address each one depending on what the symptoms are and barring being able to do that, I would save the users' data and reload Windows.

    if the infection is really massive, I'll use something like MWB to get the system back to a "stable" state and then save data and wipe and reload.
    LVL 3

    Author Comment

    I assume you need the original windows cd to reinstall a fresh os? This is windows 7
    LVL 1

    Assisted Solution

    You can re-create the MBR and the Boot.ini file. Just in case a creepy crawler is hiding or corrupted those boot system files.
    LVL 28

    Expert Comment

    Depending on the manufacturer of the PC or if you did it white-box the answer is perhaps. Most vendors like HP or Dell will either include a vendor OEM disk for Windows or may have a recover partition built into the disk. You may also have the option of creating a CD/DVD from the recover partition if you don't have a disk.  Otherwise, yes, you need a CD/DVD to do the reinstall.   The other expert is also right in that if you don't do a complete wipe and reformat, files may be hiding.
    LVL 10

    Assisted Solution

    This is my personal Best Practice

    1. Immediately isolate the machine from the domain

    2. backup all files

    3. format and reload machine

    4. scan all files on another machine

    5. install antivirus on new machine

    6. restore files

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Do You Know the 4 Main Threat Actor Types?

    Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

    Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
    Envision that you are chipping away at another e-business site with a team of pundit developers and designers. Everything seems, by all accounts, to be going easily.
    Migrating to Microsoft Office 365 is becoming increasingly popular for organizations both large and small. If you have made the leap to Microsoft’s cloud platform, you know that you will need to create a corporate email signature for your Office 365…
    Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    20 Experts available now in Live!

    Get 1:1 Help Now