post infection review

Are there any specific best practices on actions to take on a PC after you know it got infected with malware/trojan? At both a user and system level.

I saw some mention of checking registry and config of browser, how and why. And anything above and beyond?

I scanned the system using malwarebytes and ESET online scanner and both coming up clean.
LVL 3
pma111Asked:
Who is Participating?
 
DustinKikuchiConnect With a Mentor Commented:
Personally, I backup any personal documents and whatnot, format, and do a clean OS install any time I run across a known previously infected PC.  It may or may not be overkill, but for the time it takes it is, in my mind, well worth the peace of mind.  Since most individuals don't do so regularly anyway, I find that it ends up being a good thing more often than not simply to get rid of the other bloating that has occurred as programs have been installed and never used again.  Users tend to appreciate the extra responsiveness and new-ish feel of the PC after as well.
0
 
jhyieslaConnect With a Mentor Commented:
Typically unless the infection is massive, I assume a clean report on MWB and your AV solution means it's OK. Secondary to that, I caution users to report any continued weirdnesses that are new to the computer. If they continue to appear, I would try and address each one depending on what the symptoms are and barring being able to do that, I would save the users' data and reload Windows.

if the infection is really massive, I'll use something like MWB to get the system back to a "stable" state and then save data and wipe and reload.
0
 
pma111Author Commented:
I assume you need the original windows cd to reinstall a fresh os? This is windows 7
0
Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

 
CompuHeroConnect With a Mentor Commented:
You can re-create the MBR and the Boot.ini file. Just in case a creepy crawler is hiding or corrupted those boot system files.
0
 
jhyieslaCommented:
Depending on the manufacturer of the PC or if you did it white-box the answer is perhaps. Most vendors like HP or Dell will either include a vendor OEM disk for Windows or may have a recover partition built into the disk. You may also have the option of creating a CD/DVD from the recover partition if you don't have a disk.  Otherwise, yes, you need a CD/DVD to do the reinstall.   The other expert is also right in that if you don't do a complete wipe and reformat, files may be hiding.
0
 
chubby_informerConnect With a Mentor Commented:
This is my personal Best Practice

1. Immediately isolate the machine from the domain

2. backup all files

3. format and reload machine

4. scan all files on another machine

5. install antivirus on new machine

6. restore files
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.