[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now


post infection review

Posted on 2012-09-17
Medium Priority
Last Modified: 2013-11-22
Are there any specific best practices on actions to take on a PC after you know it got infected with malware/trojan? At both a user and system level.

I saw some mention of checking registry and config of browser, how and why. And anything above and beyond?

I scanned the system using malwarebytes and ESET online scanner and both coming up clean.
Question by:pma111

Accepted Solution

DustinKikuchi earned 500 total points
ID: 38406131
Personally, I backup any personal documents and whatnot, format, and do a clean OS install any time I run across a known previously infected PC.  It may or may not be overkill, but for the time it takes it is, in my mind, well worth the peace of mind.  Since most individuals don't do so regularly anyway, I find that it ends up being a good thing more often than not simply to get rid of the other bloating that has occurred as programs have been installed and never used again.  Users tend to appreciate the extra responsiveness and new-ish feel of the PC after as well.
LVL 28

Assisted Solution

jhyiesla earned 500 total points
ID: 38406135
Typically unless the infection is massive, I assume a clean report on MWB and your AV solution means it's OK. Secondary to that, I caution users to report any continued weirdnesses that are new to the computer. If they continue to appear, I would try and address each one depending on what the symptoms are and barring being able to do that, I would save the users' data and reload Windows.

if the infection is really massive, I'll use something like MWB to get the system back to a "stable" state and then save data and wipe and reload.

Author Comment

ID: 38406163
I assume you need the original windows cd to reinstall a fresh os? This is windows 7
Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as the high-speed power of the cloud.


Assisted Solution

CompuHero earned 500 total points
ID: 38406168
You can re-create the MBR and the Boot.ini file. Just in case a creepy crawler is hiding or corrupted those boot system files.
LVL 28

Expert Comment

ID: 38406218
Depending on the manufacturer of the PC or if you did it white-box the answer is perhaps. Most vendors like HP or Dell will either include a vendor OEM disk for Windows or may have a recover partition built into the disk. You may also have the option of creating a CD/DVD from the recover partition if you don't have a disk.  Otherwise, yes, you need a CD/DVD to do the reinstall.   The other expert is also right in that if you don't do a complete wipe and reformat, files may be hiding.
LVL 10

Assisted Solution

chubby_informer earned 500 total points
ID: 38406595
This is my personal Best Practice

1. Immediately isolate the machine from the domain

2. backup all files

3. format and reload machine

4. scan all files on another machine

5. install antivirus on new machine

6. restore files

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
Envision that you are chipping away at another e-business site with a team of pundit developers and designers. Everything seems, by all accounts, to be going easily.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Suggested Courses

873 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question