Start Free TrialLog in
Avatar of dovidf
dovidfFlag for United States of America

asked on 

How do I safely clean up an infected computer

We have a computer that was behaving suspiciously.  We disconnected it from the network and from the internet and loaded Emsisoft and Malwarebytes offline versions.  Emsisoft found 2 instances of malware and 1 pup, which were supposedly quarantined.  We then ran Malwarebytes which, after a 55 hour run, found 10 instances: 3 of malware and 7 of pups.  Before we had a chance to quarantine the items, Malwarebytes completed the scan and moved the findings to a log without quarantining or deleting the items. Two questions:

  1. How should we go about cleaning the items Malwarebytes found?  Should we just navigate to the files and delete them?  Should we right click on them & do a Malwarebytes scan and allow Malwarebytes to deal with them?
  1. Once we have cleaned the Malwarebytes items, is there still room for concern and if so what should be done next?
Anti-Virus AppsAnti-Spyware* MalwarebytesSecurity
Avatar of undefined
Last Comment
dovidf
Avatar of David Johnson, CD
David Johnson, CD
Flag of Canada image
In industry if a machine is compromised then that machine can no longer be trusted.  Wipe and reinstall from known good backup.


A clean install is warrented. If you install Malwaarebytes then you should be able to go into its detection history  are you sure it didn't remove anything into the quarantine?

PUPS are potentially unwanted programs.  you might want to keep bongo bunny and exclude it
Avatar of Hello There
Hello There
Once you've been infected, reload the system. This is the safest thing you can do right now.
Avatar of Dr. Klahn
Dr. Klahn
I agree with the above.  Polymorphic viruses are exceedingly clever and can hide for months, then pop up for no apparent reason.

Back up any user files to an external drive.  Then erase the drive using a product such as Darik's Boot and Nuke.  This ensures that there is nowhere to hide and the infection cannot reload.

Reinstall Windows.  Bring it up to date.  Reinstall the application software.  Then make a full image backup of the system so that if this happens again, the reinstall can be accomplished rapidly.
Avatar of dovidf
dovidf
Flag of United States of America image

ASKER

The machine has legacy data and programs which I couldn't reproduce at this time. I can't afford to nuke it and lose that particular old Access application. I will keep the machine off the network so no other machines are affected and will simply run a certain program on it and copy a data file to it and copy a modified data file from it.
ASKER CERTIFIED SOLUTION
Avatar of Eirman
Eirman
Flag of Ireland image
Blurred text
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
Avatar of Immanuel Smith
Immanuel Smith
Flag of Trinidad and Tobago image
Another option, if you can, is to reinstall the computer and all of the software, and restore only configuration files and non executable data that has been scanned and cleaned.
Avatar of Eirman
Eirman
Flag of Ireland image
Have you tried the obvious ?

Go back to a restore point that predates the suspicious behaviour.
This will most likely provide a 100% quick fix.
Avatar of dovidf
dovidf
Flag of United States of America image

ASKER

Unfortunately although I have multiple restore points, I am not aware of any that predate the suspicious behavior
Security
Security

Security is the protection of information systems from theft or damage to the hardware, the software, and the information on them, as well as from disruption or misdirection of the services they provide. The main goal of security is protecting assets, and an asset is anything of value and worthy of protection. Information Security is a discipline of protecting information assets from threats through safeguards to achieve the objectives of confidentiality, integrity, and availability or CIA for short. On the other hand, disclosure, alteration, and disruption (DAD) compromise the security objectives.

32K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
Ask the experts

  • "Invaluable tool for our organization"

    Josh Regalski

  • "Your help has saved me hundreds of hours of internet surfing."

    @fblack61

  • "Just a dang good service!"

    @golferski

  • "Worth every penny."

    Steve Hougom

  • "It’s been a life saver."

    Maria Halt

  • "Best support site I’ve seen!"

    Bob Schneider

  • "I would be lost without them."

    @fblack61

  • "Saved my job multiple times."

    Walt Forbes

  • "I love this site."

    Maria Duwe

  • "Friendly respectful help."

    Andrew Kowtalo

  • "Such top-notch experts."

    @magento

  • "The best money I have ever spent."

    @rwheeler23

  • "Beyond any comprehensible value"

    George Morris

  • "Invaluable tool for our organization"

    Josh Regalski

Read over 600 more reviews

TRUSTED BY

IBM logoIntel logoMicrosoft logoUbisoft logoSAP logo
Qualcomm logoCitrix Systems logoWorkday logoErnst & Young logo
High performer badgeUsers love us badge
LinkedIn logoFacebook logoX logoInstagram logoTikTok logoYouTube logo
© 1996-2023 Experts Exchange, LLC. All rights reserved. Covered by US Patent