HolidayBuyer's Guide

Computer Newbies forum

General discussion

After the fact virus protection...

by mykietown / October 10, 2005 3:29 AM PDT

Hi-

My laptop just got infected with spyware/virus. Is it too late to back up my files and re-ghosting the machine? If I transfer the files to an external drive, am I at risk of taking the virus with it? Can I do anything to prevent that?

Discussion is locked
You are posting a reply to: After the fact virus protection...
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: After the fact virus protection...
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Probably not too late
by El Alquimista / October 10, 2005 4:27 AM PDT

While it is best to catch such problems before they get into your computer, you may be able to remove them now. You need to run a suite of programs that may remove the malware, and you may well have several.

You didn't say what protection, if any, you are now using. There are a number of free programs available that do an excellent job. For antivirus, I have used Avast and AVG. For adware and spyware removal, I use three; Microsoft Antispyware (beta), Ad-Aware SE, and Spybot Search & Destroy. These are all highly recommended by the experts. Of course, you must keep their definitions files up to date with regular, preferably automatic, downloads.

You can also do free online scans for viruses, spyware, and browser hijackers at the Home and Home Office section of

http://www.trendmicro.com/home/default.asp

I would do this in addition to use of the above resident programs.

Once you are free of malware, run security programs in real-time protective mode, and aslo scan with all of them on a regular schedule. You also need a good backup schedule, particularly for your data, to prevent loss in case of any system failure, not just malware.

Hope this helps

Frank

Collapse -
ok but...
by mykietown / October 10, 2005 5:24 AM PDT
In reply to: Probably not too late

Would it be worth it to re-ghost the laptop completely so that it would be a completely clean slate before using those anti-virus/ad-ware applications? I guess that's why I'm wondering if it would be safe to transfer my files to an external hard drive now, or if transferring my files to an external hard drive would mean taking the ad-ware/virus with it. Or am I being too anal about keeping a clean drive?

I do use Fprot and Adbot, but this one pop-up advertiser managed to sneak by. Scans detect the presence of the virus, but it says that it cannot be removed because the application is currently in use and cannot be removed.

Collapse -
...I mean...
by mykietown / October 10, 2005 5:26 AM PDT
In reply to: ok but...

correction, Spybot Seach & Destroy, not Adbot...

Thanks for the info!

Collapse -
Try Safe Mode...
by John.Wilkinson / October 10, 2005 6:19 AM PDT
In reply to: ...I mean...

Since it won't let your AV quarentine/remove the suspected virus, I'd suggest restarting your computer in Safe Mode (typically by pressing F8 during boot) and running your scans again from there. That should ensure that the malware isn't running at the time of the scan, and thus allow you to remove it properly/completely.

As far as backing up your hard drive now, it's debatable. Depending on what the virus is, where it's located, and what all you back up, you may end up taking a copy of it with you along with your backups. Personally, I'd keep you old backups, then make a new backup of your data on a seperate drive/disk. That way you have a recent copy of all your data in case something goes wrong while removing the pest. However, you still have your older, but clean copy, as a failsafe. After that, wipe out the virus by whatever means necessary, at which time you should be able to carry on as normal. If all goes well you can delete the newly-created, possibly-infected backup and create a new one that's up-to-date and virus-free.

Hope this helps,
John


P.S. If you need help removing the pest, let us know what the name of it is (if identified by your AV), what operating system you have (and if its updated), and what you've tried thus far. (The Virus forum would be best, but you'll find help here too.)

Collapse -
Yes, John is correct
by El Alquimista / October 10, 2005 8:54 AM PDT
In reply to: Try Safe Mode...

You should do your scanning in safe mode. I was in a hurry to go to a Dr. appointment, and forgot to tell you. You really should consider that to be standard procedure for malware scans.

Also, I forgot to tell you to get a good two-way firewall (the windows firewall protects only against incoming items). Popuper, for instance, can be used as a backdoor to your system. It could send information out, and the Windows firewall would not stop it. There are free versions of several good firewalls, including ZoneAlarm and Sygate. Most people I know use ZoneAlarm.

As for backing up prior to repair: Like John said, if you backup everything, as by a Ghost image, you will be backing up the virus also. Restoration would restore the virus and the decontamination would have been for naught. Personally, I would limit any backup to data -- that is least likely to contain a virus. However, if any documents use macros, there could be a virus there. I would do this for safety only, and not use it unless somethingwent drastically wrong during the decon. Then discard it and make a new, complete backup of the clean system.

If you repost in the Virus section, please include a link to this thread so that responders can see what preceeded. Really, since it started here, I think it better to leave it here. Next virus problem, however sould be better there.

If you cannot eliminate popuper with the standard programs, I can tell you how to edit the registry. But running the suite will not have been in vain. I'll bet you find a dozen or more (perhaps many more other items that should be removed also.

Hope this helps

Frank

Collapse -
Ever heard of Xuron55?
by mykietown / October 10, 2005 10:58 AM PDT
In reply to: Yes, John is correct
Collapse -
Xuron55
by Stan Chambers / October 11, 2005 8:44 AM PDT
In reply to: Ever heard of Xuron55?

A Google search reveals that this may be a false positive in older versions of Spybot.
Download, install and update the latest version of Spybot, then re-scan in safe mode.

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

HOLIDAY GIFT GUIDE 2017

Cameras that make great holiday gifts

Let them start the new year with a step up in photo and video quality from a phone.