Question

New OS or resetting PC?

Hi.

To make sure to get rid of all spyware, would I need to reinstall the OS on my PC or?
I read this would not erase all as some drives remain intact.
Linux would be a good option?

What is my best option to get rid of all spyware, assuming there is no keylogger in the hardware?

What can I do to

Discussion is locked

Follow
Reply to: New OS or resetting PC?
PLEASE NOTE: Do not post advertisements, offensive materials, profanity, or personal attacks. Please remember to be considerate of other members. If you are new to the CNET Forums, please read our CNET Forums FAQ. All submitted content is subject to our Terms of Use.
Reporting: New OS or resetting PC?
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Comments
- Collapse -
Clarification Request
WARNING. ANY DRIVE ATTACHED

Will remain at risk of being erased. Yes there are articles and folk that write they should not be touched but here, in these forums folk have come back too many times to ask how to get their files back.

It there are attached drives, you can't be sure they won't be touched.

Furthermore, Backup copies are not optional today. It appears to be true you can't teach folk to backup. They have to learn it first hand.

So, if you want, start with a blank drive and use the PC's restore media for a fresh start. That's the cleanest approach that does assure the wipe out of almost all spyware.

Now if you install some Facebook app, isn't that spyware?

- Collapse -
I think we have to broach what is Spyware?

It's debated whether the OSes are now spyware as they report what you are doing. Windows has a lot more reporting systems plus you can use an email login which reports when you logged onto the OS.

Many Cloud apps leak information as well and that could be called spyware.

What level of spying is acceptable is up to you.

- Collapse -
I'd

think that the kind of spyware you talk of should not pose a problem for me.

And, I need not save any data.

- Collapse -
restore media and no worry for other drives being erased

I dont even understand the drive thing. How many drives should there be?

I do not have anything of value on the PC so I need nothing on it. Having this info, what is best to do?

I googled restore media and was confused. Is this the same as resetting the PC?

FB and I have parted ways a while back.

Thanks

- Collapse -
Understanding the drive thing.

In short: ANY DRIVE CONNECTED TO A PC COULD BE ERASED DURING OS INSTALLATION. (or factory restore, reset, etc.)

Proof? Too many on the web and here asking how to get their files back.

- Collapse -
oh

You meant start with a blank drive and restore old stuff.
Do I get a blank drive by resetting or reinstalling OS?

- Collapse -
Answer
Re: spyware

Reinstall (which isn't exactly the same as reset) the OS would be fine, but don't forget to make new user accounts also, just in case the old ones stay and the spyware is hidden there.

Spying from inside a browser via some add-on works the same in Linux. So that's not a 100% solution.

- Collapse -
So

So reinstalling a new OS is better than resetting PC?
I have Win 10 now.
If I installed Linux it would offer a new account and I make one?

You mean that when I click on a add on in a browser whilst using linux I can get infected, as no OS i invulnerable?

Thanks!

- Collapse -
Re: reinstall

I think that depends on what you mean with reinstall or reset. I would only call it a reinstall if I blanked the drive during the process, while a reset is something done by Windows and has some options to save things.

But remember there are people that call Windows itself spyware. And member JJ says that even Ubuntu spies in https://www.cnet.com/forums/post/4ffbc9a0-cebd-4e44-b423-2d90f9449576/

Linux uses a wholly different filesystem, so wholly different accounts.

Post was last edited on July 26, 2018 8:44 AM PDT

- Collapse -
blank drive and erase all drives

And how do i blank the drive and reinstall a new OS(Linux?)

If this is the most effective method?
Can I additionally erase all drives?

Ty

- Collapse -
The easiest and best community supported linux...
- Collapse -
Answer
What is it you're trying to accomplish?

I don't understand why you're wanting to reset your computer. What has happened that makes you think you need to do that?

Just to verify. You have no files you want to save? No pictures? No music? No documents you typed up that you need to keep a copy of for your records?

The types of questions you're asking imply that you don't have a lot of experience maintaining computers. What kind of spyware are you worried about? Is there something specific?

Resetting is essentially the same as wiping your hard drive and installing a fresh copy of Windows. Technically, reinstalling could include the act of reinstalling Windows on top of an existing installation without first removing all the files. Occasionally, this will straighten something out. But, most of the time, whatever was causing the original problem will survive the installation and continue to cause problems. So, most of the time, when someone says "reinstall" what they're suggesting is either resetting or wiping your drive and installing from external media.

If literally all you do is surf with your computer, then Linux might be a viable alternative. Linux is good if you do almost nothing with your computer, or if you're a hard core nerd who likes digging into the guts to fix stuff. Trying to get it to work with some devices like printers, a NAS, some cameras can be a major hassle. If none of those apply to you, then Linux might be a good choice.

There are very, very few viruses that install themselves so deeply into the hardware that they can survive a reset/wipe+install. That tends to be so specific to a small subset of hardware configurations that it's not a viable source of income for the virus writer. They want their software to run on as many machines as possible, not severely limit the machines it will run on.

- Collapse -
I agree (mostly)

I was in the middle of writing a reply in a similar vein to MightyDrakeC. You don't tell us why you want to do this or whether you suspect you have become infected with spyware. Nor do you give any details of the machine in question. And where you replied to Bob that "I dont even understand the drive thing. How many drives should there be?", it suggests you aren't very familiar with this sort of PC maintenance. If you embark on this clean-up,I would strongly suggest that you enlist the aid of a more experienced friend or colleague to help and mentor how to do these things safely. This is normal when you are new to the game - we were all there sometime.

I would echo MightyDrakeC's advice that you make a full backup of your existing system and all the data - I know you said that there was nothing of value on it but after you have wiped everything is not a good time to remember that one address or photograph you don't have anywhere else.

Make sure you have all your Factory Reset Media, all your original installation media for the system and applications AND all the product keys.

Delete and secure erase all your internal disk partitions - NOTE - except the factory restore partition if that's the only medium that was supplied.

Restore the factory settings or your original operating system DVD, offline preferably.

Install your anti-virus and security packages.

Go online and install all the operating system patches.

Make any adjustments you need to your partition configuration.

Install all the applications you want to use in future and all the patches associated with them.

You should have a clean system now. I've not given any detail here deliberately - if you don't know how to do this, enlist somebody to help or consider having your local PC maintenance shop do it for you.

A few words about Linux and this is where the "mostly" in the subject line comes in. Linux is a perfectly adequate substitute for Windows for almost everything but, and a big BUT, it is NOT Windows - there is a learning curve - the file system is completely different, the utilities, while providing similar functionality to Windows, have different subcommands, etc. LibreOffice does offer similar facilities to MS Office but the menus and some features, especially macros, are different. Some hardware, particularly scanners are not well supported and some hardware manufacturers do not provide Linux drivers, though open source alternatives can be found for most devices. Some software isn't compatible, Acrobat Professional, for example. And there is not the same choice of games for the platform. The transition is fairly straightforward but will take some time adjusting.

The Linux fora are particularly helpful. Linux is very stable and no longer will you be plagued with forced updates of routine reboots for most updates. Linux is inherently more secure than Windows because it was originally designed as a multi-user online system, rather than a single user standalone workstation (think Windows 95) and the relatively low market penetration makes it less attractive to the hackers, who see their time better spent going after the much larger Windows marketplace.

Be aware also that there is no one Linux; the kernel is common but there are many different distributions (distros) and desktops. Linux Mint with the Cinnamon desktop is very similar to Windows in "look and feel" but my personal preference is OpenSUSE Leap with the default KDE desktop, which is based on the commercial SUSE Linux Enterprise system, so it is very stable.

If you are interested, my Windows systems stop at Windows 7; I will not go to Windows 10 because of the MS tracking (which I regard as spyware, even with everything I can turned off) and the mess that ir updates and feature upgrades. My primary machine is OpenSUSE and the others will migrate to it when Windows 7 is no longer supported in 2020.

- Collapse -
Thanks guys!

Thank you so much for the elaborate reply.
I really appreciate it, you and MightyDrakeC both.

I can't get into detail as I am out of strength now and just need to make sure nothing is on my PC.

I understand I need to wipe the drive and install from external media now.
I dont even have a clean PC I could download linux from and then transfer via USB.

Unfortunately, I dont have a local store to go to.. And no one I can remember now that could help me with this...

A factory reset would not cover all..
And I guess there is nothing else I can do to ensure there are no viruses other than what you said.

Thanks again, guys!


Take care

- Collapse -
Why do you think you have a virus?

You still haven't described any symptoms that explain why you think you have spyware or a virus. What is happening?

Also, you state that "A factory reset would not cover all." Why do you say that? That actually would treat the vast majority of malware infestations.

But, why are you so eager to reset/reinstall?

- Collapse -
There are alternatives to resetting

I have successfully cleaned viruses from a couple of friends' computers by visiting the the Bleeping Computer virus removal forum.

They walk you through step by step. Just follow it cookbook style. It's usually at least a dozen back and forth messages. They'll tell you what to download and run. You'll upload the logs to them. Partway through, you'll think you're done. But, if they tell you there's more, then keep going. You can probably get a few exchanges in per day, so it'll take a few days to a week to complete.

So, you can reset/reinstall, or you can go through the steps to clean out the virus. Up to you to decide which is more convenient.

- Collapse -
reset

Thank you!

Could you tell me what the difference between a reset and reinstall is in terms of how many viruses could survive?

Someone I do not trust had physical access to my PC. They are capable of putting something on it and would do so.

I guess a reset to factory settings is best. There could always be something in the hardware but I can only do a reset.

I once read ways to infect a PC could be discovered by checking background processes, ports open(I assume enabled by the firewall) and tcp ports.
A reset should have me covered for this?

Thanks again!
This forum is wonderful.

- Collapse -
You're probably safe with a reset

Ah. Disappointing that you know a person who you distrust like that.

The vast majority of people who would put a keylogger or something similar on your machine are just installing a program. Those kinds of programs will be wiped out by a reset. To survive a reset, he/she/it would have to be pretty dialed in to the hacker community in order to have access to the tools and knowledge necessary to install bogus firmware. Does that describe this person?

From a virus standpoint, there's no difference between a reset vs a reinstall. I can come up with very obscure situations where it would be a problem. But, they're not very likely.

As for checking processes and ports, that can be done, but it's tedious and would require a lot of research. I consider myself a hard core geek and I wouldn't feel comfortable doing it myself. If you want to go that route, I would strongly urge you to go to the Bleeping Computers forum I pointed you at. They have experience cleaning hundreds, maybe thousands of computers.

The two times I've had a virus on my machines, I did a reset/reformat. I'm fully backed up, so, that was the easiest and safest. On a couple of friends' computers, it wasn't convenient to copy their stuff off, so I used Bleeping Computers. Other friends, I backed their stuff up and reset their computers.

In your case, if you are absolutely certain that you don't have any pictures, music or documents that you care about, then I would recommend a reset. If there might be stuff you want to keep and you're not sure where it's located, then use Bleeping Computers.

- Collapse -
ports

I'm not sure if they have such skills.

A reset wouldn't do much if someone opened any kind of port, firewall or tcp?
Is this also hard to do skill wise?

I do not have anything I need to save.

Sorry for all the additional questions.

Thank you..

- Collapse -
Terminology

"Opening ports" is a very specific security issue that has a couple of different facets.

You have ports in your software firewall. That would be your anti-virus or Windows Defender. That uses the OS on your computer to limit how programs communicate with other computers across the Internet.

You also have ports in your router, often referred to as a hardware firewall. That limits how computers inside your network talk with other computers on the Internet.

If you do a reset/reinstall, then you're resetting your software firewall, which will go back to its default state, with standard ports open and all the others closed. (Ex: The standard port for http, web pages, is port 80. That's basically always left open. There are similar standard port for email, secure connections to email servers, etc.) The programs using the unusual ports will be gone. You'll be safe at that point.

Doing a reset won't affect the ports on the router. Did he have access to your internal network, where he could have changed the settings on your router? (I always change the default login details of my routers.) If he wasn't logged into your network, then the ports should be in their default state. If he did, it's still probably not a big deal, because the programs using those ports will get wiped out. Unless he has found a Windows exploit that relies on a particular port being open. Again, him doing that requires that he be a pretty active hacker. Because those exploits get fixed all the time and he'd have to keep up on the latest.

So, again, unless this person is a pretty seriously dedicated hacker, a reset is very likely all you need.

TCP is part of the standard Internet transport protocol, TCP/IP. Basically, you need that for your computer to work on the Internet, at all. So, there are no specific security implications with "TCP."

- Collapse -
Thank you so much

I see.
He did have access to my network.
I did change the default router PW.
When I reset the router the PW goes back to default, but it does not ask me for my credentials, it automatically connects to the internet. I assume this is just the way the provider made it as I did reset. I pressed the small reset button and held it for about 15s and the lights turned off.

Reset PC it is.
How do I do this on an acer notebook? I think there are similar options so I dont get confused.
Should I reset PC first then router or?

- Collapse -
Router credentials and reset

When I was talking about router credentials, I meant credentials for the router's administration page. Most people leave that password at the default. With most ISP-provided routers, the password is written right on the router, so anyone can log in as an admin and make changes. Resetting that back to factory conditions will close all the open ports. At that point, you can use the password on the router to log in, and then you can change the password like I do, if you want.

Albeit, if the person still has physical access to the router, they can reset it to factory default, again. Then, they can make the changes they want. Chances are you won't notice, because few people log into their router very often. Hopefully, this person doesn't have regular physical access to your equipment.

And, once again, the need to open ports is fairly sophisticated hacking. You haven't told us if this person is an Evil Computer Mastermind, bent on your destruction. In the vast majority of cases, this is not something you need to worry about.

Anyway, it sounds like you have already reset the router, by holding that button down. You might want to make sure that the button you pushed really was a reset button. Used to be, routers had a button situated where one would expect a reset button. But it was really an enable/disable button. I have no idea why they felt that was necessary. It caused me confusion, one day. Is the button you pushed actually labeled "Reset?"

As for connecting to the Internet, go ahead and leave that as-is. That's not what I was referring to.

As for resetting your Acer, each manufacturer is a little different. Just do a Google search for your model of computer.

Ex: acer 12345xyz factory reset

That should give you a link to the Acer site, where they'll have step-by-step instructions.

- Collapse -
ISP credentials

It was the reset button. I used a needle.
I meant my ISP credentials. I understand the username and PW for router. It did not ask for ISP credentials when I reset in order to establish an internet connection. It just connected automatically and the username and pw for router configuration page were set to default then.

- Collapse -
ISP cred

Do you maybe have an idea why the PC connected automatically to the internet w/o asking for ISP credentials after I reset the router?

I think the ISP made it so, but does that mean that it isn't truly reset? The router conf page PW and rest go back to default when I reset.

- Collapse -
Router defaults to easy

Routers today are designed to be easy to install.

Used to be, you had to manually set up a bunch of information on each computer. You had to manually set each device's IP address. Set the subnet. You had to tell each device the DNS. It was quite a hassle.

Today, that's all handled with DHCP. Once you connect to the network, either with a physical cable or through Wi-Fi, it all Just Works.

Most routers do have settings that require more work to get connected to the Internet. But, those all default to pass through. Few home users, or even most businesses, need those settings. For the vast majority of people, if you can connect to the network, you expect Internet to appear automagically. It's only in very specific circumstances where requiring extra logon info provides any real benefit. And, frankly, if the network administrator needs that, he's probably not doing it with an ISP-supplied modem+router. He'll have a dedicated gateway computer.

One assumption I've made with all of the above is that you're in the US. Pretty much all US ISPs behave like I described. I don't know the common practices of commercial ISPs, and especially not government run ISPs in other countries. I figure most of them do the same thing, because it greatly reduces tech support calls.

- Collapse -
Thank you!!!!

MightyDrakeC, once again, thank you.

I am not in the US, but I think it works the same way. I am in South Eastern Europe.

My router modem has been provided by my ISP who also is my phone company. It's an ADSL router modem.
I thought I might need my PPP username and PW(which I assume is the ISP credentials) when resetting it, but I did not. As I had read online that it would.

It seems it works the same as you described. The provider said it would not ask for one if I reset and also told me |I could not use a new modem router as the one they gave me was all set up or something. I did try (haha). Tho, the guy before him said I could buy a new one. I messed up the setup and could not get back to the wizard, but it seemed like the PPP PW they gave me didn';t work. Who knows..

As long as a reset entails all changes that could have been made to the router modem are gone, as my PW for the router page was set to default for a while and he has had and has access to my WiFi PW. (will use the ethernet and have enables isolation for wireless if I did so correctly).
Can you think of any way that a reset would not erase all, given the info I;ve provided you with?

Should I dc the modem router from PC, reset PC, then when PC is ''usable'' reset the modem router and change PW?
Does one usually need an internet connection when resetting a PC?

Thank you so so so so much.

- Collapse -
DSL password

I'm a little surprised your phone company chose to use passwords, but that's government for you.

Since your login info wasn't wiped, it sounds to me like you did not actually reset your modem. As I said, I have seen modems with a button right where I would expect a reset button to be. When I pushed it, the lights changed. But, it turned out not to be a reset button. It was an enable/disable button.

So, again, was the button you pushed actually labeled "Reset?" If it's not labeled at all, you can look up your modem model and look at a manual that will tell you the purpose of that button.

You can also use the manual to look at the Ports page in your admin screen and verify that it's all set to the default. In most routers, that will be blank. Some may list the standard ports, like 80 for http, etc. As long as everything is default, and once you reset your PC, you should be safe.

For the reset itself, it doesn't matter if your PC is connected to a network. Might as well just leave it connected, because after doing the reset, your PC is going to have to run through all the updates to get it back to current. So, it will need to be connected for that. I haven't done that with a Win 10 machine, lately, but it usually takes a couple of hours and multiple reboots. Keep going into "Check for Updates" even after you think you're finished. It'll download 108 updates and install those. It reboots. It gets back to the home screen. Then you go into "Check for Updates" again and there are a new set of 57 to download. So, keep going until you "Check for Updates" and it says you're up-to-date. Unfortunately, you do have to babysit it, because sometimes the major updates make you click an "Accept" box or two to continue. I usually surf on another machine or watch TV while I'm waiting for Windows to finish.

After all the updates, your first installation should be an anti-virus program. Then, I go to Ninite and install the common programs I like in one fell swoop.

- Collapse -
Indeed was the reset button

It is labelled reset.
My router config page username and PW were then set to default after reset. But it did not ask me for my ISP credentials when connecting to the internet.

So, I do not know if it was a true reset, or how one can really reset their router modem.
How do I check these ports? I dont have a manual, but I know how to access the router page.
And there being no ports would mean it was reset>

I dont want to leave the router PW set to default during the reset and updates. And Id like to reset it before connecting it to the PC during the updates.
Mission impossible.. (I dont have another device I trust I could use)
That is quite the while.
I am so exhausted. Happy Thank you sincerely.

- Collapse -
Not sure

I'm not sure. Maybe your ISP changed how they're authenticating your modem.

You can do a search on your router's model number to find a manual.

Or, you can just look at the port page on your router. Not sure how it will be labeled. Mine has a "Forwarding" menu entry, with a few sub-menus under that. Yours will probably be a little different.

But, mine shows blank in all of my sub-pages. I expect that will be true for most routers.

And, just to be thorough, another thing to check in your router pages is to make sure external admin access is disabled. As James Denison pointed out, if it is enabled, then your router is vulnerable as long as the admin password is still at its default.

I still think you're going to be safe after you reset your PC. Since you keep nothing valuable on your PC, there's just not much incentive for someone to put this much effort into hacking you.

As for changing the router password, if you really are concerned, the safest point to do it is probably immediately after the PC reset. Any keyloggers/etc will be wiped. That would be the safest time to change your Wi-Fi password, too. Actually, once you've change your Wi-Fi password, and external admin access is disabled, unless your bad guy has physical access to your equipment, you're about as safe as you can be.

- Collapse -
Change the default username and password

which often is "admin" and "admin" again. If you don't, then anyone who knows your IP address can use those to hack your router.

CNET Forums

Forum Info