infections which can survive a reinstall of Windows

Haydon · Thursday at 9:47 AM

@merlin02131 BleepingComputer has their own tools and methods to help people, even if they have done nothing against the malware yet, there are no prerequisites when asking for help.

johnlgalt · Thursday at 11:13 AM

SlicEnDicE said:
Chip on anything that has a "brain" --> HDD, MB, GPU, Soundcard, Modem, Router...anything really...even your fridge, if it is internet connected.

This, 100% - if the infection is not on the local machine but on another machine that this local machine will access at some point - the infection has survived the clean install - and will survive every clean install until it is removed from every other device / neutered so it cannot propagate.

I realize this was not the scope of the original question asked by Hayden, but it clearly needs to be emphasized and discussed more thoroughly.

johnlgalt · Thursday at 11:20 AM

And adding to the above - file stores, backups and the like need to be scanned. Today's malware is not simple "Print hello world 100000 times on the screen' type scripts that SKs were writing 30 years ago. They are very sophisticated, and if you're worried enough about your machine as it is to get infected enough that you actually scan and maintain with AM products, you should be just as worried about your backups.

For example, a lot of ransomware are savvy enough to infect backups so you cannot use them to get rid of them in the first place. Even if you keep your backup drives disconnected, or on another physically separate machine, when you do connect it's easy enough for them to see the presence of a new drive and start infecting.

Haydon · Thursday at 11:21 AM

Well, infections are by definition transferrable, I think.

johnlgalt · Thursday at 11:22 AM

Transferable and trasmittable are not quite the same thing, though. And infections is the catchall for all types of malware....

merlin02131 · Thursday at 11:26 AM

.

johnlgalt said:
This, 100% - if the infection is not on the local machine but on another machine that this local machine will access at some point - the infection has survived the clean install - and will survive every clean install until it is removed from every other device / neutered so it cannot propagate.

I realize this was not the scope of the original question asked by Hayden, but it clearly needs to be emphasized and discussed more thoroughly.

Cannot agree more ! losing faith in verizon fast ! Wanted to set up the new router in bridge mode but FIOS squashed that as the CR1000 goes into bridge mode then tries to pick up an ip address that comes from another device hence killing the internet connection ( that ip address belongs to another device ) and somehow they have no fix for it forcing me back into regular mode. So on my network, i will trace out the router while the pc is off the network being re imaged via dvd disk looking for rogue devices ..! Was out there at bleeping computers this am and will go back when i have time after work - Thx !

merlin02131 · Thursday at 11:27 AM

johnlgalt said:
And adding to the above - file stores, backups and the like need to be scanned. Today's malware is not simple "Print hello world 100000 times on the screen' type scripts that SKs were writing 30 years ago. They are very sophisticated, and if you're worried enough about your machine as it is to get infected enough that you actually scan and maintain with AM products, you should be just as worried about your backups.

For example, a lot of ransomware are savvy enough to infect backups so you cannot use them to get rid of them in the first place. Even if you keep your backup drives disconnected, or on another physically separate machine, when you do connect it's easy enough for them to see the presence of a new drive and start infecting.

So true as I have found out ! Thx John !

Haydon · Thursday at 11:29 AM

johnlgalt said:
Transferable and trasmittable are not quite the same thing, though. And infections is the catchall for all types of malware....

Well, frankly, that's an inconsequential difference.

In any case, infections that spread are included in the scope of this thread, of course! If infections don't spread, it would not be a problem at all.

johnlgalt · Thursday at 11:37 AM

Not really. Deploying an infection through a remote means and the infection itself being coded to find other nodes and replicate are not the same thing, and both need to be considered.

The whole multi-layered (aka multi-tiered) approach to security is still a very real (and valid) methodology for truly keeping your safe.

Of course, you could also just use a ChromeBook and do everything online lol. Yes, just like that particular example, it's not convenient to stay secure and to maximize your safety while minimizing your risk. But that is how it goes.

Haydon · Thursday at 11:51 AM

Well, we have to agree to disagree, then.

An infection that does not spread is not really an infection, it is a defect that exists in only one computer.

An infection by its very definition spreads from one computer to another, by whatever means.

flashh4 · Thursday at 12:03 PM

I can help you just as the Malware Removal Specialist at any of the Forums can !! I have over 25 yrs. of removing & finding viruses !

Fabler2 · Thursday at 12:15 PM

For example, a lot of ransomware are savvy enough to infect backups so you cannot use them to get rid of them in the first place. Even if you keep your backup drives disconnected, or on another physically separate machine, when you do connect it's easy enough for them to see the presence of a new drive and start infecting.

@johnlgalt that's when you do not connect your backup drives until you do a clean install on the infected drive first. Clean install via booting from USB, deleting all partitions first, then testing the install. Only then restoring an image.

johnlgalt · Thursday at 12:18 PM

You have to know when you get infected. If it is there for a couple of days, lying in wait, before executing the actual encryption and starting the ransom process, then what?

You connect to make a backup at some point. And as long as your AM program / suite says you're clean, you think you're OK. But if it is a recent release that has not been found in the wild (and thus definitions have not been developed for it), then what?

Fabler2 · Thursday at 12:22 PM

johnlgalt said:
You have to know when you get infected. If it is there for a couple of days, lying in wait, before executing the actual encryption and starting the ransom process, then what?

You connect to make a backup at some point. And as long as your AM program / suite says you're clean, you think you're OK. But if it is a recent release that has not been found in the wild (and thus definitions have not been developed for it), then what?

True but you can only do so much to fight these things. Firmware malware is even scarier.

johnlgalt · Thursday at 12:26 PM

Exactly. Understanding the reality of it is just as important as actually keeping yourself protected to the best of your abilities.

johnlgalt · Thursday at 12:28 PM

Haydon said:
Well, we have to agree to disagree, then.

An infection that does not spread is not really an infection, it is a defect that exists in only one computer.

An infection by its very definition spreads from one computer to another, by whatever means.

OK, I disagree :lmao:

Haydon · Thursday at 12:30 PM

I should note that the type of infections in this thread are very, very rare.

@flashh4 The case may not be real

Haydon · Thursday at 1:44 PM

Fabler2 said:
True but you can only do so much to fight these things. Firmware malware is even scarier.

Vice versa, there is only so much the attacker can do. For firmware malware, the hurdle is even higher. The vast majority of computer users never heard of firmware malware and never got one.

Safe computing is the same for firmware or other malware. You don't wear a tin foil hat to ward off lightning strikes.

Fabler2 · Thursday at 1:54 PM

Haydon said:
Vice versa, there is only so much the attacker can do. For firmware malware, the hurdle is even higher. The vast majority of computer users never heard of firmware malware and never got one.

Safe computing is the same for firmware or other malware. You don't wear a tin foil hat to ward off lightning strikes.

Safe computing is the same for firmware or other malware

That's stating the obvious.

You don't wear a tin foil hat to ward off lightning strikes

Click to expand...

You lost me.

Haydon · Thursday at 2:07 PM

Safe computing is the same for firmware or other malware

Click to expand...

That's stating the obvious.

You don't wear a tin foil hat to ward off lightning strikes

Click to expand...

You lost me.

Well, I was responding to all the lofty and empty hoopla about understanding firmware malware so as to protect oneself against that. That's bull. The reality and practice of safe computing is the same, it does not change whether there is firmware malware or not.

infections which can survive a reinstall of Windows

Well-known member

My Computer

Antidisestablishmentarianist

My Computers

Antidisestablishmentarianist

My Computers

Well-known member

My Computer

Antidisestablishmentarianist

My Computers

New member

My Computer

New member

My Computer

Well-known member

My Computer

Antidisestablishmentarianist

My Computers

Well-known member

My Computer

Well-known member

My Computer

Well-known member

My Computers

Antidisestablishmentarianist

My Computers

Well-known member

My Computers

Antidisestablishmentarianist

My Computers

Antidisestablishmentarianist

My Computers

Well-known member

My Computer

Well-known member

My Computer

Well-known member

My Computers

Well-known member

My Computer

Similar threads