How likely is it that a spyware infected PC will require a full OS reinstallation?

[Arcadio]

What percent of spyware problems require a full OS reinstallation?

 

[Lemon law]

Its somewhat of a two way question. If one gets a virus, trojan, or worm designed to eat your OS, it can screw up your PC in almost no time flat. And as such, the answer would be 100%. But those are fairly rare vandalism motivated attacks, because such an attack yields the malware writer nothing, because it kills both the user's PC and the malware writers attack agent at the same time.

Smarter malware writers want the user's PC to survive and then go on to become a vector to either mine data from the users PC or to help infect other PC's. And as such, once installed, the successful malware writer wants their program to withstand efforts at removal.

I somewhat learned that lesson the hard way when I bought a Used PC on ebay at a very attractive price. I fully expected to find some malware, so I had some malware programs already burned to CDR. Instead I found, to my horror, that XP pro computer was positively infested with 4000+ pieces of malware of all kinds. Adaware with old definitions easily got 85% of them. Then I added avast with old definitions and got another 7%. I then logged on to the internet, and updated both programs and got few percent.
And stubborn me, I was bound and determined to get them all so I took every on line scan and rootkit checker on the planet which got me close. And long after every every virus and spyware checker I could find pronounced me now cleaned, I finally posted a hijack log on spyware warriors and they found at least 11 more.

The fact is, stubborn me had over a 100 hours of my time invested to clean that PC. And I would have been better nuking everything and starting fresh. But if you have precious data on your PC you can't afford to nuke, user cleaning is possible, but its time consuming. Or you can take it to a professional and then its just expensive.

I can't say I have learned all that much from some of the security experts on Anand tech, because I had already learned many of the lessons they preach from other forums before I joined Anand tech.

But I have to say two things.

1. Setting up a good multilayered computer defense is fairly easy. Prevention is much better than removal later. I run a two computer network for my wife and myself. And with a clean PC and a good security system, I have not had a single, knock on wood, security problem more serious than tracking cookies able to dent my network in six years.

2. The security people at anand tech are really very good. Schradenfroh, John, and Mech Bgon, and medea and others really know what they are doing, and they have it all in that sticky at the top of this forum page on how to set up a security system. And also in how to remove any malware you have.

 

[phisrow]

As Lemon law said, it mostly depends on how much you care. How paranoid you are is also a factor. With sufficiently heroic measures, one can be fairly sure that a compromised system is now clean; but fully verifying that is virtually impossible(unless you have checksums of all system files in a known good state, which very few people do). For basic home use, people are usually willing to put up with the risk; because they can't or don't want to reinstall the OS and apps; but if you are really set on security rebuilding from known good media is safer.

 

[reborn8]

Originally posted by: phisrow
As Lemon law said, it mostly depends on how much you care. How paranoid you are is also a factor. With sufficiently heroic measures, one can be fairly sure that a compromised system is now clean; but fully verifying that is virtually impossible(unless you have checksums of all system files in a known good state, which very few people do). For basic home use, people are usually willing to put up with the risk; because they can't or don't want to reinstall the OS and apps; but if you are really set on security rebuilding from known good media is safer.

I agree. If you want to make sure you are fully safe after an attack just reinstall everything. One good reason to do backups often of your crucial or valuable information.

 

[Pabster]

These days, 100%.

You absolutely cannot trust a machine that has been compromised.

Wipe it and restart from known, trusted media.

 

[Fullmetal Chocobo]

I've never seen a truly comprimised system before this weekend. The wife and I went to help a friend move, and she said her husband's laptop and external was infected with malware. I told her I would take a look at it--no problem. Wow. Normally when people givem e machines with problems, they are just slow and have a few trackers on them, etc. This machine was riddled with virii, backdoors, trackers, and all kinds of other things. All from a single thumb drive.

 

[RebateMonger]

Although I respect those who have become experts at removing malware, my personal preference is to format and re-install the OS and programs. I believe that malware has become too hard to detect and remove for all but experts. And experts aren't the ones getting infected.

I believe the BEST solution is an automated system backup/restore setup, like Windows Home Server, that keeps ongoing image backups of your entire system and lets you restore YOUR ENTIRE PC from the date of your chosing. You take the whole PC back to BEFORE the malware infection, and then restore the most recent versions of your data files. With the right software, this restoration can be quick and painless.

 

[Lemon law]

I think there is some excess paranoia here. I would say 99 % of compromised systems are compromised in a minor way and just a nominal multi layered defense will have various scanning anti malware applications that will remove it all when scans are run.

But its those 1% of nasty exploits that are really really hard to remove. When you have some security unaware person picking up some 1000 pieces of malware in a given time period, then chances are, they have 10 or so of the real nastiest variety.

Truth be told, many "computer professionals" owe their livelihood to being able to clean up those basket cases. And its somewhat of a no brainer, the dumb computer users who is totally computer security unaware, is the very computer users least likely to be able to repair their own mistakes.

 

[EvilRage]

I repair PCs (mostly software) for a living and when I encounter infected systems, more than 99% of the time, if there are no hardware issues, it's cleanable. The only times I recommend a full wipe are when the computer doesn't have any programs or data saved to it (ie, it's used for accessing the web, e-mail, etc), or when there is massive damage done to the OS such that it is impossible to replace missing, damaged, or corrupt files with copies from a known good OS CD.

The problem is that most people don't want to spend huge amounts of their time hunting down and eliminating malware, so they either hire a professional to do it or reinstall the OS themselves.

 

[rxblitzrx]

Not to thread hijack, but I wanted to post here since my issue is related.

I use IE for all the sites that I don't visit on a regular basis. I use Firefox with cookies and javascript disabled (except the ones I allow) for the sites I visit all the time. After using IE everyday, I use Crap Cleaner to remove all cookies, temp files, etc from IE. Am I doing enough to prevent infection?

 

[will889]

If it's a mission critical pc on a network wipe-reformat or re-ghost. If regular user PC that does any type of online banking on a regular basis reformat unless the user is very adept security wise. If user is so-so or novice reformat for their sake and plausible denyability for anything gone wrong.