• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Suspected virus reinstalls with boot drive + 2nd drive

M

maniacalpha1-1

Diamond Member
When you have an SSD(or HDD) with your OS and another one with no OS used for music files, low priority game installs, etc, and you have a situation where you suspect(but do not know) that a virus has gotten hold and you elect to wipe and reinstall your OS drive, is it necessary to wipe/format your 2nd drive as well? Or is it likely that the 2nd drive has not been infected?

Now that I'm going to do the SSD boot drive thing, I realized I usually have to reinstall 2-3 times a year. Not always for suspected viruses, can be to clear out video drivers for a GPU change too, though of course in that situation I wouldn't feel compelled to wipe and reinstall the 2nd drive.
 
1. it is not necessary to reformat the drive (nor will it actually help), what you do is rebuild the MBR to remove boot virus. Reformatting the HDD will not actually remove an MBR virus.
2. Even if MBR has been infected on all drives, reinstalling windows will wipe it on drives actually used for booting, and it will never actually get used on drives that are not part of the boot process,.
3. Boot viruses are exceeding rare, what makes you think you have one?

Easiest method to get rid of MBR virus is to just install GRUB bootloader.
A more likely scenario is that you have regular viruses infecting windows, and simply need to reinstall windows. It is possible that random exe files on your PC were modified by the viruses to make them carry the infection. Get a quality antivirus like eset anti virus after you are done reinstalling the OS to help prevent reinfection. You can get free online scans from ESET and a few others to clean your PC. so if you don't want to buy it the process is:
1. install grub on all drives
2. reinstall windows (with or without reformatting the windows drive)
3. Run a full scan (free) online from ESET before running any exe from your suspected drives.
 
Last edited:
I wasn't referring to a boot virus, just a regular virus in the OS on HDD, I just meant the boot drive containing the OS, not the MBR. This was in the past, I don't have one at all right now, I'm just wondering about the future now that I'll have 2 drives, because it seems I need to do this once or twice a year.

So basically, will a regular OS infection spread to your gaming installations HDD such that you cannot simply reinstall your OS drive but need to wipe the other one too?
 
Last edited:
i would - all it takes it a permuted dropper to be re-run (dll/exe/bat/graphic) to start it all over again. remember - what is NOT detected today - could never be detected if its not seen in the wild enough to warrant a virus signature. (hence why we have sites like virustotal
 
maniacalpha1-1 said:
I wasn't referring to a boot virus, just a regular virus in the OS on HDD, I just meant the boot drive containing the OS, not the MBR. This was in the past, I don't have one at all right now, I'm just wondering about the future now that I'll have 2 drives, because it seems I need to do this once or twice a year.

So basically, will a regular OS infection spread to your gaming installations HDD such that you cannot simply reinstall your OS drive but need to wipe the other one too?
Click to expand...

Emulex said:
i would - all it takes it a permuted dropper to be re-run (dll/exe/bat/graphic) to start it all over again. remember - what is NOT detected today - could never be detected if its not seen in the wild enough to warrant a virus signature. (hence why we have sites like virustotal
Click to expand...

understand that a virus must be somehow "activated" to reinfect you. it is not enough to come in contact with it.
This means it would be, at most, infecting exe files (or dlls, etc). If you reinstall windows the system is not infected, even if you have an infected file on the drive, it will not magically infect the system unless you run it.

This is why I suggested the ESET scan. You don't have to delete it, its perfectly fine to have a file infected with a virus as long as you don't run it... and eventually that virus becomes obsolete (incompatible with current software, since viruses work on exploiting security vulnerabilities)

After you reinstall windows, all your (non cracked) games and programs will not be able to run... you will have to reinstall them. This process will replace any possibly infected files. This eliminates executables, which are the major vector for viral infections.

Movies, audio, pictures, and documents are highly unlikely to be infected / be able to actually infect your computer. And if they are, will require that you play / open them in a program with a security vulnerability...

So use quality open source players. eg: MPC-HC, Songbird, etc...
and make sure your MS office is up to date (or don't use MS office).
If you suspect a doc file, then you can open it in sandboxie: http://www.sandboxie.com/

ESET's NOD32 antivirus is extremely capable and trustworthy and I would not worry if it found your documents to be clean. But once your system is infected it is pretty much done for, no antivirus program can "cure" an infected windows system... viruses download more viruses, hide themselves from anti virus programs, and sabotage windows system files that might allow you to remove them. Even if successfully removed you will end up with corrupted OS files and have to reinstall windows to fix those.
It is absolutely unnecessary for you to reformat your games/documents drive for a mere virus infection... But it is highly recommended you reinstall windows.
 
bot's can sit around and run in your current permission group quite fine and cause chaos on the rest of the world.

honestly my policy is restore from last known clean backup in virus situation. that is why you make backups, several of them.

Life is just easier that way. I suppose folks get STD's and go around in life spreading them because they just wish them away. rather than completely take care of them. it is a choice you can make.
 
Emulex said:
bot's can sit around and run in your current permission group quite fine and cause chaos on the rest of the world.
Click to expand...
Not if you clear your MBR and reinstall windows.

honestly my policy is restore from last known clean backup in virus situation. that is why you make backups, several of them.
Click to expand...
System restore is a known heaven for viruses, they infect your restore points. Besides it has a tendency to break your computer. Reinstall is better.

Life is just easier that way. I suppose folks get STD's and go around in life spreading them because they just wish them away. rather than completely take care of them. it is a choice you can make.
Click to expand...
If this is referring my suggestions (and whose else might it refer?) then its a faulty analogy. I detailed the correct procedures to safely remove all infection.
Actually deleting all his precious personal files is akin to drinking bleach in the hope it will cure your cold. Unnecessary and harmful.
 
I didn't say system restore. i said backups. system restore is useless imo. 100% useless. full metal backups are what count. fileservers to backup every pc are cheap to make these days eh?

Just remember, for every patch tuesday. there's probably 100 more holes that are for sale right now. an icon could exploit an unknown hole for many months before being caught.

I would quarantine the whole drive and as needed run the files against virustotal before using them. in most cases you won't use much.

so where are the backups? no backups? 🙁
 
Emulex said:
I would quarantine the whole drive and as needed run the files against virustotal before using them. in most cases you won't use much.
Click to expand...

That is a sensible suggestion which I agree with.
Quarentine, Virus Total, and Sanboxie can keep you really safe.
And are all much more sensible then deleting everything on his non OS drive (which is what I argued against).
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top