Virus clean-up, clean it or re-roll it?

from JoeUser Forums
Looking for opinions - if you have a computer system that is struck with a virus, do you clean it by using a tool supplied by an anti-virus company or say Microsoft via their new Malware Removal Tool and then go back to using it without concern, or do you take the system and wipe it out completely, reload the operating system, the patches, etc., and then finally go back to using it?

I'll hold back my own opinion for now, but am curious what others think of either approach and why they favor one over the other....
48,129 views 22 replies
Reply #1 from WinCustomize Forums Top
Reformatting should be your last option, and only if all else fails. I however, rely very little if at all on MS for my virus protection or the cleaning of virus's. And I haven't had a virus in many years.
Reply #2 from JoeUser Forums Top
the one time colleen and I caught a virus it was a doozy, we had to wipe millenium completly and restore as new computer, reload programs etc. hated it, was a lot of work and pissed me off for being so careless, lesson learned now, firewall in place and auto updates for virus protection.
Sins of a Solar Empire: Rebellion
Reply #3 from JoeUser Forums Top
Reformatting is not usually appreciated by the end user.  I try to clean it.  All else fails, I will reformat, but so far I have not had to do that on any system.
Reply #4 from WinCustomize Forums Top
I have not had to reformat yet - which I like, but might be bad since I've never reformatted, thus don't know how.
As far as I can tell any virus I have gotten has been cleaned. Same with adware/spyware. Once cleaned, they have not shown up on my system. I also go to the various sites that offer free scans to see what shows up. Symantec, Trendmicro, and others (used to go to pesppatrol even though they didn't remove - at least they told what and where).

The way I see it, what's the point of having antivirus and tools to clean if you're gonna reformat?
Reply #5 from WinCustomize Forums Top
I use AVG. I just leave it alone. I refomat about once a year, just to clean the junk. I have never really gotten a virus that did anything.
Reply #6 from WinCustomize Forums Top
And to tell truth, when my ISP runs out, I'm quitting the net all together. It's just one big commercial now. My ISP is'n't but $6.95 a month. Better than AOL, MSN Netzero, Evryone I've ever used. But, now the sites want you to pay to look at them . Sure man. Hold you're breath. Be there in a minute. (Wincustomize exclueded).
Reply #7 from WinCustomize Forums Top
I would say it depends on the virus.

If you can be sure you removed all trace, then reformatting would be time consuming - and pointless if you are only doing it to remove virus files that you can remove either with a removal tool, or manually.

If you are not sure whether you have removed all trace of the virus, then reformatting would be an option.

If you find yourself doing a lot of reformatting due to virus infections, then you may want to rethink the way you handle security on your machine.
Reply #8 from JoeUser Forums Top
I don't worry about viruses because I put a condom over my modem and folks keep telling me that nothing prevents picking up viruses better than a latex condom with Oxy9! ;~D
Reply #9 from WinCustomize Forums Top
It all depends on how bad the level of "infection" is, whose PC it is, and how much they need their data.

I usually try to clean it up first, but sometimes people's PCs are so overwhelmed with virii/malware that all you can do is save whatever data you can, and reload Windows.

At work we tell everyone to save all their work to the network shares, so if anything happens to their workstation they don't lose their work. We keep ghost images of the different machines, and restore to that image. Basically , if it's going to take more than an hour, they get wiped and ghosted. Anyone who gets their mahine infected twice gets moved to the User goup. They cry at first when they can't install Weatherbug (Spyware!) or RealPlayer ( ) but at least their machines stay clean.

At home I keep a ghost image on a USB drive in case of any kind of catastrophe.
Reply #10 from WinCustomize Forums Top
I don't worry about viruses because I put a condom over my modem and folks keep telling me that nothing prevents picking up viruses better than a latex condom with Oxy9! ;~D


lol
a condom isnt that big
or is it
Reply #11 from JoeUser Forums Top

At home I keep a ghost image on a USB drive in case of any kind of catastrophe.

Yes we do!  But our aunts and uncles do not.  And that is why we have a job!

Reply #12 from WinCustomize Forums Top
The standard position when I worked at M$ was to reformat & reinstall from clean media... a practice I follow as well, since you never can be sure what other exploit or trojan program might have been dropped by the virus as well.
Reply #13 from WinCustomize Forums Top

the one time colleen and I caught a virus it was a doozy, we had to wipe millenium completly

That wasn't a virus...that was the OS...

Reply #14 from WinCustomize Forums Top
a condom isnt that big
or is it


Aussie ones are more than adequate.....use a medium to keep my tower dust free
Reply #15 from WinCustomize Forums Top
a tower? and you're proud? huh.
I gotta Texas medium over the house until I get my leaky roof fixed.
Reply #16 from JoeUser Forums Top
#13 by Jafo
Sunday, August 21, 2005


the one time colleen and I caught a virus it was a doozy, we had to wipe millenium completly

That wasn't a virus...that was the OS...


wish it was, but no luck there was a nasty virus, and yeh millenium did suck.
Reply #17 from JoeUser Forums Top
Finally following up a bit myself.

The question came up because policy from a higher level at my job apparently requires reloading the O/S when a machine is virus smacked -- no matter whether or not a reliable cleaning tool has been released, no matter who released the tool.

My personal opinion is you do what makes sense for the situation. If you can get a reliable clean-up tool, then use it. If you have doubts about the tool, or see multiple recommendations from anti-virus vendors telling you to reformat the system, then by all means do it. If you really want to be safe, then yes, do it. But there seems to be plenty of cases when a garden variety worm or cheesy virus infects a system that could be fairly easily cleaned. In those cases, I prefer to make judicious use of my time, rather than taking many hours reloading a system, copying the data that is needed for the user back to it, and leaving it usable.

I'd love to spend a few hours in a locked room with the writers of these stinkin' worms and virii. If I had the opportunity, I'd torture them as badly as I possibly could. Back to the point of running Windows 3.0, or one of it's precursors. Back to the point of forcing them to use nothing but Microsoft's BOB as their user-interface. Pouring maple syrup on their nether regions and letting a bear come in to slurp and bite that all away. Whatever the worst possible thing imaginable is... down to the point of making them use a Timex Sinclair for all of their computing needs for the remainder of eternity. Yup, that bad.
Reply #18 from WinCustomize Forums Top
The question came up because policy from a higher level at my job apparently requires reloading the O/S when a machine is virus smacked -- no matter whether or not a reliable cleaning tool has been released, no matter who released the tool.


I support that stance after your business (and IT support) gets so large.

It is far easier to give each user a drive on the network to store data, lock down the hard drive as much as you can and keep a ghost image also on the network. For anything other than a hardware problem, tell the user to take a long lunch an dre-image the drive. In 1/2 an hour everything is fixed.

I have a client that has a two drive system for all their remote users, mirrored nightly. If something goes wrong the help desk walks the user to boot from the second drive. They los any work they did from the night before but that's still cheaper (on average) than walking the user though 9maybe) fixing the problem. Every week a rep does the remote circut picking up "bad" drives and replacing them with good ones. Then the "bad" ones are reimaged in the shop ready for the next circuit.

The bigger problem at your job is how a user was able to get a virus. A better scanner on your email client or on the client's PC might be the way to go.
Reply #19 from JoeUser Forums Top

I support that stance after your business (and IT support) gets so large.

IN a business, where all data is SUPPOSED to be stored on network storage devices, I can see that and do support it as well.

Reply #20 from WinCustomize Forums Top
IN a business, where all data is SUPPOSED to be stored on network storage devices



Once a user loses their data, they usually get much better about saving to the network shares. Of course, there are some people who are just never going to grasp the concept of saving to anywhere but to their desktop. If they don't see a shortcut on the desktop, then as far as they're concerned, the program isn't on their computer.
Reply #21 from WinCustomize Forums Top
Once a user loses their data, they usually get much better about saving to the network shares. Of course, there are some people who are just never going to grasp the concept of saving to anywhere but to their desktop. If they don't see a shortcut on the desktop, then as far as they're concerned, the program isn't on their computer.


And that is why we have jobs!
Reply #22 from WinCustomize Forums Top
If they don't see a shortcut on the desktop, then as far as they're concerned, the program isn't on their computer.

I got's more stuff!! c-o-o-o-l

I here y'all. I'm not even IT (which kinda makes up for being 'it' all time in long sad tale) but since I am a Lead - I am the 1st person they cry to. Over 1/2 my team still can't even change the options in the email.

If I didn't hang out here reading all the posts learning stuff, I'd be one of those calling for help all the time.