[real-eyes] Re: Fwd: [NUT] Fixing An Infected Computer
- From: Mitchell Lynn <mlynn@xxxxxxxxx>
- To: real-eyes@xxxxxxxxxxxxx
- Date: Tue, 29 Apr 2014 09:57:38 -0500
When I first read Steve's post, my inclination was to present some
suitably erudite rebuttal, delineating those cases where the reimage or
format reinstall was an unnecessary extreme. I believe--no, I know--that
there are cases where the prescribed methods are extreme. It's the 21st
Century technicians' "if thine eye offends thee, pluck it out.
In the end, a total system reload will absolutely and unequivocally
resolve the problem--at least we hope it does. I am old enough that I
can remember when the idea of viruses was little more than speculative
fiction. Maybe it is that same kind of speculative fiction to talk about
malware that can survive the kind of system reload you advocate. Maybe
that kind of malware is already being crafted or is already extant in
the wild. In any case, it is a moot point: the only certainty here is
uncertainty.
Reputable commercial software has shipped with malware; shareware has
been distributed with virus infections; USB drives have shipped with
malware on them; computer shops return repaired systems infected with
malware. And of course, this says nothing of the myriads of operating
system components and third-party software and hardware that is rife
with vulnerabilities and security flaws that leave us susceptible to
attack. Just as the only constant is change, the only certainty is
uncertainty. We can't all hand-craft our own operating systems and
software and then allow them to live their lives in the sterile vacuum
of a test tube. Nor is there any assurance that a user when told that
they must change their habits or else will do so.
The upshot is that you did what you could. You weighed "best practices"
against necessary end-user expediences (their resources and abilities)
and did the best you could. If you have the facilities and resources to
treat a gangrenous wound, then you do so. If you do not have those
facilities and resources, then you amputate. Of course, if you knowingly
left behind an infected system, that changes the game entirely.
Unfortunately, computer operating systems defy the Biblical injunction
about building on a foundation of sand, and now we are in one hell of a
wind storm. All we can do is regularly inspect that foundation, patch
where we must, harden where we can, be smart about what we open and
where we browse and hope for the best. Reimaging is probably the most
sure thing when it comes to system repair. It is not, however, always
the most practicable course. Nor does it lead to an immutable certainty
that all is well.
On 04/29/14 12:44 AM, Reginald George wrote:
> And I will now repost here the message I just sent to Steve's list in
> response to his message.
>
> I will admit something here that I shouldn’t. Steve is 100% right. The
> only proper way to fix things is exactly the way he says here. Even on my
> own systems I haven’t always had the patients or the tools, and I have
> settled for just getting things up and running, but with no real confidence
> that the systems were truly clean. Sometimes I’ve been lazy, or in a hurry,
> or stuck without the right tools or sighted assistance, and so I just
> stopped the pop-ups from happening and did what I could for the person. but
> without the confidence that back doors didn’t remain, or that the problem
> might not return in the future. There or times I’ve spent ten hours trying
> to clean a system of adware and spyware, when 3 to 6 hours of format and
> reinstalling all the software and drivers, updating Windows, getting all the
> settings right, configuring all the accounts, and reloading all the data
> into the right places would have made the system run better and faster, and
> resolved lots of other hidden issues that I wasn’t even aware of at the
> time. My way often took longer, and the results were not as sure or secure.
>
> This is no excuse, but Many of the people I helped didn’t have a good image
> of their drives, and had no idea where their system software was. Even when
> their was recovery media available, often the person didn’t know their
> passwords, or they were afraid of losing their auto complete lists or iTunes
> library. Things could get complicated very quickly. Sometimes when they
> didn’t have operating system disks, the factory recovery option would have
> loaded so much junk on to the system that I then would have had to remove,
> plus reactivating Office and screen reader licenses that they didn’t have
> and couldn’t afford to replace, that it just seemed easier to try to get
> them back to a usable state for the moment, and that’s what I did. But that
> was certainly not best practice. This is why I often encourage people to
> take their systems to a shop where they will be cleaned and reloaded
> properly, instead of me trying to do a half assed job. Better to go through
> the pain once and learn valuable lessons, than to risk all your personal
> data or identity being stolen. So this is my way of saying thanks for the
> post. There is not one thing here I can argue with. And if you are
> going to use a computer, learn to be a responsible consumer and back your
> system up regularly. Easy to say, not so easy to do. But much easier than
> it used to be.
>
> Reg
>
>
>
> -----Original Message-----
> ---------- Forwarded message ----------
> From: Steven Clark <blindbites@xxxxxxxxx>
> Date: Mon, 28 Apr 2014 05:50:58 -0500
>
>
> I woke up early today and was listening to CNN with TuneIn Radio on my
> phone.
> I heard an ad for Fix Me Stick, yet another advertised solution to
> fixing and speeding up your computer. I did a little research on this
> thing. Basically it is a bootable USB drive that has a stripped down
> copy of Linux installed with a few anti virus programs installed.
> This product can't really remove a virus or malware, only quarantine it.
> The problem with this is if any system file is simply quarantined, that
> keeps the file from being used by Windows. Depending on the file this
> will just make your computer so it won't start. At the least, your
> computer will start again and the virus is still there infecting other
> files, eventually making your system unusable.
>
> Products like this and the free diagnosis programs like Clean My PC or
> Speed My Pc or any of the others being advertised on TV and radio are a
> scam.
>
> If you have a virus, malware or other infection on your computer, the
> only true way to remove it is to format the drive and reinstall the
> operating system from a good known source. Hopefully this is from either
> install DVD's or other media that either came with your computer or ones
> you made with a utility on your computer to create rescue disks.
>
> Another option is to restore a system image. A system image is sort of
> like a picture of your hard drive. If you made a system image on January
> 11, 2014 and you restore that image on May 15, 2014, your computer will
> be exactly the way it was on January 11.
>
> I demonstrated doing this with Image For Windows at one of our NUT
> meetings and you can also do this if you have Windows 7 or later.
> Just go to the control panel, open Backup and tab a few times until you
> are on System Image. Follow the prompts and an image of your hard drive
> will be stored on an external drive. You can restore this image to
> bring your computer back to the way things were when you created the image.
>
> The reason that you have to format a drive and start over from scratch
> is there is no other way to guarantee that a virus or malware is totally
> gone, regardless of what super removal tool or multiple tools you use.
> Many of the kits that are used to spread a virus or malware these days
> include multiple attack methods. Some will attack right away, others are
> programmed to wait for awhile. These modern day infections are good
> about hiding from detection programs. Some even know when the computer
> is being scanned, hide themselves where they won't be detected and then
> reinfect things as soon as the computer is restarted.
>
> So don't fall for these easy fixes that are out there for you to buy.
> The only easy thing it does is put money in someone's pocket and you are
> left with the same problem or worse, especially if you allow their
> support people to fix things remotely.
>
> Steve
>
To subscribe or to leave the list, or to set other subscription options, go to
www.freelists.org/list/real-eyes
Other related posts:
