Sure, there are lots of tricks like that to employ that most people are not aware of. As terrible as some of those things are, you just sometimes have to appreciate the ingenuity and cleverness of them. Often these tricks are only discovered by forensic examination of the system offline to perform analysis of the temporal locality of the malware files being executed.
Thought I'd throw this out there, since it helped me:
My housemate went through a round of these kinds of extortion programs. Every few weeks she was coming up with another one. It got to the point that I was starting to lose confidence in MSE, though I'm using MSE myself and have had no problems. (We are both also using Malwarebytes.)
I got a deep discount offer on SUPERAntiSpyware which included two licenses and stuck one of them on her computer. It turned out to be the only one which caught and automatically cleaned the suckers right off the bat. There is a free version as well.
Neither MSE nor any good AV can protect against persistent ignorance toward computer security, but the good point to take home here is layers of security. It's pretty much a necessity anymore.
No software catches 100% of all threats either, so that's another reason to layer your protection. Many people on these boards, myself included, feel perfectly comfortable with MSE as the active scanner, and Malwarebytes as the passive scanner.
Not in my experience. A parallel installation of Windows is Windows in every way, shape and form; as stable as any new installation. I didn't use a parallel installation to backup anything - whatever is in the primary installation is suspect, even in (and sometimes specifically in) the user personal folders.
The parallel installation allows complete and thorough use of any AV/AM software available for Windows, unfettered by the infection which lies dormant in the infected Windows installation which does not get booted.
Once the system is cleaned, there is no need for a clean install; it's already clean.
I didn't use a parallel installation on that one. At the time, those two text files were undocumented and were in user data folders, the particular variant was not yet in anyone's virus definition files, and the removal was guided in part by various web postings of suspect registry entries from AV sites.
I removed the infection manually 3 times; it didn't show in any AV/AM tools. I tracked down the two files after the first re-infection and watched the infection propogate through several reboots. Part of its tenacity was in its ability to establish itself through filenames that were in large part randomly generated. But those two text files were the seeds, and their names were always the same.
Exactly why pulling the drive is just as effective, but far easier and faster. The more you try to give claims to backing up your point, the more you seem to be confirming mine. I'm the I.T. Director for my company. I don't have time to do parallel installs to clean malware. In the time it would take for the parallel install to be completed...I'm already putting the system back on a users desk, cleaned and ready to be used. I'm not doubting both methods are effective. My point is that one is much easier and takes far less time.
Time being the segway, a parallel install may need drivers re-installed, Windows Updates applied, etc. When you pull the drive, none of this needs to be done. You simply run a scan, clean the infections, and put the drive back in to the system. As mentioned above, I don't like throwing titles around or anything superfluous....but when I am presented with two methods, both equally effective, but one is far and away faster and easier....I'm going that route every time.
I mean no disrespect; I know that you have been a big help to hundreds if not thousands of people right here on Windows Seven Forums. But let's get back to the forums, shall we?
Not many who post here have an I.T. department at their disposal, else why would they be posting here in the first place? Not a lot have a second computer at their disposal, unless it's a laptop, or the computer they upgraded from that is now "out in the shed". And even if they have a second computer, they may not have any idea of how to get the drive out of the first computer and install it in the second computer. Not a lot have drive docks; most folks who see the need for and usefulness of drive docks are usually fairly computer literate in the first place.
I'm not denying that pulling the drive may be easier and faster for someone who knows how and has the necessary facilities readily at hand, but it is not necessarily easier and seldom faster for an OP who doesn't even know how to open the case. Even fewer know how to pull the drive out of a laptop. However, nearly all of them know how to install software, update Windows, and download files from the internet.
A parallel installation may or may not need drivers re-installed. If the monitor, mouse, keyboard and NIC work, that's all that is really necessary; there's no need to re-install or upgrade any drivers. The matter of time is up to the OP; I'm willing to devote as much time as is necessary to help him/her get out of their difficulties.
For the example I linked to, the OP on that forum was a youngish grandfather, not a lot of disposable income available, who happened to still have the original 30GB HDD that he had upgraded from on his one computer, (and his computer was old enough that he had bought it back in the day when OEM's still included installation media in the box). He had some of his personal data backed up, but a lot that he didn't really want to lose was not.
In his case, two "Malware Experts", one with nearly 70,000 posts on that forum and the other with over 80,000 posts, had told him that his only recourse was a reformat/reinstall. As it turned out, even though they were by far more experienced than I, they were simply wrong.
My main point here is that I try my best to tailor my advice to the experience level of the OP, and the alternatives with which the OP can be comfortable. This OP, incidentally, seems to have left the thread after post #7.
Just a guess, but evidently it didn't appear to seem simple to Robert11. Hopefully, he will post back and update us on his progress, if any.
In all the time I've spent here and on other forums, I always live by this rule. That's the first lesson you ever learn when working in IT...know your audience. Given the content on this forum, pulling a drive is far simpler than doing a parallel install. Take a minute to read through the installation section, and you'll see how many people either don't own proper media or aren't able to complete an OS install by themselves.
Pulling a drive is very easy, especially on a laptop. Tower's can handle laptop SATA drives as well, making it even easier. All of your reasons are very sound and accurate....but they back up my point that pulling a drive is easier. My father-in-law is a great case study. He barely knows how to find the power button on his laptop. But, it is far easier for me to walk him through pulling his drive than trying to install an OS. Working a screwdriver is much easier than stepping through an OS install. It's two screws on the bottom...with a picture to explain. Most people who wouldn't know how to pull a drive would have no media or only restore media in the first place.
I completely agree with knowing your audience...so that's why I'm standing behind the easier solution. I'll use your logic in reverse. For us tech savvy people, installing an OS and updating it is something we could do in our sleep....blindfolded with one arm tied behind our backs. To soeone who isn't tech savvy...the idea of installing an OS, choosing partitions (as to not format their existing data), etc can seem like a mountainous task.
I am also not disagreeing with your comments on Malware Experts. I have seen that advice myself, to do a clean reinstall. For me, I have that down to a sub-2 hour process...but that's like buying a new car because you have a flat tire. To me, the clean install is the absolutely last resort, when all else fails.....especially for a non-tech savvy person. Some people, I assume, feel that a drastic approach is the best. Sure, it will probably resolve the issue, but so will buying a new car when your old one has a flat tire. Technically speaking, it does solve the problem.
I don't think anyone can factually state what is or isn't easier for an individual. Person of type X isn't more or less likely to have knowledge of how to do Y or Z. Knowledge, or lack thereof, in computers comes in all shapes and sizes. It's going to be up to individual to determine what is easier for them based on their situation and level of knowledge. Both of the stated options are good ones, but no one's ever going to win an argument on which one is an absolute "better" option across the board. We're trying to make absolute decisions out of relative situations. I think it's time to sit back and let the OP digest his options.
Quote