Malware and Reinstall With An Image

[richc46]

Well, we all make mistakes and now I am included on that list. I recently received an email from a friend. I opened the email and clicked on the link that was included. I knew that I made a mistake when I saw the contents of the email. I found out from her that she did not send it, but was infected herself. The Malware froze her home page, to the point that she lost internet access. The same thing happened to me.
I was able to get back my internet, by using a Macrium Image, made before the email arrived.

My Question. Does an install using a Macrium Image remove all Virus/Malware?

 

[Yard Dog]

Hello Rich, I have never used an image, but, I would think you are clean now.. just my thoughts.

 

[richc46]

Thanks Bill,
That was my initial thought, too. After, Google, however, I think that possibly the only certain way is to format, first. I really do not know at this point.

 

[Yard Dog]

I have run across lots of users over on Yahoo Answers. and we always tell them to change passwords , especially the email and to rum mbam .. can't remember ever having them use an image install as a restore tho.

 

[richc46]

Could, not even do that Bill. I lost the internet, and my home page was frozen. After the image, MBAM and MSE all clean.

 

[Yard Dog]

I believe the main concern for most users who have this happen is that the contact list is stolen. Then the contact list is sent emails with the malware in it.. The passwords to email definitely would be an issue , I believe. I am not sure what else besides passwords would need any action.
One thing about this Forum that I have noticed is that there are some really smart people here. I have learned alot in the last few days..

 

[Thorsen]

If it was a full image of all of your files, then it would be clean. the full disk image would replace the current disk image. If it is a partial backup, then it is possible that the image replaced the files that were infected with the previous version of the files, but could have not replaced all instances of the virus.

Sorry to hear about the issue. Hope it is all sorted ok.

 

[richc46]

TY for your concern and comment, Thorsen. The bacukup was my entire C drive.
I am pretty sure that I am ok. But in today's world extra caution is necessary.

 

[VistaKing]

Hi Rich

You might want to scan the computer with malwarebytes

Here is the download


Download



Look at the image below

 

[richc46]

Already did Malwarebytes and Security Essentials and it all looks good. I just want to feel 100% certain as these infections can get personal information, etc. Thanks for your help.

 

[indianacarnie]

If it was a full image of all of your files, then it would be clean. the full disk image would replace the current disk image. If it is a partial backup, then it is possible that the image replaced the files that were infected with the previous version of the files, but could have not replaced all instances of the virus.

Sorry to hear about the issue. Hope it is all sorted ok.

I tend to agree with Thorsen. If you're really worried though maybe a clean install is in order if for no other reason than your peace of mind.

This can happen to anyone though, so don't beat yourself down over it. I've gotten a couple of e-mails this past week "from" an old girlfriend of mine who's pretty computer savvy that I KNOW aren't from her. Assuming she's infected too, but ...... ...... am not going to let her know from me as I'm sure her other friends will inform her soon enough.

 

[tom982]

Hi Rich,

Assuming you were clean at the point when the image was made, which is sounds like you were, then it's safe to say that you will be clean now as the image restores all data on a disk. Just keep an eye on external storage media!

Tom

 

[richc46]

TY very much for your reply, Tom. Rep for your time and effort.

 

[richc46]

If it was a full image of all of your files, then it would be clean. the full disk image would replace the current disk image. If it is a partial backup, then it is possible that the image replaced the files that were infected with the previous version of the files, but could have not replaced all instances of the virus.

Sorry to hear about the issue. Hope it is all sorted ok.

I tend to agree with Thorsen. If you're really worried though maybe a clean install is in order if for no other reason than your peace of mind.

This can happen to anyone though, so don't beat yourself down over it. I've gotten a couple of e-mails this past week "from" an old girlfriend of mine who's pretty computer savvy that I KNOW aren't from her. Assuming she's infected too, but ...... ...... am not going to let her know from me as I'm sure her other friends will inform her soon enough.

TY for your help. I cannot give you rep as I am slow in passing it around.

 

[tom982]

TY very much for your reply, Tom. Rep for your time and effort.

My pleasure Rich. Thanks for the rep!

 

[DBone]

I have read reports of malware surviving a re-image, although I'm not convinced on how credible they are. I have never seen it happen personally, and would consider a re-image clean. Of course all of the usual suspects in regards to on-demand scanners would be great for piece of mind if really needed, but I wouldn't give it a 2nd thought.

 

[richc46]

When my hompage froze due to the virus. I immediately restored with an image. I was enjoying my computer when the thought came to mind that the virus might still be present. I Googled, and came up with the possiblility that a format was needed to erdicate the virus. I ran several anti virus and Malwarebytes, and they were all negative. In addition, prior to the image, the computer did not work, after the image everything is running just as it should. I think that I just have to assume that everything is good.

 

[DBone]

Yea, I concur. I would too This is just more proof that the best AV you can have, is a recent system image to fall back on.

 

[rhuds13]

If you want to be really sure next time you run a complete restore just use your Windows disc to format C first then run the Macrium backup. I also have started using the Paragon Backup & Recovery.

 

[richc46]

TY for your comments. I have found through research that a virus can infect the boot sector (there is a test for that, which I passed) or the BIOS. There is no way to remove the BIOS infection, without an update or a flash. I don't think that I have that problem, however, as it is rare.