Finally I have gotten rid of the viruses and malwares affecting my PC. Now I m just hoping it doesn't strike back. And perhaps I know now the reason behind those haunted attacks even after a format.
I read in certain forums of some users facing similar problems. i.e. of a possibility that those malwares/viruses/trojans might have survived a disk format. Well as far as I know, the MBR viruses survive formats. But in my case, the moment attacks begin, I could see those malicious exe files, sitting pretty on my OS drive, anywhere and everywhere. Also after each format, the system would behave in decent manner and would definitely be free of any viruses atleast till some time.
So I carefully chose the softwares that I was installing after each format. And yes, those exe files of various softwares were the culprits. I generally keep the setups for various softwares on my PC (just like many others would do) and would reinstall those same set of softwares after every format. And while installing just one of these, the virus would strike back, for those .exe files were already corrupted.
Even any anti-virus would clear them of being any suspicious malware. But the fact was they were indeed corrupted. So finally I chose all my softwares to be installed very carefully and deleting the ones which were causing the attacks. [Of course, I would know of its corrupted nature only after I had tried installing it which effectively would mean another format :) ]
Another thing that I would swear by in future is keeping a disk image. Once the OS drive is clean, I keep an image of the OS drive only. In case the attack appears again, I boot my machine with Windows Boot Drive, start the Image restore wizard and get my OS(with some basic softwares installed) back. And this would be as good as formatting and reinstalling the OS and softwares, but would take only 10-12 minutes (depending on the size of OS image) as against a few hours of traditional formatting, OS and softwares installation . :)
So to keep things simple, I do the following steps:
1. Format the machine(generally the OS partition only) and install Windows XP.
2. Install Anti Virus (I have started to rest my faith on AVG's free edition for this)
3. Install network drivers to go online for Windows Updates in next step. Prefer keeping a CD of drivers which come with the motherboard, rather than keeping somewhere on local drive as they have equal chance of getting corrupted.
4. Connect to the internet and Start > Windows Update. Install Critical Updates first.
5. Now is the time to save your first "clean" image. This one would be without any softwares. You may keep another one after you have installed some softwares which are always required like Office, Reader etc. To keep disk image, Macrium has recently come up with a Free edition of Macrium Reflect Free Edition 4.2 which lets you create disk image and allows you to create it on local disk or even network. The free edition is not a trial version (unlike other utilities available) and also provides feature of scheduling your image creation.
6. Once the image is created, you have to have a way to restore the image when required. Macrium suggests the use of PE builder. PE builder provides a Windows Pre-Installed Environment to boot your machine. It also has a provision to add custom files to the PE. The custom files in this case would be a small Macrium Application which will act as a wizard to restore your image. The PE thus created would also enable network drivers so that you can restore the image lying on some network location.
Read more about Macrium Reflect and PE Builder on their respective websites.
7. Once you have the PE image with you, keep that on some CD. Next time, your system goes bust (due to virus or some other reason), insert the CD in CD Drive and restart the system to boot it from this CD. Of course you have to ensure that the first boot device is set to CD/DVD drive. Once booted, just start the Macrium Wizard and restore your image absolutely painlessly :)
So far it has worked for me and I hope the same for you :)
Cheers!
MoA
No comments:
Post a Comment