Yikes!

In the middle of a fresh install, I picked up a massive viral infection (stupidity on my part). I quarantined them all with MalwareBytes, but who knows.

I'm not taking any chances with a fresh install, so I will reload Windows XP. Since it's an UPGRADE CD from Win98, if I format, I must 1st load Win98 before loading the XP UPGRADE.

My question is this: If I just insert the XP UPGRADE CD and reinstall from there without formatting the HDD, with this wipe out everything including any residual infection, or is it better to reformat, and start from absolute scratch.

PS: I know the virus messed with the registry.

I suggest to format and re-install again because of registry infection.
After that use avira personal edition(free) anti-virus.

As far as I am aware you can boot from this upgrade CD and reformat/install. However, during this install I think you will be required to insert a qualifying disc (ie: Win98) to show that it is indeed an upgrade... maybe I am way off but I thought that's how upgrade CD's worked.

mitchsc: When you upgrade from ME/9x to XP is essentially backs up your data and does a clean install of XP then applies your data back onto XP. THis is done because 9x and XP are two different technologies (DOS vs NT platform). But when this is done it also backs up your Win98 install to revert back in case of issues... so, going back to 98 shouldn't be that difficult. (time consuming maybe)


Pisha: As far as an AV, to each their own! I love Malwarebytes but.. it's not an active scanning AV so I use it on a daily basis and use safe browsing techniques.

Is a Quick Format enough, or should I do a Full Format?

What is the difference?


PS: I use CA Security Suite in real time, and Malwarebytes weekly of if I get an infection that gets past CA.

"When you choose to run a regular format on a volume, files are removed from the volume that you are formatting and the hard disk is scanned for bad sectors. The scan for bad sectors is responsible for the majority of the time that it takes to format a volume.

If you choose the Quick format option, format removes files from the partition, but does not scan the disk for bad sectors. Only use this option if your hard disk has been previously formatted and you are sure that your hard disk is not damaged." -MSFT

Thanks IT. One last thing I've been wondering about.

I have this HDD that was infected, but also contains XP, so it's still running the PC.

Since I plan to do a fresh install of the OS, I want to do a full format first.

I only know how to do the format within Windows, either right clicking on the drive in My Computer, or inside Disk Management.

Here's my question, If I'm running Windows, and I start formatting the drive that is operating the computer, isn't this going to cause the PC to crash, as it's wiping out the OS?

If so, how can you format the HDD with the OS on it?

A repair install with the XP disc should do the trick.

Here's how: How-to repair Windows XP - With screen shots

Wow! That is perfect! Thank you so much.

PS: I most certainly would have selected the "Repair" option on screen one. Not sure why you wouldn't...

Quote:

---

Originally Posted by mitchsc

Thanks IT. One last thing I've been wondering about.

I have this HDD that was infected, but also contains XP, so it's still running the PC.

Since I plan to do a fresh install of the OS, I want to do a full format first.

I only know how to do the format within Windows, either right clicking on the drive in My Computer, or inside Disk Management.

Here's my question, If I'm running Windows, and I start formatting the drive that is operating the computer, isn't this going to cause the PC to crash, as it's wiping out the OS?

If so, how can you format the HDD with the OS on it?

---

Your confusing yourself. The OS is in resident memory until it is removed. Has nothing to do with the Hard Drive. So if you wipe it clean it will still work partially until you turn it off. If nothing critical is on the drive why not wipe the drive clean and then format then install your OS so you have the cleanest of boot ups.

C-Dad: That's exactly what I want to do. I AM confused as to how. That is what I was asking IT.

Are you saying that the OS moves from the HDD to RAM (is that what you mean by "resident memory")?

You say, "wipe it clean and then format". What do you mean by wipe it clean. I thought that was formatting.

Just to be clear, are you saying I can do this within Windows, without using the XP Boot CD?

If there is a specific procedure here, could you please lay out the steps for me? I've never formatted a HDD in it's own PC before. I have only formatted a secondary drive, or using a USB adapter in another PC (very slow).

Thanks. I really want to learn how to do this properly and as clean as possible.

Once you format the drive you will have to reinstall the OS from the cd / dvd. Wiping means to overwrite the contents so it can no longer be seen. Believe it or not yes you can format a drive but someone can also unformat a drive. So for security you can wipe it clean first.

You can use a free program called ccleaner.

Redirecting...


Under tools you can see some options for you to choose from.

Quote:

---

Originally Posted by Curlyben

A repair install with the XP disc should do the trick.

Here's how: How-to repair Windows XP - With screen shots

---

Since this is an upgrade disc, even during a repair install wouldn't it ask for a qualifying disc? Also, a Repair Install will replace the system files with the ones found on the CD but will leave your applications, files and settings where they are. So any infection residing in a non-system file will remain after the repair... right?

Mitch said he had quarantined them via MBAM but we all know how sketchy freeware AV's are. (assuming it's the free version)

I am psyched! I have been using CCleaner for years and never noticed the "wipe" function. Thanks! I always used Active Kill Disk for that.

So C-Dad, how exactly do I format the HDD that is installed and operating the computer, (within Windows)?

Quote:

---

Originally Posted by mitchsc

I am psyched! I have been using CCleaner for years and never noticed the "wipe" function. Thanks! I always used Active Kill Disk for that.

So C-Dad, how exactly do I format the HDD that is installed and operating the computer, (within Windows)?

---

Why do it within Windows? Why not just boot to CD and delete partition, recreate, install, etc..

You CANNOT "wipe" the boot (C drive) from within windows.

Ben: That's what I thought. This made no sense to me. Thank you.

IT: I am trying to get the simplest, most sensible method of "exterminating" a massive viral infected HDD, and doing a fresh install of XP.

I have been reading so many different suggestions in this thread, that I have become more confused then when I started.

I was always under the impression that a full format will clean up an infected drive, so I can reload XP. (Someone said Wiping the drive was necessary, but I thought that might be overkill)

The suggestion that makes the most sense to me, is booting the PC from the XP CD, formatting the infected HDD in the XP Setup procedure, and then just finishing up with the install. No need to pre-format or wipe the HDD before doing this.

Can someone just tell me if this is the correct and most straightforward way to go? Believe it or not, this is the 1st viral infection I've had to deal with.

Thanks all...

As I said earlier, try a repair install before you go for the full format rebuild.

Quote:

---

Originally Posted by Curlyben

As I said earlier, try a repair install before you go for the full format rebuild.

---

Ben: As I asked above, a Repair Install will replace the system files with the ones found on the CD but will leave your applications, files and settings where they are. So any infection residing in a non-system file will remain after the repair... right?

So an infection residing in a non-system file will remain even after a repair is ran. Which puts Mitch in the same spot he is in now correct?

True enough, but it also helps with rogue information in the registry.
Also I did say it was a first try before more desperate measures.

Quote:

---

Originally Posted by Curlyben

You CANNOT "wipe" the boot (C drive) from within windows.

---

Can you define that? Im asking because any program running in resident memory can execute so long as it is in memory.

That is why I said to wipe then format and install new OS. The drive wipe takes place within the last install of the OS before it gets cleaned off.

Simples really.
Windows will not let you delete files that are in use.
And since Win 2000 the OS dll etc are protected, so even if they are deleted they are restored on the next reboot.

What do you mean when you say wipe anyway ?

Surely a wipe and format are the same function, unless you are meaning a simple delete.

I'm getting quite an education here. I am interested in the discussion that's been taking place. Some of the terminology escapes me however, such as "resident memory".

In terms of my little problem, it's actually simpler than it could have been. I got the virus attack just after I finished loading XP. I have no other programs or files on the HDD. I never got the chance. Stupidly, and I know better, I was trying to upgrade something, and went to an unknown site where I picked up the virus.

So bottom line is, I have virtually nothing on my HDD but XP and a few hundred viruses.

No need for me to try and rescue any files, so I'm just going to start over. I'm talking about an hour or 2 here.

So... I know this is an incredibly basic level question, but I still consider myself a beginner so I'll only apologize 2 or 3 times :-)

Can I just full format the HDD using the boot CD as part of the new XP installation, to disinfect the drive? Or is there something more radical that must be done to ensure the viruses are gone?

I'd greatly appreciate it if I could get some guidance on this one question. I think I can take it from there.

Thanks again everyone, and have a great weekend...

By wipe. Its an erase process where you also overwrite it. It keeps anything from resurfacing. That way the computer is in a "clean" state and then when the format takes place there is nothing left to bring forward.

A wipe isn't a format nor is it simple erasing. Once wiped it can not be rebuilt.

Quote:

---

Originally Posted by mitchsc

I'm getting quite an education here. I am interested in the discussion that's been taking place. Some of the terminology escapes me however, such as "resident memory".

In terms of my little problem, it's actually simpler than it could have been. I got the virus attack just after I finished loading XP. I have no other programs or files on the HDD. I never got the chance. Stupidly, and I know better, I was trying to upgrade something, and went to an unknown site where I picked up the virus.

So bottom line is, I have virtually nothing on my HDD but XP and a few hundred viruses.

No need for me to try and rescue any files, so I'm just going to start over. I'm talking about an hour or 2 here.

So... I know this is an incredibly basic level question, but I still consider myself a beginner so I'll only apologize 2 or 3 times :-)

Can I just full format the HDD using the boot CD as part of the new XP installation, to disinfect the drive? Or is there something more radical that must be done to ensure the viruses are gone?

I'd greatly appreciate it if I could get some guidance on this one question. I think I can take it from there.

Thanks again everyone, and have a great weekend...

---

Yes a full format should take care of your problems and they shouldn't reoccur. Most viruses out there aren't very complex. So you have nothing to worry about.

Thanks so much C-Dad.

I must be misunderstanding something here. I get that a wipe overwrites random 1's and 0's on the drive, so the data cannot be recreated.

Your 1st post below "implies" (I think?) that I should do a wipe (then format) to ensure the viruses don't resurface. Your 2nd post states that all I need to kill the viruses is a full format.

Can you please clarify what I need to do?

Thanks again...

Out of curiosity, I found a forum debating this exact topic. It is apparently not such a simple answer. The general consensus is this. 99.9% of the time, a full format will take care of the viruses. But several people have experienced the resurrection of bits of viruses down the road.

Most posts recommended wiping the drive, and then formatting before reinstalling the OS, just to be 100% sure.

That sounds reasonable to me, so now I have a plan.

Again, thanks to everyone for your continued feedback and assistance on this.

Cheers...

Quote:

---

Originally Posted by mitchsc

Thanks so much C-Dad.

I must be misunderstanding something here. I get that a wipe overwrites random 1's and 0's on the drive, so the data cannot be recreated.

Your 1st post below "implies" (I think?) that I should do a wipe (then format) to ensure the viruses don't resurface. Your 2nd post states that all I need to kill the viruses is a full format.

Can you please clarify what I need to do?

Thanks again...

---

As you have read in the article you are citing you can do either. For a total wipe out with assurances of it never to return then wipe, format and install.

To just rid the virus from the computer and possibly have a problem but unlikely then just reformat then install.

It's a personal choice. Many shops that do computer repair don't take the time to wipe a drive and they just do a format. SO really its how much work that your wanting to do.

Also you might think of using this time spent to consider a new antivirus.

Yes, it is finally clear to me now, the differences and choices. I was originally operating under the assumption that there was a correct, and incorrect way of doing this. Obviously that is not the case here.

I shall go full out and wipe the drive first. I don't want anything coming back to haunt me later.

As far as my anti-virus goes, your suggestion is appreciated. In my case, however, it was not a matter of having insufficient security software. The problem was, I had just finished loading XP and accidentally clicked on a rogue site as I was attempting to install a service pack. I didn't even have a chance to load my security suite yet.

When it comes to anti-virus protection, I can be almost obsessive about it. I have CA Security Suite running all the time (in real time), then I regularly scan my system with MalwareBytes, SuperAntiSpyware, and sometimes even Spybot. As a compliment to my CA Suite, I haven't found anything better than MalwareBytes.

I use Windows Firewall, CA Firewall, and the D-Link Firewall in my router. And, I stay away from unfamiliar sites. If I must download a file, I always scan it with at least 2 malware programs before opening it.

I'd welcome any suggestions on how to protect my system even more, but I think I'm pretty well covered.

This whole thing was just a stupid slip up on my part. And a good reminder to slow down and be very careful.

Again, thank you for all your excellent help with this. I learned a lot...