Hacked by silent program, wipe and reinstall question.

Page 1 of 2 12 LastLast

  1. Posts : 16
    10
       #1

    Hacked by silent program, wipe and reinstall question.


    Recently found out I have had some silent program installed that allows remote access and admin rights changes. I have sorted over 2TB of files across 3 drives. Moved only those files from one drive to another, then wiped the blank with 35 passes each until all drives had been done. Question is, with a clean install on a wiped drive, BIOS reset to factory, is my registry and drive clean of this mess so I can at least get back going? I've not connected to the net as of yet since and do not want to do all that again, but will if necessary.
    Thanks so much for any help in advance!
      My Computer

  2. Ghot's Avatar
    Posts : 12,859
    Win 10 Home 10.0.19044.1288 (x64) [21H2]
       #2

    Nate8 said:
    Recently found out I have had some silent program installed that allows remote access and admin rights changes. I have sorted over 2TB of files across 3 drives. Moved only those files from one drive to another, then wiped the blank with 35 passes each until all drives had been done. Question is, with a clean install on a wiped drive, BIOS reset to factory, is my registry and drive clean of this mess so I can at least get back going? I've not connected to the net as of yet since and do not want to do all that again, but will if necessary.
    Thanks so much for any help in advance!


    Well everything you "wiped" is clean. But... the files you moved before you wiped can still be infected.


    I also notice that it says: Windows 7 but wanting Windows 10.
    You can still upgrade for free.

    Just use the Media Creation Tool, found here, and create the Windows 10 install media (USB).
    Then during the Windows 10 install, just type in your Windows 7 product key.

    https://www.microsoft.com/en-us/soft...load/windows10



    If you don't know your Windows 7 product key, you can use ShowKeyPlus to find it...

    Find Product Key in Windows 7/8/10
      My Computer

  3. Paul Black's Avatar
    Posts : 14,665
    Win 10 Pro 64-bit v1909 - Build 18363 Custom ISO Install
       #3

    Hello @Nate8,


    I do NOT think that the OS Drive will be the problem. It is the OTHER Drives that you need to make sure that are FREE from Viruses / Malware, even though you have used the Degausser Option, BEFORE you Copy ANY Files or Folders back to the new Clean Install.

    I hope this helps.
      My Computer

  4. dalchina's Avatar
    Posts : 33,015
    Win 10 Pro (1903) (2nd PC is 21H1)
       #4

    A clean install from a valid source should be fine- consider any sychronisation with other accounts that might represent a risk.

    Connection to any disk used when the PC was compromised that has not been wiped could possibly represent a risk and requires appropriate caution.

    How might you protect yourself, save time, and save your configuration so you can restore an infected or ccomprised PC?

    If you use disk imaging regularly and routinely as is endlessly recommended here, and you are confident that the disk image was created BEFORE any infection or problem such as this, then you can restore an image of your Windows installation and any other imaged partitions and be back exactly as you were when the image was created.

    Same applies to recovery from other techical problems.

    E.g. Macrium Reflect (free/paid) + external storage for image files.
      My Computers


  5. Posts : 16
    10
    Thread Starter
       #5

    Ghot said:
    Well everything you "wiped" is clean. But... the files you moved before you wiped can still be infected.
    Thank you so much for the reply! As long as my main is clean and that mess is off my unit, I can deal with those later.
    Any ideas on how to make sure those files are clean? I've ran every malware I can think of. Checked for hidden and known users through both PowerShell and CMD.
    Thank you again!
      My Computer

  6. Ghot's Avatar
    Posts : 12,859
    Win 10 Home 10.0.19044.1288 (x64) [21H2]
       #6

    Nate8 said:
    Thank you so much for the reply! As long as my main is clean and that mess is off my unit, I can deal with those later.
    Any ideas on how to make sure those files are clean? I've ran every malware I can think of. Checked for hidden and known users through both PowerShell and CMD.
    Thank you again!


    I would use ESET online scanner, and then get a 2nd opinion with Malwarebytes.

    If you have a week or two (for those other files), the folks at BleepingComputer can find any nasties... for sure.
    Virus, Trojan, Spyware, and Malware Removal Help Forum - BleepingComputer.com

    They aren't fast, but when done, if they say you're clean... you are clean.
      My Computer



  7. Posts : 16
    10
    Thread Starter
       #7

    Paul Black said:
    Hello @Nate8,


    I do NOT think that the OS Drive will be the problem. It is the OTHER Drives that you need to make sure that are FREE from Viruses / Malware, even though you have used the Degausser Option, BEFORE you Copy ANY Files or Folders back to the new Clean Install.

    I hope this helps.
    It did help and thank you so much! Won't be fooling with those files until I can figure out what to do with them later.
    Thank you again!
      My Computer

  8. Paul Black's Avatar
    Posts : 14,665
    Win 10 Pro 64-bit v1909 - Build 18363 Custom ISO Install
       #8

    Nate8 said:
    It did help and thank you so much! Won't be fooling with those files until I can figure out what to do with them later.

    Thank you again!
    You are VERY welcome and good luck.
      My Computer


  9. Posts : 16
    10
    Thread Starter
       #9

    dalchina said:
    A clean install from a valid source should be fine- consider any sychronisation with other accounts that might represent a risk.

    Connection to any disk used when the PC was compromised that has not been wiped could possibly represent a risk and requires appropriate caution.

    How might you protect yourself, save time, and save your configuration so you can restore an infected or ccomprised PC?

    If you use disk imaging regularly and routinely as is endlessly recommended here, and you are confident that the disk image was created BEFORE any infection or problem such as this, then you can restore an image of your Windows installation and any other imaged partitions and be back exactly as you were when the image was created.

    Same applies to recovery from other techical problems.

    E.g. Macrium Reflect (free/paid) + external storage for image files.
    Thank you also for your reply! Already thought of the synced possibilities and planned for that. Will make sure all that is safe. Will definitely be making a reinstall disk of just the OS also. I know where it came from so that's planned for also.
    Thank you so much!

    - - - Updated - - -

    Ghot said:
    I would use ESET online scanner, and then get a 2nd opinion with Malwarebytes.

    If you have a week or two (for those other files), the folks at BleepingComputer can find any nasties... for sure.
    Virus, Trojan, Spyware, and Malware Removal Help Forum - BleepingComputer.com

    They aren't fast, but when done, if they say you're clean... you are clean.
    I will do that for sure. Malwarebytes and MB reg scan said clean files. Tdss killer, and hitman pro did also. Will worry about the files later.
    I have updated to 10. Just hadnt updated here till now. I appreciate you mentioning that still.
    Thank you again for all your help!
      My Computer

  10. Try3's Avatar
    Posts : 9,362
    Windows 10 Home x64 Version 21H2 Build 19044.1288
       #10

    Nate8 said:
    Recently found out I have had some silent program installed that allows remote access and admin rights changes.
    It would help with suggesting remedial actions if you explained how you knew you had this "silent program".

    All the best,
    Denis
      My Computer


 
Page 1 of 2 12 LastLast

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 16:39.
Find Us




Windows 10 Forums