There are no guarantees or shortcuts
when it comes to malware removal, especially when dealing with backdoor Trojans
or rootkit components
that can hook into the Windows 32-bit kernel, and patch several APIs to hide new registry keys and files they install. Infections will vary and some will cause more harm to your system then others as a result of it having the ability to download more malicious files. Security tools that claim to be able to remove rootkits cannot guarantee
that all traces of it will be removed as they may not find all the remnants. If something goes awry during the malware removal process there is always a risk the computer may become unstable or unbootable and you could loose access to your data.
Your decision as to what action to take should be made by reading and asking yourself the questions presented in the "When should I re-format?
" and "...Now What Do I Do?
" links I previously provided. As I already said, in some instances an infection may have caused so much damage to your system that it cannot be completely cleaned. In some instances an infection may leave so many remnants behind that security tools cannot find them so the system cannot be completely repaired or trusted. Wiping your drive, reformatting
, and performing a clean install of the OS or doing a factory restore with a vendor-specific Recovery Disk or Recovery Partition
removes everything and is the safest action
but I cannot make that decision for you
Should you decide not to reformat, we will do our best to help clean the computer of any infections but we cannot guarantee it to be trustworthy or that the removal will be successful
Should you decide to reformat and do a clean install or do a factory restore due to malware infection, you can back up all your important documents, personal data files, photos to a CD or DVD drive, not a flash drive or external hard drive as they may become compromised in the process. The safest practice is not to backup
any executable files (*.exe), screensavers (*.scr), autorun (.ini) or script files (.php, .asp, .htm, .html, .xml ) files because they may be infected by malware. Avoid backing up compressed files (.zip, .cab, .rar) that have executables inside them as some types of malware can penetrate compressed files and infect the .exe files within them. Other types of malware may even disguise itself by hiding a file extension
or adding to the existing extension as shown here
(click Figure 1 to enlarge
) so be sure you look closely at the full file name. If you cannot see the file extension, you may need to reconfigure Windows to show file name extensions
. Then make sure you scan the backed up data with your anti-virus prior to
to copying it back to your hard drive.
If your CD/DVD drive is unusable, another word of caution if you are considering backing up to an external usb hard drive as your only alternative. External drives are more susceptible to infection and can become compromised in the process of backing up data
. I'm not saying you should not try using such devices but I want to make you aware of all your options and associated risks so you can make an informed decision if its worth that risk.
Again, do not back up any files with the following file extensions: exe, .scr, .ini, .htm, .html, .php, .asp, .xml, .zip, .rar, .cab as they may be infected.