I understand. Sometimes a reformat or a factory restore is the best solution. Starting over by wiping your drive, reformatting, and performing a clean install of the OS removes everything and is the
safest action. Doing that ensures no remnants of malicious files are left behind.
If you're not sure how to reformat or need help with reformatting, please review:
These links include specific step-by-step instructions with screenshots:
Vista users can refer to these instructions:
Windows 7 users can refer to these instructions:
Don't forget you will have to go to
Microsoft Update and apply all Windows security patches after reformatting.
Note: If you're using an IBM, Sony, HP, Compaq, Toshiba, Gateway or Dell machine, you may not have an original CD Disk. By policy Microsoft no longer allows OEM manufactures to include the original Windows XP CD-ROM on computers sold with Windows preinstalled. Instead, most computers manufactured and sold by OEM vendors come with a vendor-specific Recovery Disk or Recovery Partition for performing a clean "factory restore" that will reformat your hard drive, remove all data and restore the computer to the state it was in when you first purchased it. Also be sure to read Technology Advisory Recovery Media. If the recovery partition has become infected, you will need to contact the manufacturer, explain what happened and ask them to send full recovery disks to use instead..
If you have made a
disk image with an
imaging tool (
i.e. Acronis True Image, Drive Image, Ghost, Macrium Reflect, etc.)
before your system was infected, then using it is another option. Disk Imaging allows you to take a
complete snapshot (image) of your hard disk which can be used for system recovery in case of a hard disk disaster or malware resistent to disinfection. The image is an exact, byte-by-byte copy of an entire hard drive (partition or logical disk) which can be used to restore your system at a later time to the exact same state the system was when you imaged the disk or partition. Essentially, it will
restore the computer to the state it was in when the image was made. You will then have to reinstall all programs that you added afterwards. This includes all security updates and patches from Microsoft.
Reformatting a hard disk deletes all data. If you are reformatting or doing a factory restore due to malware infection, you can back up all your important documents, personal data files, photos to a CD or DVD drive, not a flash drive or external hard drive as they may become compromised in the process. The
safest practice is not to backup any executable files (*.exe), screensavers (*.scr), dynamic link library (*.dll), autorun (.ini) or script files (.php, .asp, .htm, .html, .xml) files because they may be infected by malware. Avoid backing up compressed files (.zip, .cab, .rar) that have executables inside them as some types of malware can penetrate compressed files and infect the .exe files within them. Other types of malware may even disguise itself by
hiding a file extension or adding to the existing extension as shown
here (
click Figure 1 to enlarge) so be sure you look closely at the full file name. If you cannot see the file extension, you may need to
reconfigure Windows to show file name extensions. Then make sure you scan the backed up data with your anti-virus
prior to to copying it back to your hard drive.
If your CD/DVD drive is unusable, another word of caution if you are considering backing up to an external usb hard drive as your only alternative.
External drives are more susceptible to infection and can become compromised in the process of backing up data. I'm not saying you should not try using such devices but I want to make you aware of all your options and associated risks so you can make an informed decision if its worth that risk.
Again, do not back up any files with the following file extensions: exe, .scr, .dll, .ini, .htm, .html, .php, .asp, .xml, .zip, .rar, .cab as they may be infected.
If you need additional assistance with reformatting or partitioning, you can start a new topic in the appropriate
Windows Operating System Subforum.
Edited by quietman7, 26 October 2010 - 12:58 PM.