Whenever a system has been compromised by a backdoor payload, it is impossible to know if or how much the backdoor has been used to affect your system...There are only a few ways to return a compromised system to a confident security configuration. These include:
Reimaging the system
Restoring the entire system using a full system backup from before the backdoor infection
Reformatting and reinstalling the system
A hard drive is a disk (or set of disks) with a magnetizable coating on which a recording head can write information. Each kind of computer and operating system has its own way of formatting that information, but they all write in concentric circles, grouping the information into smaller blocks or sectors. Before data can be stored on a hard drive (or any magnetic disk, actually), it must be formatted. This process magnetically creates the writeable areas on the disk.
To reformat the disk means to recreate these areas, refreshing the disk to a new state. A full format permanently erases everything on the disk as part of the process.
Reformatting a hard disk deletes all data
. You can back up all your important documents, personal data files, photos, music, videos to a CD or DVD drive, not a flash drive or external hard drive as they may become compromised in the process. The safest practice is not to backup
any executable files (*.exe), screensavers (*.scr), dynamic link library (*.dll), autorun (.ini) or script files (.php, .asp, .htm, .html, .xml) files because they may be infected by malware. Avoid backing up compressed files (.zip, .cab, .rar) that have executables inside them as some types of malware can penetrate compressed files and infect the .exe files within them. Other types of malware may even disguise itself by hiding a file extension
or by adding double file extensions and/or space(s) in the file's name to hide the real extension as shown here
(click Figure 1 to enlarge
) so be sure you look closely at the full file name. If you cannot see the file extension, you may need to reconfigure Windows to show file name extensions
. Then make sure you scan the backed up data with your anti-virus prior to
to copying it back to your hard drive.