Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

No -reformat Reinstall Technique


  • Please log in to reply
4 replies to this topic

#1 rayandmaura

rayandmaura

  • Members
  • 104 posts
  • OFFLINE
  •  
  • Local time:03:02 AM

Posted 19 March 2007 - 06:01 PM

Theres a way to do a do a no-reformat reinstallation thats supposed to wipe out the malware in system files basicly This technique lets you completely and nondestructively rebuild, repair or refresh an existing XP installation while leaving already-installed software alone (no reinstallation needed!). It leaves user accounts, names, and passwords untouched; and also takes only a fraction of the time a full, from-scratch reinstall does. And unlike a traditional full reinstall, it wont leave me with two copys of the o.s.. So if I had a virus in a protected folder and I did the no-reformat installation would it really clean the virus? Ive done the no-reformat installation before just to do it but ive never actually tried it for malware so im wondering what anyone thinks or if anyones tried it before ?

BC AdBot (Login to Remove)

 


#2 arcman

arcman

  • Members
  • 706 posts
  • OFFLINE
  •  
  • Location:Michigan
  • Local time:03:02 AM

Posted 19 March 2007 - 06:22 PM

What type of Windows installation is on there now?
Was it preloaded with Windows or was it installed with a standard XP disk?
If it was preloaded, what brand is it?
Posted Image

#3 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,091 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:03:02 AM

Posted 19 March 2007 - 08:16 PM

A repair install won't replace everything on the system - so the virus/malware can still be present. For example, a bad copy of svchost.exe in a different location than the system32 sub-directory would remain on the system.

So, in short, there's no way to preserve everything on your system, repair Windows and completely remove malware without using a malware removal tool.

A suggestion is to slave the drive to another computer that has a good antivirus on it, and then scan the slave drive for viruses.
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#4 rayandmaura

rayandmaura
  • Topic Starter

  • Members
  • 104 posts
  • OFFLINE
  •  
  • Local time:03:02 AM

Posted 20 March 2007 - 05:33 PM

Usama, I understand what you mean about the svchost.exe file not being " cleaned" by the no-reformat re-installation if its in another place other than the system 32 folder But would the protected svchost.exe in the system 32 folder be cleaned ? I would think so.The repair installation is supposed to fix corrupted, incomplete etc. files. Some virus scanners cant fix certain malware/ virus in protected files because of course they are protected and the access is denied . So couldnt I just do the repair installation to fix "all " protected system files and use a virus scan on the regular files and be done with it ? Instead of running around trying to find what tool or virus scanner will work for a certain virus in the protected system files ? _ Arcman, Its xp home and was pre loaded with a dell system and im using dell supplied re-installation discs. I thank you all for helping !! ------------------------- RAY

#5 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,091 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:03:02 AM

Posted 20 March 2007 - 07:21 PM

Protected files are, IMO, a misnomer - since they get corrupted frequently enough to require the use of SFC.EX.E to fix them. As far as I know, svchost.exe isn't a protected file - I just used it as an example since it was mentioned earlier in the thread.

The first place that SFC.EXE looks is the dllcache folder, then it looks to other places on the drive/CD to figure out what has been changed. I haven't looked at the contents of the logfile that's generated either - so I don't have a "list" of the protected files.

But, if a virus attack is sophisticated enough to corrupt the protected files, wouldn't it be sophisticated enough to foil the easy ways of fixing it? Todays virus attacks are multi-layered and take things like fixing the protected files into account.

Finally, if the svchost.exe file is located in the Windows directory, then the repair installation of won't fix it - because it only replaces the genuine files - leaving the other alone becasue they presume that they belong there.

It'd be nice if this would work, but it's been my experience that it'd only fix the crudest of virus attacks - and would be of limited use to any sort of blended threat that is common today.
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users