Question Malware - Is removing enough ?

[onemoretimex]

Hello everyone,

For the first time in my life I had Malware on my PC not sure how it happened but noticed I had programs running on taskmanager that I hadn't even installed Utorrent.exe etc...

Did a scan using Malwarebytes, Zemena and a whole load of others and did it over and over again until neither of them were finding anything anymore.

Changed passwords to anything I had used in the week it had been present.

My question is, Is removing until these detection software doesn't find anything enough ? or is reinstalling windows on a formatted drive the solution everyone should be opting for at this point ?

Also is there a way to check if any remnenets remain on Hardware, Bios etc ?.

My bios is up to date with the most recent release, would It be a good call to re-flash my bios with the same release to be double sure nothing is lurking ?

Reason for not automatically reinstalling windows is due to the amount of software I have installed for Music production that I no longer have the product license lying around... silly as I used to have a word file with all the keys written down.

and there is so many plugins that require a key that I would certainly not have them all installed again if I formatted and reinstalled.

Thanks for any advice, there was backdoor bots among other horrible little infections... still unsure how it got on as i'm normally very careful.

 

[USAFRet]

The real way is to recover from the Full or Incremental backup you made before this happened.

This is why my main system gets an Incremental backup, every night, all 6 drives individually.

I can recover any drive, or the whole system, to the state is was any day in the last 30 days.


Should you do a full wipe and reinstall, or is scan and remove with your preferred malware tools enough?
That depends....the severity of the infection, and your trust in your tools.

 

[onemoretimex]

The real way is to recover from the Full or Incremental backup you made before this happened.

This is why my main system gets an Incremental backup, every night, all 6 drives individually.

I can recover any drive, or the whole system, to the state is was any day in the last 30 days.


Should you do a full wipe and reinstall, or is scan and remove with your preferred malware tools enough?
That depends....the severity of the infection, and your trust in your tools.

Thanks, Yeah I have a backup made on an external drive but it's very old so not much use in terms of trying to prevent losing my installed software and the most recent restore option is post infection, with the earlier one being a year ago for availability.

So far I've used Zemena, Emisoft emergency, Spybot S+D, Eset Online Scanner and MAlware bytes to attempt to get zero results and have been successful after multiple scans and deletions.

The only one that still pops up is a maldropper.onclick, but I believe this may be a false positive for Ublock Origin installed on my browser as the folder for the detection is Brave/Extentions and usually tied to one of the lists it uses.

If I continue to get clean results would you be satisfied that the system is now clean ?

Would you also reflash the bios to be on the safe side ?

 

[USAFRet]

Thanks, Yeah I have a backup made on an external drive but it's very old so not much use in terms of trying to prevent losing my installed software and the most recent restore option is post infection, with the earlier one being a year ago for availability.

So far I've used Zemena, Emisoft emergency, Spybot S+D, Eset Online Scanner and MAlware bytes to attempt to get zero results and have been successful after multiple scans and deletions.

The only one that still pops up is a maldropper.onclick, but I believe this may be a false positive for Ublock Origin installed on my browser as the folder for the detection is Brave/Extentions and usually tied to one of the lists it uses.

If I continue to get clean results would you be satisfied that the system is now clean ?

Would you also reflash the bios to be on the safe side ?

The only person that needs to be satisfied is you.

If you continue, you'll have lingering doubts forever.
You may never know if it is actually all gone.


And no, I would not do anything with the BIOS.

 

[scout_03]

remove it trojan feeder https://www.malwarebytes.com/blog/detections/trojan-dropper

 

[onemoretimex]

remove it trojan feeder https://www.malwarebytes.com/blog/detections/trojan-dropper

Is this in reference to the maldropper.onclick ? this goes away once i remove my ublock origin extension.

Should I maybe try another extension ?

 

[scout_03]

do you realy need origin extension .

 

[ReveurGAM]

Hello everyone,

For the first time in my life I had Malware on my PC not sure how it happened but noticed I had programs running on taskmanager that I hadn't even installed Utorrent.exe etc...

Did a scan using Malwarebytes, Zemena and a whole load of others and did it over and over again until neither of them were finding anything anymore.

Changed passwords to anything I had used in the week it had been present.

1. My question is, Is removing until these detection software doesn't find anything enough ? or is reinstalling windows on a formatted drive the solution everyone should be opting for at this point ?
2. Also is there a way to check if any remnenets remain on Hardware, Bios etc. My bios is up to date with the most recent release, would It be a good call to re-flash my bios with the same release to be double sure nothing is lurking ?
3. Reason for not automatically reinstalling windows is due to the amount of software I have installed for Music production that I no longer have the product license lying around... silly as I used to have a word file with all the keys written down. and there is so many plugins that require a key that I would certainly not have them all installed again if I formatted and reinstalled.

1. it really depends on the infections, how you got the infection, what was used to install all of the malware, etc. You may have been socially engineered into downloading a Trojan or similar. Some of those will download and install multiple types of Malware. Also, depending on how deeply the infection was able to embed itself, there may still be something, or it may be able to mask its presence.
2. Finding something that is evading everything you've done isn't easy unless you can run analysis software and identify malicious agents. I would suggest asking for help from the company you bought antimalware software from, or ask the volunteers on Bleeping Computer for help. They go through a rigorous training program. I know because I went through part of it but life took me in another direction. Don't reinstall Windows unless you know that the infection has gotten root amin access and has established a presence in which it basically houses Windows inside it. As to doing a reflash of BIOS: until you've verified that your system is clean or you are instructed to do so, there is no harm in trying it but download the package from a safe PC to your usb drive, turn off your PC and go into BIOS. I somewhat disagree with the malware removal instructions posted here, especially about using safe mode and using ccleaner's registry fixer, but that's outside the scope of your questions
3. That's very unfortunate. You could get contacting the companies that made them to see if they could help.

The only one that still pops up is a maldropper.onclick, but I believe this may be a false positive for Ublock Origin installed on my browser as the folder for the detection is Brave/Extentions and usually tied to one of the lists it uses.

That may need to be removed. It may be a dropper, which is to say it can download and install multiple malware. It may be the source of your trouble. What extension is using it? Ublock?

I realize you have keys for extensions but...Contact the creators to try to get your keys, then uninstall ALL extensions. Turn off sync. Save all your passwords and bookmarks, then do a full, clean uninstall, making sure to delete any leftover folders. Make sure to use task manager to disable any suspicious startups. Restart. Then download and install your browser of choice. Add in extensions one by one, being careful to test for odd behavior and unexpected software being added each time. UO is a good program but if you're interested in more control, I highly recommend NoScript by Giorgio Maone of Hackademix. His extension offers far more control over what gets blocked than any other script blocker I've tried. It does include the ability to use several tools to try to figure out what something is and if it's going to task or infect you. I use that plus I search for "what is [website address]". If I'm really confused, I also use Virus Total and Trust Pilot, and I have other websites if that also fails. The downside is, of course, that you have to set it up for each site unless you get a blacklist. That's better than the shields in Brave, which routinely breaks sites and you have almost no control other than to disable it for a site.

I realize I'm late to the party, but I hope this is useful.