Cleaning vs. Protection – Why you shouldn’t rely on malware cleaning

Do you continue to use your PC after a nasty infection has been removed?


  • Total voters
    60

Overkill

Level 31
Thread author
Verified
Honorary Member
Feb 15, 2012
2,128
Source
I totally agree with the below text in bold...
The more effective solution: clean, backup and then “nuke and pave”

Lego patching up a brick wall (image: pixabay.com)To make this very clear, as there are still loads of misconceptions about it all over the internet:

A once-infected computer can’t be trusted anymore.

Afer cleaning and making backups of your data, you always have to wipe and reload your entire operating system from scratch. We fully understand that many IT people will moan about that idea and argue, “but it takes sooo long to do that, and who’s going to pay for it?” or maybe, “there is necessary old software on that PC that can’t be found/installed anymore”. But honestly, if you really want to clean a system well, it always takes a long time. Furthermore, if the software is truly so old that you can’t find it anymore, isn’t it probably time to replace it with something more modern anyway?
----------------------------------------------------------------------------------------------------------------
Another strange pop-up or unexpected crash, and it’s time to take your computer back to the shop, right?

But what if you could avoid losing precious data and time spent with your computer? What if this whole cleaning step could be eliminated entirely?

This is why protection is a pivotal topic in the antivirus industry. Cleaning and protecting seem like two methods that aim for the same goal: a computer that is free of any online threats. While a few people still believe that they have nothing important to lose on their devices, we’d like to analyze two significantly different approaches for security conscious people: cleaning an infected PC versus keeping a PC clean.

The end result or effect may look the same at first glance, but once you learn a few technical details and understand how things truly work, you’ll be surprised how different both approaches actually are.

No need to wear a seat belt, the doctors will fix me!
Lego patient on the way to the hospital (image: pixabay.com)Not practicing protection because you’ll clean your computer later is like choosing to ride in a car without your seatbelt because the doctors will patch you up in the event of an accident.

If you can imagine how ridiculous that is, then you can understand how important protection is for your PC. You’re basically acknowledging that your computer could be permanently damaged, very expensive to fix, or at the point of no return!

Prevention is more than just the preferred method or smartest choice. Below we’ve included some scenarios to illustrate what’s possible if you rely exclusively on cleaning instead of protection.

Infection case #1: Home user with PUPs that continue to collect data after removal

You’re at your PC hoping to do some online banking, but your screen is obscured by nasty, adult pop-ups and you have no clue how they got there or how to get rid of them. Your next thought is to download one of the many cleaning tools out on the internet to get rid of them. After all, that worked for you before.

The infection you had was a PUP (Potentially Unwanted Program). It doesn’t put much effort in hiding itself, so luckily for you, it can be removed relatively easy.

The price you have to pay for that experience: maybe a few hours of research, downloading tools, and conducting the scans and clean runs. The hidden price: that software collected personal information about you and your computer usage habits. You may still encounter weird occurrences in the future while surfing the web, and you may be recognized by various websites and their ad network partners.

Lego cleaning bots (image: pixabay.com)

Infection case #2: Business PCs manipulations that can hardly be reverted

Some computer guy told you to make sure automatic Windows updates are enabled on all the office computers. You check the update settings and realize that the service is completely disabled and won’t allow you to turn it on. Something is obviously wrong with your computer. Just recently you wondered why all Google ads look a bit different, larger, and more prevalent. You pick a malware scanner and run a thorough scan.

Whoa! 104 infections found! Most of them are harmless PUPs, but there are also a couple dozen active “Agent” trojan findings. They are remote controlled by a server and form huge botnets with hundreds of thousands of other victim computers. It’s the ideal tool to send billions of spam emails, or even run coordinated DoS attacks on big online services (unless, of course, they’re willing to pay a huge ransom).

Another listed infection on your scanner is labeled “Rootkit,” which is actually a well-hidden piece of malware that could easily go unnoticed, but watches your online banking activities and redirects some money to an anonymous account in a foreign country.

Your malware scanner does a great job in cleaning all those infections, so you have nothing to worry about, right?

Lego unicorn (image: pixabay.com)

Well it appears that even though all of the malware was properly removed, your Windows updates are still not working and some operating system components used to enable them don’t even exist anymore. This is because it’s just not the scope of your malware scanner to re-download missing files from Microsoft onto your system. Additionally, your malware scanner can’t know which of your system settings are intentional and which ones are malware-manipulated. As a result, there may be one or more open gates inviting new attackers to take over your computer again.

Just imagine a newly created user account with full administrative rights, or new network shares that make all of your data accessible to the public.

Bottom line: you need to be a real expert with years of malware analysis experience to be able to reconstruct everything the malware changed, down to the smallest level. It would take days to do that properly, and to make sure there is absolutely no hidden setting left that could compromise your entire security framework again.

Infection case #3: Local hospital irreversibly loses patient data

It’s Tuesday morning and you have the early shift, and the first patients of the day are waiting for their examination. But something is wrong with the IT. Very, very wrong! Instead of pulling up the patients’ details, all your computer shows is an FBI-branded screen that tells you to send $1,000 USD via an anonymous online payment system! You have 48 hours to do this, or else your entire patient database will be lost forever.

Screen Shot 2015-08-06 at 7.26.21 PM
FBI Warning screen
You understandably panic and call the most expensive IT company for advice. All they can tell you is that your files have been encrypted with a secret key that can’t be cracked in less than 2 million years. After some further investigation they give you more bad news: Your automatic backup system failed a couple of weeks ago because nobody noticed the alerts that the software gave on the server. Bummer! All you can do is reinstate an outdated backup and try to reconstruct all data that has been added since then, or pay that hefty ransom.

This is the situation when malware cleaning has reached its limits. You may be able to remove the crypter if it’s still present, but you have most likely no way to decrypt all your files. It’s a nightmare scenario, and yet it happens to thousands of home users, businesses and institutions around the world every day.

Cleaning is like patching up holes only larger than 2″ on a leaky boat
It will probably give you enough time to rescue your most valuable goods, but sooner or later your boat will sink. It’s the exact same thing with your computer. In the best situation you will earn a cleaned PC that allows you to make a backup of all your documents, pictures and other data, but it is nearly impossible to get a truly clean system back ever again.

The more effective solution: clean, backup and then “nuke and pave”

Lego patching up a brick wall (image: pixabay.com)To make this very clear, as there are still loads of misconceptions about it all over the internet:

A once-infected computer can’t be trusted anymore.

Afer cleaning and making backups of your data, you always have to wipe and reload your entire operating system from scratch. We fully understand that many IT people will moan about that idea and argue, “but it takes sooo long to do that, and who’s going to pay for it?” or maybe, “there is necessary old software on that PC that can’t be found/installed anymore”. But honestly, if you really want to clean a system well, it always takes a long time. Furthermore, if the software is truly so old that you can’t find it anymore, isn’t it probably time to replace it with something more modern anyway?

How to avoid all the hassle: protect your PC!
Protection is ideally established in multiple layers that complement each other:

Make sure all software is up-to-date.
Windows updates should never be avoided for any reason. Never postpone them, for your own sake. On almost every patch-day (that’s when Microsoft releases a new set of updates for Windows) multiple critical security leaks are being fixed. Many of the patches close critical security leaks that potentially allow attackers to take over your PC remotely. Don’t forget, internet browsers and their plugins like Flash and Java need to be updated as well! Often you don’t even need to download and run a malware file manually to become a victim. Most infections occur via drive-by attacks while you’re surfing the web, or through fully automated bots searching for new victims around the world all day long.
Use the best malware protection money can buy
Needless to say that you can’t go wrong with Emsisoft Anti-Malware or Emsisoft Internet Security. Emsisoft’s protection software had the smallest number of compromised systems across all 6363 real-world test cases performed by AV-Comparatives in 2014. If you’re using a pre-installed antivirus program that came with your computer when you bought it, make sure the license has not expired. They typically only last for 6 months and stop protecting after that period. Free software is typically limited in functionality or shows average protection capabilities. Compare test results from well known testing agencies like AV-Comparatives or VirusBulletin (VB100).
Make regular backups of all your data.
How much would it costs to recreate all your files from zero, and could you afford losing all data? Choose your backup intervals based on that question. If you create relatively few files throughout the week and could recreate them easily in the event of an infection, conduct weekly backups. If you create new data every day that can’t be re-done at all (such as pictures, videos, patient data, etc.), do daily, or even intra-daily differential backups.
Lego maintainance guy (image: pixabay.com)

As the saying goes, an ounce of prevention is better than a pound of cure.

Have a great, malware-free day!
 

Kate_L

in memoriam
Verified
Top Poster
Well-known
Jun 21, 2014
1,044
Yes! because I know how to clean and check if I still have malware. So, I voted "Yes, If there are no more obvious signs of malware".
 
  • Like
Reactions: done and JakeXPMan

Enju

Level 9
Verified
Well-known
Jul 16, 2014
443
Cleaning up something more serious than adware is a joke, there is no certainty that this OS hasn't been compromised more than just the visible infections.
So no cleaning for me, every PC I get for cleanup is getting a data backup and gets nuked. :)
 
H

hjlbx

Re-install Windows on business/data PC can be big problem if backups aren't done regularly or not done correctly (incomplete).

Re-install Windows on personal PC... without hesitation.

It depends upon malware infection... is it PUP, RAT, rootkit, stealer, etc, etc, etc ?

I adhere to manual malware removal using utilities as opposed to relying solely upon any AV.
 

JakeXPMan

Level 17
Verified
Top Poster
Well-known
Oct 20, 2014
804
Good lord, that was a long read,

My take on it all,

... Either method is fine, it spreading paranoia reading this artical. Lets not try to get hardware immortal in a flawed internet and computer world. I find myself not using my PC to the fullest because I don't like changing anything.... even with a system recovery on the partition. :(

Me feeling is that sometimes a PC can be "compromised" by a single program you choose to install, like a browser music player, or just on its own from daily use. Reading overkill methods is getting me paranoid to install things! Like I worry if I install Anti-virus it will change too much in registry, can the company be trusted?, or not uninstall properly and I'll be stuck with slower boot times etc... etc...

No, malware is not like a car accident, unless its the "CAR" you choose to keep using instead of replacing your wheels. Yes a car can be compromised after accident. (hardware and hardware). PC and Human comparison is just weird, we're not robots... a seat-belt is WAY more critical in life then a malware removed PC.

If something seems wrong and wont fix, reinstall windows. If malware seemed minor or no problems after disinfecting, leave the PC alone.

Re-installing windows when no signs of problems is like locking your door from both sides... are you secure enough already??
 
Last edited:

frogboy

In memoriam 1961-2018
Verified
Top Poster
Well-known
Jun 9, 2013
6,720
Good lord, that was a long read,

My take on it all,

... Either method is fine, it spreading paranoida reading this artical. Lets not try to get hardware immortal in a flawed internet and computer world. I find myself not using my PC to the fullest because I don't like changing anything.... even with a system recovery on the partition. :(

Me feeling is that sometimes a PC can be "compromised" by a single program you choose to install, like a browser music player, or just on its own from daily use. Reading overkill methods is getting me paranoid to install things! Like I worry if I install Anti-virus it will change too much in registry, can the company be trusted?, or not uninstall properly and I'll be stuck with slower boot times etc... etc...

No, malware is not like a car accident, unless its the "CAR" you choose to keep using instead of replacing your wheels. Yes a car can be compromised after accident. (hardware and hardware).

PC and Human comparison is just weird, we're not robots... a seat-belt is WAY more critical in life then a malware removed PC.

If something seems wrong and wont fix, reinstall windows. If malware seemed minor or no problems after disinfecting, leave the PC alone.

Re-installing windows when no signs of problems is like locking your door from both sides... are you secure enough already??
So well described. ;):D
 

JakeXPMan

Level 17
Verified
Top Poster
Well-known
Oct 20, 2014
804
So well described. ;):D

Thanks but you know what? I reinstalled windows 4 times in 6 months... I'm clearing losing it a bit ;) I have not reinstalled my Windows 7 yet... and I hope to enjoy without wondering about stuff has changed or not.

I'm kinda trying to convince myself here...! No need to be too critical if nothing seems wrong (yes its ok to leave windows alone sometimes lol)

I voted YES PC can be used after malware.

I do understand the point, but I felt the sorce is better aimed at experts. If anything its convincing me to be LESS worried and more free.

If one doesn't know how to reinstall or has no windows disk... a system restore point should help (if working and on) its not as clean, but it helped me before.
 

frogboy

In memoriam 1961-2018
Verified
Top Poster
Well-known
Jun 9, 2013
6,720
Thanks but you know what? I reinstalled windows 4 times in 6 months... I'm clearing losing it a bit ;) I have not reinstalled my Windows 7 yet... and I hope to enjoy without wondering about stuff has changed or not.

I'm kinda trying to convince myself here...! No need to be too critical if nothing seems wrong
(yes its ok to leave windows alone sometimes lol)

I do understand the point, but I felt the sorce is better aimed at experts. If one doesn't know how to reinstall or has no windows disk... a system restore point should help (if working and on) its not as clean, but it helped me before.
Agreed JakeW7Man. ;):D
 
  • Like
Reactions: JakeXPMan

_CyberGhosT_

Level 53
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Aug 2, 2015
4,286
Depends on the severity or nature of the infection.
If it's limited to malware and is diagnosed, and can be cleaned I won't go through a "re-install"
If it is virus related, one of the "nasties" then yes I will reluctantly re-install. :)
 
  • Like
Reactions: JakeXPMan

tonibalas

Level 40
Verified
Honorary Member
Top Poster
Well-known
Sep 26, 2014
2,973
My opinion is that if you do a lot of banking transactions just perform a clean installation of Windows.
If not and you are using your pc just for browsing the internet and you think there is no malware on the system you can continue using it
 

Kuttz

Level 13
Verified
Top Poster
Well-known
May 9, 2015
625
For the past 16 years of PC use I got only 3 or 4 infections, most of them happened when I was too young and inexperienced. After all these infections I formatted and reinstalled windows for peace of mind. If the infection is just adware then reinstalling may not be required. If the Infection is based on Spyware,Viruses, evermore dangerous Root-kits its better to do a clean install of Windows because no matter how prefect you clean the system using any advanced tool there is still a possibility of remnants or left overs of the infection hiding somewhere in the system.
 

Ink

Administrator
Verified
Staff Member
Well-known
Jan 8, 2011
22,361
Does anyone buy a new PC or internal disk drive?
 

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
Its totally simple, an infection is hard to determine if you're free or not unless make a test on the common behavior.

Simple incidents can be clean and protect however different story when its totally nasty which better format.

Thanls on the software under of virtualization which you can revert within easy clicks.
 

Behold Eck

Level 15
Verified
Top Poster
Well-known
Jun 22, 2014
717
The main thrust here seems to be that if it`s just a minor infection as in a PUP etc non to serious, then the clean up and carry on is the best way forward.

Where as if it`s serious a la Rootkit or suchlike then it`s boot, nuke and reinstall/re-image time.

Sound advice.;)

Regards Eck:)
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top