0

OS: Windows 7 Home Premium

Machine: Dell Inspiron N7010

Incident : User indicated that after clicking through what he later realized was a bogus Anti-Virus install message all his documents had 'diappeared.' Machine still boots into Windows successfully.

Ran in order :

1.Microsoft Security Essentials ( Full Scan ) and found

  • Java/Blacole.H ( 4 other instances with K,I,J,N appended )
  • Trojan: Win32/FakeSysDef

2.Microsoft Malicious Software Removal Tool ( Full Scan )

Nothing found

3.MalwareBytes ( Full Scan )

  • Trojan.FakeAlert ( 2 instances )

Probably just wiping this drive and restoring from Dell disks would be optimal...but for various reasons, this is not an option in this case.

After running these three programs and removing what was found, can we feel confident that the malware has been cleaned up as best as possible?

Is there anything else that should be run to clean the machine up?

mozzer
  • 149

2 Answers2

1

The direct answer is no - you cannot be confident. As @Moab says, if you have been compromised, there is no way to ensure you aren't still compromised. If the system owner can live with possible on-going compromise of their data and any accounts they access from this machine (banking, social media, etc), then what you've done is fine. If they are not, then it is time to rebuild.
But I would make sure the end user understands and makes that decision.

uSlackr
  • 9,053
0

This question is impossible to answer. Definition based AV has its limits, and you've hit them. Now the question is do you just take the gamble or do a proper wipe? You can't just ask strangers to tell you yes or no and then tell the client what theyv'e told you. The reality of the situation is that its impossible to know. Tell that to your client who refuses the wipe.

DrZaiusApeLord
  • 141