Solved Trojan found on new PC

RedLad · Feb 3, 2023

Thanks for the replies everyone. I think for now I will just do the wipe, do a clean install of Windows and then see how it behaves
@TraderGary that is mad to hear about Kaspersky!

From doing a bit of resacrch on a clean install, it is well snakey by Microsoft that they are forcing you to set up a Microsoft account during the install. What a load of nonsense. Very strange

badrobot · Feb 3, 2023

JMedlock83 said:
I dont mess with stuff like that. If I get just one little virus/trojan, it's an automatic clean install for me. I would suggest that for anyone.

That is a little bit harsh. Macrium restore will do the trick. All you need is to wipe out the hard drive and restore and you'll be back in minutes like nothing happened. But I am guessing the OP does not know this yet and hopefully learns from this lesson and find out more about backup imaging. In which case his only option right now if he is really concerned about the virus is to wipe out and clean install.
Just a piece of advice. While eveything is working fine on your PC, I suggest that you start moving out your important data (back up) if they are on the same drive as the OS to avoid losing them if worse comes to.worst.

Edit:
Oops ... I think he already wiped out and install.

RedLad · Feb 3, 2023

badrobot said:
That is a little bit harsh. Macrium restore will do the trick. All you need is to wipe out the hard drive and restore and you'll be back in minutes like nothing happened. But I am guessing the OP does not know this yet and hopefully learns from this lesson and find out more about backup imaging. In which case his only option right now if he is really concerned about the virus is to wipe out and clean install.
Just a piece of advice. While eveything is working fine on your PC, I suggest that you start moving out your important data (back up) if they are on the same drive as the OS to avoid losing them if worse comes to.worst.

Edit:
Oops ... I think he already wiped out and install.

Harsh on the poor little trojans?

I do indeed know about Macrium Reflect. I have used it before. I don't keep any data/files on the OS drive, I have seperate drives for that.

The last bit - no I haven't wiped it yet. I plan on doing so this weekend.

badrobot · Feb 3, 2023

RedLad said:
Harsh on the poor little trojans?

I do indeed know about Macrium Reflect. I have used it before. I don't keep any data/files on the OS drive, I have seperate drives for that.

The last bit - no I haven't wiped it yet. I plan on doing so this weekend.

That's good to know.
As long as you have clean image backups, viruses are not a problem. Easier and faster than scanning for viruses.

RedLad · Feb 3, 2023

I have a question about the hard drives before I attempt the wipe.

I plan to disconnect the two older sata drives that my older data is stored on, then will plug these back in once everything is up and running.

I have two NVMe M.2 drives on the motherboard. For the 2nd one that I will be using for my data files, the NVMe M.2 - do I need to format this in Windows before I do the wipe? Or will Windows do a format on this when I reach the partition screen upon reinstalling Wondows?

badrobot · Feb 3, 2023

RedLad said:
I have a question about the hard drives before I attempt the wipe.

I plan to disconnect the two older sata drives that my older data is stored on, then will plug these back in once everything is up and running.

I have two NVMe M.2 drives on the motherboard. For the 2nd one that I will be using for my data files, the NVMe M.2 - do I need to format this in Windows before I do the wipe? Or will Windows do a format on this when I reach the partition screen upon reinstalling Wondows?

Formatting also wipes out the drive and more.

RedLad · Feb 3, 2023

badrobot said:
Formatting also wipes out the drive and more.

Can you go into a bit more detail there? Thanks.

What stage etc.

Hazel123 · Feb 3, 2023

Have you scanned all the drives? If you have two NVME drives and only one has Windows on, then that's the one to format and reinstall on. IMO formatting is not the same as "wiping" or erasing the drive. It gets rid of most things but not everything. An NVME should have the Smart function which allows for "secure erase" which flashes the drive and cleans everything. It takes seconds. Erasing also doesn't always clear the MBR where some viruses can sit. Maybe it's belt and braces (and there are probably other ways to do this), but I boot parted magic and use the secure erase on that. And also the option to erase the MBR. Then it's as if it's a brand new drive.

But - rather than do all that. If you make the offline virus scanner (eg the trend micro) you can scan with that before reinstalling and just check if everything is clean. This can also scan all your drives. Some viruses can get onto more than one drive. If that doesn't show anything then you can just format and do a clean install.

The offline Trend Micro scanner will scan the MBR as well so you'll know if it's clean. I found the Kaspersky one easier to use than the Trend Micro one but they do the same thing. Didn't get any Russians on my drive

Hazel123 · Feb 3, 2023

Don't quite understand the question about formatting the other drives. If the other drives are just for storage, they don't need formatting (that would delete everything from them). Unless they have an OS on. It's only the drive with the OS on that needs formatting.

Hazel123 · Feb 3, 2023

To format - when you start installing Windows and get to the page where it shows the partitions. Just click on each partition and select "format" underneath. One of them doesn't have the option to format (one of the smaller ones) but that doesn't matter. Then you can delete them all so there are no partitions and either hit "new" or "next" and Windows will make new partitions.

Bree · Feb 3, 2023

RedLad said:
From doing a bit of resacrch on a clean install, it is well snakey by Microsoft that they are forcing you to set up a Microsoft account during the install....

There are ways around that so you can set up a local account.

What is "oobe\bypassnro"

When installing Windows 11, if you want to get around having to connect to the internet and login with a MS account, you can enter the command prompt and run: oobe\bypassnro I always thought oobe was the command and \bypassnro was an option switch, and I found it completely odd there was no...

www.elevenforum.com

badrobot · Feb 4, 2023

RedLad said:
Can you go into a bit more detail there? Thanks.

What stage etc.

You got me confused. You are asking if you need to format before wiping. I said they are technically the same.

RedLad · Feb 4, 2023

Hazel123 said:
Have you scanned all the drives? If you have two NVME drives and only one has Windows on, then that's the one to format and reinstall on. IMO formatting is not the same as "wiping" or erasing the drive. It gets rid of most things but not everything. An NVME should have the Smart function which allows for "secure erase" which flashes the drive and cleans everything. It takes seconds. Erasing also doesn't always clear the MBR where some viruses can sit. Maybe it's belt and braces (and there are probably other ways to do this), but I boot parted magic and use the secure erase on that. And also the option to erase the MBR. Then it's as if it's a brand new drive.

But - rather than do all that. If you make the offline virus scanner (eg the trend micro) you can scan with that before reinstalling and just check if everything is clean. This can also scan all your drives. Some viruses can get onto more than one drive. If that doesn't show anything then you can just format and do a clean install.

The offline Trend Micro scanner will scan the MBR as well so you'll know if it's clean. I found the Kaspersky one easier to use than the Trend Micro one but they do the same thing. Didn't get any Russians on my drive

Well I ran the full system scan in Windows Security a few times and it seems to be clean now. Also it cleaned some stuff in the two sata drives. All green check marks anyway. Even so, I will still be wiping it. Sorry just reading back on how I described my setup, it wasn't too clear. Two NVMe drives yes, one is for the OS (1TB). The other is for data (2TB). Then the other older sata hard drives are just data from my old PC really.

When you mention secure erase, you're referring to the Samsung Magician software are you? Can do that then proceed to do a normal install of Windows? What I mean is I can't erase everything on the OS (C:) with Samgsung Magician and restart to Windows because Windows wouldn't be there! Correct me if I am completely missing your point here! Alternatively, I could just do the usual Windows install method and format this at that screen where you have the options to pick what drive to install Windows on? Correct me here if I am wrong! I think I'd be more familiar with that anyway. You have me lost when you mention MBR too, haven't a clue what you mean here. Do I even need to know though or am I just overcomplicating it?

I basically want to format the two NVMe drives and install Windows on the 1TB one.

RedLad · Feb 4, 2023

Hazel123 said:
To format - when you start installing Windows and get to the page where it shows the partitions. Just click on each partition and select "format" underneath. One of them doesn't have the option to format (one of the smaller ones) but that doesn't matter. Then you can delete them all so there are no partitions and either hit "new" or "next" and Windows will make new partitions.

Ah yes, just seeing this reply, thanks. I think that is the method I will have to use to just erase the drives

RedLad · Feb 4, 2023

Bree said:
There are ways around that so you can set up a local account.

What is "oobe\bypassnro"

When installing Windows 11, if you want to get around having to connect to the internet and login with a MS account, you can enter the command prompt and run: oobe\bypassnro I always thought oobe was the command and \bypassnro was an option switch, and I found it completely odd there was no...

www.elevenforum.com

Brilliant, thanks for this

RedLad · Feb 4, 2023

badrobot said:
You got me confused. You are asking if you need to format before wiping. I said they are technically the same.

I am tripping over myself! Thanks for the reply

Hazel123 · Feb 4, 2023

Sorry if it was confusing. If you do a clean install it would wipe any existing windows from the drive anyway. Including any recovery drive. If you just did a "reset" of Windows it would reset it to factory settings and keep the recovery drive. But that wouldn't necessarily remove any virus that could be sitting on the drive somewhere.

"Wiping" Windows off the drive isn't the same as "wiping"/erasing the drive - the latter would remove remnants of any and all data on the drive.

My suggestion was - before wiping/erasing the drive or formatting/clean installing windows = to run one of the offline heavy duty virus scans. It gives you the option to scan any or all disks, including the MBR (Master Boot Record) which is a tiny bit at the beginning of the drive that a virus could sit in and relaunch from even if Windows was clean installed. If it happens to be one of those type of viruses.

Antivirus software programs vary in what they pick up. Windows defender might not find something that another antivirus program would.

The advantage of an offline scan (ie the antivirus scanning software is on a usb stick) is that you boot from it. So it runs before Windows has even started up or anything been activated. So nothing is missed on the drive.

If you run something like that, and it's clean, then there is no need to erase, format and clean install windows. You might want to anyway just in case, but if that is clean the chances are you're ok, and could just do a reset (ie restore from the recovery partition) and not have to clean install windows and find any missing drivers. You'd still need to reinstall programs and files afterwards though.

That probably still sounds complicated. If it was me I would either do

Option 1:
a) Download Trend Micro or Kasperskey rescue disk (possibly on another computer) and put it on a usb stick.
b) Boot from the Usb stick and let the antivirus scan all the drives and the MBR.
c) If that's clean then you're probably ok and just to be sure, reset windows which is basically a clean install but keeping the recovery partition. But at least you know the recovery partition isn't infected.

Or

Option 2:
a) Assume it might be infected and secure erase the drive that has Windows on
b) Clean install Windows from bootable usb. Formatting isn't really relevant if the drive has already been wiped/erased

Both would give the same end result. The advantage of Option 1 is you can scan all your drives. A virus may have jumped from C drive onto a data drive and be sitting in a folder somewhere.

The Disadvantage of Option 2 is if the virus had jumped to another drive, you've clean installed and the virus could reinfect the C drive again.

I'm a bit belt and braces and would probably do both!

But it is very reassuring to run an offline scan from a bootable usb as if that is clean it's about as foolproof as you can get.

Hazel123 · Feb 4, 2023

If Samsung Magician has the option to secure erase, you could do it that way. I do it by booting from an external usb.

And yes there would be nothing to turn on if the drive is erased - you'd need to clean install.

Hazel123 · Feb 4, 2023

In fact, thinking about it - as you have so many drives I think it would be better to do the offline bootable scan on all drives and the MBR. Then you may not need to reinstall at all. But it would still be a good idea to at least reset to factory settings, which will format the drive at the same time.

It's quite slow to scan - a couple of hours maybe or even a bit longer.

I had to do this on a relative's computer that wouldn't even turn on, but I could boot from the antivirus rescue disk. It had 8 trojans and 32 viruses on it! I then rescanned with a different antivirus rescue disk and it was still clean - so it was cleaned up. Despite that, I still erased the drive afterwards and clean reinstalled.

If all this is a bit much (which it can be) then the initial advice to go to bleeping computer may be best! They will get you to run all kinds of things to ensure your computer/system is clean. Things that aren't usually commercially available.

RedLad · Feb 4, 2023

Hazel123 said:
Sorry if it was confusing. If you do a clean install it would wipe any existing windows from the drive anyway. Including any recovery drive. If you just did a "reset" of Windows it would reset it to factory settings and keep the recovery drive. But that wouldn't necessarily remove any virus that could be sitting on the drive somewhere.

"Wiping" Windows off the drive isn't the same as "wiping"/erasing the drive - the latter would remove remnants of any and all data on the drive.

My suggestion was - before wiping/erasing the drive or formatting/clean installing windows = to run one of the offline heavy duty virus scans. It gives you the option to scan any or all disks, including the MBR (Master Boot Record) which is a tiny bit at the beginning of the drive that a virus could sit in and relaunch from even if Windows was clean installed. If it happens to be one of those type of viruses.

Antivirus software programs vary in what they pick up. Windows defender might not find something that another antivirus program would.

The advantage of an offline scan (ie the antivirus scanning software is on a usb stick) is that you boot from it. So it runs before Windows has even started up or anything been activated. So nothing is missed on the drive.

If you run something like that, and it's clean, then there is no need to erase, format and clean install windows. You might want to anyway just in case, but if that is clean the chances are you're ok, and could just do a reset (ie restore from the recovery partition) and not have to clean install windows and find any missing drivers. You'd still need to reinstall programs and files afterwards though.

That probably still sounds complicated. If it was me I would either do

Option 1:
a) Download Trend Micro or Kasperskey rescue disk (possibly on another computer) and put it on a usb stick.
b) Boot from the Usb stick and let the antivirus scan all the drives and the MBR.
c) If that's clean then you're probably ok and just to be sure, reset windows which is basically a clean install but keeping the recovery partition. But at least you know the recovery partition isn't infected.

Or

Option 2:
a) Assume it might be infected and secure erase the drive that has Windows on
b) Clean install Windows from bootable usb. Formatting isn't really relevant if the drive has already been wiped/erased

Both would give the same end result. The advantage of Option 1 is you can scan all your drives. A virus may have jumped from C drive onto a data drive and be sitting in a folder somewhere.

The Disadvantage of Option 2 is if the virus had jumped to another drive, you've clean installed and the virus could reinfect the C drive again.

I'm a bit belt and braces and would probably do both!

But it is very reassuring to run an offline scan from a bootable usb as if that is clean it's about as foolproof as you can get.

Thanks for taking the time to type this up. Also for your patience haha.

I am quite keen to do this offline scan you keep mentioning, as it sounds like a really safe option to do and would give peace of mind before the clean install. This is mainly the two sata drives I'd be worried if anything got lodged in them two drives when I originally got the trojan. I don't really care what is on the OS drive as I will be reinstalling my programs etc. I have accepted that. For Trend Micro do you mind linking the one to download please? Also is it free or paid? I would rather use a free one if possible.

Just so you know - I will 100% be wiping the PC with a new install of Windows. Some things I have set up (program wise) I am not totally happy with, so I basically just want to start again (beforehand I will of course disconnect the two sata drives with my data, once I know they're clean after the offline scan).

I have to head off now, so tomorrow hopefully I will see your reply and then hopefully be all ready to pull the trigger and finally do this reinstall!

Solved Trojan found on new PC

Active member

My Computer

Well-known member

My Computers

Active member

My Computer

Well-known member

My Computers

Active member

My Computer

Well-known member

My Computers

Active member

My Computer

Well-known member

My Computer

Well-known member

My Computer

Well-known member

My Computer

Well-known member

My Computers

Well-known member

My Computers

Active member

My Computer

Active member

My Computer

Active member

My Computer

Active member

My Computer

Well-known member

My Computer

Well-known member

My Computer

Well-known member

My Computer

Active member

My Computer

Similar threads