4

I'd like to give my computer an overall deep scan against all kinds of malware.

I was infected about a year ago and I feel like there may still be some hidden rootkit on my HDD or something like that... I already performed scans with multiple AV's which came out negative. I also ran scans with Hijack This and Farbar Recovery Scan Tool and got the results analyzed by experts - they just found some harmless adware.

Can you please recomend other ways to make 100% sure my PC is clean? Thanks!

Omniwombat
  • 173
  • 13
user104674
  • 69
  • 1
  • 2
  • 4
    [Nuke it from orbit.](http://security.stackexchange.com/questions/24195/how-do-you-explain-the-necessity-of-nuke-it-from-orbit-to-management-and-users) – Benoit Esnard Mar 16 '16 at 22:59
  • 3
    `Can you please recomend me other ways to make 100 % sure my PC is clean?` 100% as in *100%*? Melt it. (and do not backup anything before you do this) ... In short, it's impossible to guarantee a malware-free system. – deviantfan Mar 16 '16 at 23:05
  • Try ClamAV. It's a solid open source antivirus scanner. It takes a bit of technical skill to use it. But, as deviantfan says, once your computer is infected, there is no way to verify that you have found or removed all the infectious agents. (There may be some creative ways to verify that a newly installed OS is clean, but not an old install.) – Brent Kirkpatrick Mar 16 '16 at 23:21
  • this is Windows yes? – Neil McGuigan Mar 17 '16 at 00:02
  • I know! Maybe I asked wrong - do you have any other advices to make sure my PC is virus-free? – user104674 Mar 17 '16 at 00:03
  • Yes, it's Windows. – user104674 Mar 17 '16 at 00:11
  • ClamAV it's great. I already scanned my PC with about 20 scanners including Clam. It had some false-positives (other scanners) and didn't find any virus or something. – user104674 Mar 17 '16 at 00:13
  • I agree with the 'Nuke it from orbit' comment. However to be a tad more helpful I'd want to add what I've said time and time again. If you have been infected, its not your computer/system anymore! Reinstall everything. Clean USB's. Format drives. Possibly even get new hardware. Throw away all files and baggage you do not absolutely need to save. Then you are decently safe. Still not 100%. – Simply G. Mar 17 '16 at 07:31

1 Answers1

1

The trouble, as described in the conmments, is that there is no way to be "100%" sure. Anything you can devise to check might be compromised. You can look at the running processes, but the program that shows them to you might be lying. The system might be communicating with the bad guys in ways you can't imagine. You can get a known clean system to watch the network, but your system might be sending out exotic packets that you don't know about, or subtly blinking the caps-lock light, or signalling by pulsing the wifi strength in Morse code.

Your only recourse is to completely start over from a known state. Otherwise, you can be "mostly sure".

Omniwombat
  • 173
  • 13
  • You are right, of course, but scanning with multiple AV CD's will protect against that "lying" - the virus can't affect the scan, right? – user104674 Mar 17 '16 at 00:25
  • Hypothetical viruses can. You have to imagine an adversary that has unlimited resources. Viruses have long been able to detect whether particular AV is installed and adjust their behavior accordingly. Also, the AV isn't doing anything magical. It's just doing what you yourself could do by inspecting files against a list of 'problems'. If you can be lied to, it can be lied to. That's why attaining perfection in the form of "100% certainty" is impossible. You can only get up to 99.9(as many as you like)8%. – Omniwombat Mar 17 '16 at 01:08