Transferring files from a compromised system

Discussion in 'Malware Help (A Specialist Will Reply)' started by ccn, Oct 30, 2013.

  1. ccn

    ccn Private E-2

    Hi folks, my question is my parents have a severely compromised system and have had one for a long time , despite having the Alureon and many other nasties the rootkits on the system have kept it barely functioning and it's obvious it has become a botnet.

    They bought a new computer and are insistent that their old files be transferred to the new computer , their 100 or so email addresses are pinned as the first to be transferred.

    Any advice on how to do it , i have told them countless times to keep all programs updated and don't download certain things to no avail , i told them once a system is compromised , especially as severely as theirs is , no way can it ever be trusted.


    Thanks for any advice

    Side note: I even sent them Chaslangs "about compromised systems " information from Microsofts head guy and still no comprendo, it's real real bad.
     
    ccn, Oct 30, 2013
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Since I cannot begin to know what infections the PC may or may not have, it is impossible to say what you should do other than the below.

    Spend the time to clean the old PC first. This will allow us to better determine what problems it really has and see if the can be fixed before transferring any files to a new PC.

    While the PC may not be 100% trustworthy if it has been infected for a long time, it does not seem to matter to your parents anyway. I guess they just don't care about having personal information stolen.
     
    chaslang, Oct 31, 2013
    #2
  3. ccn

    ccn Private E-2

    Thanks for your input Chaslang. Unfortunately, due to continued use of the computer despite being infected, it will no longer let you update anything including rescue disks and i believe that is due to the Alureon bootkit/rootkit .

    I do know numerous severe alerts for different types of Trojans were ignored in the past as well.

    Your the Master malware expert so i'll ask you, wouldn't a wipe of the drive and reinstall be the only way to insure all backdoors etc... have been eliminated?

    It's been infected for so long that i'm sure that it's severely dug in.

    Thanks again
     
    ccn, Oct 31, 2013
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    But I did not ask you to update it. I suggested that you clean it. That is run the below which will allow us to remove the malware that is causing the problems:

    READ & RUN ME FIRST Malware Removal Guide (incl. spyware, virus, trojan, hijacker)

    If you want a 100% guarantee then yes. But again it depends on what the infections are. In most cases we can actually remove all the problems/hooks. We just cannot 100% guarantee it. But in reality, as soon as a PC is connected to the internet, there is already no 100% guarantee anymore. ;)

    If you save/transfer the data without cleaning, you risk infecting the new PC.
    If you don't save/transfer the data and just delete partitions, repartition, format and reinstall, you will lose the personal data that your parents may want. ( NOTE: Formatting is not good enough!!! You must remove partitions and start over again. If you wish to take this route )
     
    chaslang, Oct 31, 2013
    #4
  5. ccn

    ccn Private E-2

    Unsure what you mean , is removing partitions the same thing as wiping the drive before a clean reinstall?

    I think you mean if going the reformat route just reformatting is not thorough enough and you need to get deeper and wipe everything and then reinstall.

    I thought a reformat did wipe everything but i suppose not.

    Thanks much Chaslang
     
    Last edited by a moderator: Nov 1, 2013
    ccn, Nov 1, 2013
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    No it does not change partitions and there are many forms of partition infections. You need to delete the partitions and then repartition. Then format, then reinstall. There may be a factory partition that you can reimage from, but if that has been infected ( unknown at this point ) you cannot trust using it. But again you will lose all info when you do any of this.

    Unless you are going to run the READ & RUN ME, and further questions about this should be posted in the Sofware Forum.
     
    chaslang, Nov 1, 2013
    #6

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds