How do I clear up these lingering problems after a malware infection?

Sadly, with a couple of the newest variants of virus/malware such as "System Security 2012" it gets even worse. The nasty program creates one or two partitions on your hard drive with no volume labels. You merrily do a complete wipe and re-install, but unless you go in and delete those partitions, after you format C: and install everything, the virus re-installs itself and you're back where you started! Like Leo says, imaging, backup and prevention are truly the only smart answers!

wow. I hadn't yet heard of malware that creates hidden partitions, but I guess we shouldn't be surprised.

28-Mar-2012

This is really just a question for Leo. Can Malware/Malware remnants somehow occupy the free space and then reinfect used space later. I ask, as 4 years ago my Golf Club got 3 items of malware on the yearly disc (What a stink that caused in 4 countries. I still have this trio of nasties and there seems to be no trouble getting rid of them now). Anyway after trying for 3 days to get rid of these unsuccessfully as they just kept coming back, in desperation I ran a "Wipe Free Space" App. (Revo) immediately following the anti-virus. Well it worked. But was I just lucky ???

I've never heard of malware resurecting itself from freespace, and in all honesty I can't think of a way that it could. Some sort of file that actually exists would have to at least begin the process, and if that file can get on there then there's no need to resort to freespace.

28-Mar-2012

Whoa! Wait a minute!...There are serious implications of your claim that "you just don't know" if your system infection has been totally eradicated! If that is true, it means: 1) NO currently available antivirus/antimalware/antispyware or combinations thereof, can detect all infections, and the claims of both reviewers and the companies that they can - is a lie. If you know that they can't, so do they, and that means that they are purposely deceiving the public.

2) If they can't find the malware, or evidence of its behavior on your system, then their claims that they can eliminate these infections is also untrue and they are encouraging a false sense of security in the public that their application can clean the customer's system.
3) If the antivirus, etc. firms cannot find and fix these problems, then it follows that even BRAND NEW systems may be infected with some lurking type of malware (i.e., a trojan) hiding inside the Operating System that even Microsoft, etc., could not find. 4) Your suggestion to not get infected in the first place is nearly impossible, since malware developers can hide their malware in so many ways. Basically, it means you can't go anywhere because what you think is a"safe" legitimate site may be another deception. 5) So, if nobody can find the infection, how do you know it even exists? So, now what? Junk the whole system? Stop using computers?

Ultimately you are very correct (except for the deceiving part). There is no way to prove a negative - no way to prove that your machine is NOT infected. Obviously it's not practical to let that terrorize you into avoiding computers all together. One can safely assume (but cannot prove) that your new machine is probably malware free. One can safely assume (but cannot prove) that anti-malware tools remove most malware - but even there is it known that not all anti-malware tools remove all malware. All this is to point out that once you know you've been infected, many of those unprovable assumptions that you previously made are no longer safe to assume. The probability has shifted, and it is no longer safe to make those assumptions until you reformat/reinstall where you then revert to making those assumptions (that you cannot prove).

28-Mar-2012

Suggestion to original poster: McAfee is nearly worthless protection. As the first line of defense, I suggest researching for better protection. A reliable independent source I've relied on for determining the best Antivirus software is www.av-test.org (see their: Tests/Test Reports tab). Kind regards,

Sadly, Leo is correct as I have recently learned.

A charity that I am a part of has an infection of Conficker/Downadup. The computer it's on is old and the harddrive is small and there is no room for an antivirus. But with little contact with the outside world, thought the risk was minimal.

Was first alerted when I used a USB stick to copy a file to my home computer. AVG on my computer identified it upon inserting the USB stick into the computer. I brought my laptop and via a shared c: drive over the network, I scanned the harddrive with AVG running on my laptop. AVG found the infection but had troubles eliminating it.

I found tools on both F-Secure's website and Symantec's website. I tried both tools. Both tools reported that they cleaned the infection. Yet seemingly a few days later, the same infection would pop-up on several different USB sticks used to test the machine. Repeated cleaning to the point where the tool said nothing was found, didn't seem to work either because a day or too later it would reinfect the USB stick.

I recently found an uninstalled Windows update that blocks the autoplay. After running that update, it has stopped infecting USB sticks. But I no longer can trust that the machine is clean, just that the risk of infecting another computer is minimal, provided the AV product on the other networked computers continues to run.

Sadly, I think the only way to solve this one is to reformat the harddrive and start over.

(We're a charity. If we had the funds to replace the computer, we would. It really needs more RAM and larger harddrive. I don't really like running with no AV, even though exposure to the outside world is minimal).