My Registry Feels So Dirty - Do I need to further de-virus my computer?
July 30, 2007 7:30 AM   Subscribe

Apparently, my Dell laptop was hit with a virus this weekend. I fixed the problem by using the Windows XP reinstallation disc to repair it. Do I need to do anything else?

My laptop froze up this weekend and when I restarted it, I could not get past the splash screen. Every time I tried to log in, I was immediately logged out. The problem is exactly described in this article at Microsoft Support, which indicates a virus rotorooted my registry.

Anyway, I did not have access to this support article until after I repaired my machine by using the XP reinstallation disc. After setting loose the repair function, everything works. However, I am concerned that I will still have something malicious lurking about my computer.

Is there anything else I need to do to make sure my computer is clean? I run AVG and Spyware Terminator for virus/spyware protection.
posted by CRS to Computers & Internet (3 answers total)
I swear by NOD32 as my antivirus. There's a free demo that might be worth running. If you're still uncertain, try the free version of Ad-Aware.
posted by kepano at 8:14 AM on July 30, 2007

Hard to ever know for sure. I'd recommend figuring out how the virus was contracted, and then take some preventative action.

1) Use a different browser, a locked down account, or a less exploitable operating system when visiting risky sites or doing risky things.

2) If you want to be absolutely sure of your status, virusscan and backup any useful files, and do a fresh install. Make sure you are behind a firewall of some sort while your computer installs the hundred or so updates from windowsupdate.

3) Probably a good idea to backup regularly anyway, so that this sort of thing does not endanger important stuff (and you won't have to wonder if your computer is secure - just reinstall or reimage if you find something)

4) There are free antivirus programs abound for windows. I tend to use Avast, and Ad-aware works well too (but more targeted towards malware). Most of them do the same thing.
posted by mezamashii at 9:17 AM on July 30, 2007

Anti-virus software doesn't really look for root kits. It'll look for the stuff that puts the root kit on your computer though. You might try running Rootkit Revealer by SysInternals. Beware though, that this program will give lots of output and it won't be able to give you a definitive answer of whether or not you still actually have a rootkit or not.

The easiest way to be sure that your computer is clean is to reinstall (from a backup) your entire installation. And you probably should run at least a quick format before that too.

If you think that your computer has a good chance of being reinfected by another rootkit, you might want to run an intrusion detection system (IDS). I'd recommend snort, as it seems to be pretty good, and it's open source. Apparently, there is even a gui for windows that you can run.

You mention that you are running an antivirus program, which is good. Be sure that you are also running some sort of firewall, even if it's just windows' firewall.
posted by philomathoholic at 9:29 AM on July 30, 2007

« Older Does anyone know of a way to create a line graph...   |   What the heck kind of plant did my son get into? Newer »
This thread is closed to new comments.