Will an OS reinstall wipe over a trojan/virus attack?

Yesterday my computer was attacked, from what I can tell, by richtx64.exe and wscsvc32.exe. Whatever it was, I can no longer launch or run Avira or run any other antivirus or malware programs...they simply won't run. Error boxes continue to pop up on my screen.

So I've decided to just re-install Windows XP SP2. I have a few questions:

1) Will this be sufficient to clean out my computer? Is there any way the viruses would somehow re-appear or survive of fresh re-install?

2) Do I need to do anything special/unusual in my re-installation? As you can tell, I'm not a terribly advanced user, and i will probably just follow some online step-by-step guide for my reinstallation.

3) I've transferred all my "My Documents" folders (music, word files, etc) to an external HD. From what I understand, these files should be clean. Is this a foolish assumption? If so, what can I do to preserve my files or at least clean them?

 

well a reinstall will clear them but if they are attached to or in any of the folders in ur saved documents in the external hard disk they can again effect ur system so after fresh install just scan ur external hard disk files so taht if there are any threats they can be removed permanently

 

Id suggest doing a proper delete of your hard drive using DBAN or Killdisk. After which any documents you backed up Id suggest scanning with Kaspersky or Bitdefender. Free anti-viruses dont cut it when dealing with serious infections.

 

Assuming your format during you reinstal that should be enough - no need for somethign liek DBAN or killdisk.
Maybe use a full format instead of a quick one though - a quick format only deletes the master file table.

And taj619 is right - a reinstal will only help if the files are clean.

Free antiviruses can be very good - try Microsoft Security Essentials.
For on demand - Malwarebytes (which you can run in parallel as long as its on demand only)

KIS in the current version sadly has a rather noticeable performance hit...

 

Without user interaction, it would be impossible for a virus/malware to reappear. It sounds like you got the malware from a malicious link. Just make sure not to navigate to said link again or install any third party programs from companies you are unfamiliar with.

While you can just install the OS right over the old one, it will be easier in your case to just wipe the old partition. It looks like you've already backed up your old files.

Document files, Music, picture and video files are more or less very difficult to infect and spread malware through these types of files.

At least scan your files with a trusted scanner, like an online scanner.

 

Kapersky anti-virus doesn't use much of my resources and vista and win 7 don't have the option for a thorough deletion/wipe hence why I use dban or killdisk.

 

DetlevCM was talking about KIS, not KAV.
Reinstalling from CD/DVD always gives you the option to do a complete wipe in the form of a full format.
For a reinstallation, a KillDisk/DBAN wipe isn't necessary.
Only perhaps if you want to sell the notebook/HDD with a fresh install.

 

Can't the entire 'cleaning your hard drive proces' be avoided if you just buy a decent anti virus? My kaspersky anti virus blocks tons of trojans. Previously I had bitdefender, which totaly killed my desktop (it had a trojan, bitdefender blocked it, and in return the trojan blockt my computer lolz, so in that case I prefer northon which just leaves the trojans so they won't freez your pc permanantly).

 

Baserk is right - I am talking about KIS - Kaspersky Internet Security.

And performnce hit - log in is delayed by at least 10 seconds (after you put in you password) and programme startup is delayed - now this isn't too noticeable on a HDD but very noticeable on a SS where I click and nothing happens...

 

Free alternatives are often more useful to me than paid suites.

At the IT Center I work at, we follow a simple regiment to clear our infected systems (where we can't convince the customer to reformat and reinstall).

1. Remove previous (usually nonfunctional or expired) AV solutions if possible.

2. Run ComboFix from BleepingComputer.

3. Run MalwareBytes Free Anti Malware Full Scan (use google)

4. Run HijackThis! and paste log file output into this site for info on what to clean.

5. Install and run a full scan with Microsoft Security Essentials.

6. If the infection remains, uninstall MSE and try Panda AV or alternatives.

7. If none of that works, attempt manual removal from registry or system32.

Post Clean-up Steps:

1. Uninstall plethora of installed AV apps we just used (although we make sure not to have multiple On Access scanners installed concurrently).

2. Often need to run an sfc /scannow (a system file check, runs most effectively on Vista/7, XP requires install media and works rarely in my experience) because the system has been broken in some way.

3. Remove ancient Adobe Reader and Flash installations.

4. Install updated versions of said programs using ninite.com.

5. Install all Windows Updates.

6. Install our paid AV enterprise suite and set up automated scanning and updating, even though I dislike it.

7. Hope that you didn't forget anything and then tell the customer to keep flash and adobe updated.

Sometimes these steps get out of order for one reason or another, but this is the gist of it, and 80% of the time it works.

 

You don't need to buy any new anti virus program to scan files. Norton has Security Scan and Clean which is free ware. It is the same as the normal Norton only that it has no live protection. The scanner is the same as the one used in the Norton commercial products. It is perfect for scanning an external disk or any back ups you might have made. I think other companies have similar free ware.

 

Which begs the question - why use Norton in the first place?
Microsoft Security Essentials is free, does a good job and includes live protection

Oh, and it isn't noticeable even on a SSD (where sadly KIS was)

 

Thank you to everybody who replied.

I was traveling over the holidays, but I'm back up and running. I'm now trying to decide what freeware security to install. It seems MSE or Avast may be best, though I'm hesitant to install Avira since I had Avira running when the attack occurred (while browsing online)...perhaps MSE is better since it includes live protection, as a poster points out?

 

Id still use killdisk or dban, using the Vista/Win7 standard format is hardly a thorough format.

 

I would give MSE a try, it's what I'm using now. It got a good review.

 

Its good if your not going to nasty sites and downloading extra flash codecs, or going to "crack/serial" websites to unlock pirated software. I am not sure how effective it is at stopping the notorious "80ies classic" from p2p programs.

 

So what do you call a through format?

A quick format in Windows deletes the Master File Table.
A full format overwrites every "cell" with I think zeroes.

And that is the definition of a format - nothing else.

 

While this site does not permit discussion of virtually anything that contains the 2 words you mentioned (the policy on that when it comes to these forums is a bit absurd though), MSE is effective in preventing all kinds of threats (including the ones you mentioned).
Norton got scared and tried to slam Microsoft down because of it, fearing they will lose customers because MSE is completely free while retaining high level of detection rates and excellent all round protection.

Free solutions ARE more than adequate, provided you are using programs like Avira or MSE that have high detection rates.

 

Also make sure the virus is not hiding in another partition. Might need to clean the disk in its entirety.

 

. A clean install would remove traces of any virus

. What good does it do if one loads back up data afterward to this new install? OP might want to scan them and make sure they are clean first before copying them over. Same goes with 3rd party apps.

. Agreeing with many posters here that MSE or Avast is plenty for protection. My personal preference is MSE at the moment, recently leaving Avast.

cheers ...

.

 

One other thing ... as some others may have noted already, while a format WILL remove infections (provided they are contained to the partition you are formatting), I find this step hardly justifiable (unless of course OS files have been damaged beyond repair).

First of all, there is no guarantee the infection in question will not return.
Second, you have to merely protect your system with an adequate antivirus solution.
Whether that's a free or a paid one is entirely up to you (though if you go for the free option, which is more than enough btw, then either use MSE or Avira ... Avast has lower detection rates and is a bit more resource intensive).

Keep in mind that most infections can be removed before they do serious harm to the OS.
If they cannot be removed during standard OS operations, then you should be able to remove them by booting into Safe Mode and scanning your system from there (if you have anti-spyware solutions, update them, and scan the system from safe mode as well).

Once removed, your system is no longer compromised (unless they manage re-infect the system from other sources or bypass your protection).

As I said, a full format is not really necessary and can often be avoided with simple precautionary measures that were mentioned by others and myself.