Removing Malware from a computer

Forums › Desktop computing › Removing Malware from a computer - bloody scammers!

1 | 2

1024kb

1167 posts

Uber Geek

ID Verified

Lifetime subscriber

#2557425 5-Sep-2020 13:11

There's also the particularly sneaky method of hiding malware scripts in RAM. The script lives there & gets kept alive by the CMOS power. The result is that after you've cleaned, reinstalled, replaced, re-everythinged, you fire up your fresh new machine with the same old virus on board.

Which can be confusing as well as enormously frustrating.

It's not that often you'll see this method, but to make sure the infection isn't resident in RAM, disconnect the 240v power supply then remove the RAM sticks. Press & hold the power button to remove any last vestiges of power, then reinstall your RAM & reconnect the power.

You may never come across a RAM-resident virus, but the extra 2 minutes taken to ensure you've removed that possibility is time well-invested.

Megabyte - so geek it megahertz

Scott3

3963 posts

Uber Geek

Lifetime subscriber

#2557432 5-Sep-2020 13:50

OMG, so frustrating.

Good work getting to the Bank ASAP.

Next step is to scrub and change passwords on various cloud sites. (trademe, email etc). Can be hard if the scammers have already changed passwords, recovery mobile phone numbers etc to take over those accounts.

PC is relatively less urgent. I would fire it up air gaped, and take copies of any important files not already backed up to a USB drive, and check the autofill password memory for any accounts that may have been missed above.

I would then do a clean install of everything. Either fully formatting the hard disk, or taking the opportunity to do a hard drive upgrade.

K8Toledo

1014 posts

Uber Geek

#2557590 5-Sep-2020 17:17

freitasm: System restore doesn't really do much - reset is a lot better.

Not to mention System Restore should be disabled before a virus removal.....:)

K8Toledo

1014 posts

Uber Geek

#2557594 5-Sep-2020 17:28

1024kb:

There's also the particularly sneaky method of hiding malware scripts in RAM. The script lives there & gets kept alive by the CMOS power. The result is that after you've cleaned, reinstalled, replaced, re-everythinged, you fire up your fresh new machine with the same old virus on board.

Which can be confusing as well as enormously frustrating.

It's not that often you'll see this method, but to make sure the infection isn't resident in RAM, disconnect the 240v power supply then remove the RAM sticks. Press & hold the power button to remove any last vestiges of power, then reinstall your RAM & reconnect the power.

You may never come across a RAM-resident virus, but the extra 2 minutes taken to ensure you've removed that possibility is time well-invested.

CMOS power comes from 5v battery.

RAM is powered by the PSU......

1 | 2