Can I use 8/19 Easus backup image from USB drive after becoming infected 10/19

Topic

New Reply

Good afternoon,

First, I’d like to say that I am a transfer from WS and thank you all for your work!  It’s so nice to be able to come here and ask advice!

Anyway, the reason I am here is I have an HP Pavilion 590-p0044 Desktop PC running Windows 10 Home 64-bit and a 4TB My Book 1230 USB drive that I use for backing up my system with Easus ToDo Backup Free.  On 09/04/2019, I had downloaded the ZIP file for the portable application “Windows Repair Toolbox” and saved it to my USB drive.  This past Monday, 10/14/2019, I ran the executable file from my USB drive, and numerous files were downloaded to that drive for use with the toolbox.  About 5 hours following this, I received many pop-ups from Windows Defender (my only security program) indicating that Windows was now infected with about 10 instances of HackTools and 2 of Trojan:Win32/Nedsym. Defender linked me to Windows’ website for instructions on removing each.  I followed the instructions explicitly, and according to Windows Defender and Microsoft Safety Scanner, all infections have been removed completely.  I would like to recover Windows using an image I had created wtih Easus and stored on my USB drive in 08/2019 and am wondering if the image would be okay to use following all of this.

Thank you!

Pam

Reply | Quote

Replies

I suspect one of the things you should do is run a scan and clean up on your USB drive, as what you downloaded was obviously malware. It needs to be disinfected before you consider using anything stored on it.

Before you do that, though, I would recommend downloading some additional malware scanners, like MalwareBytes and Hitman Pro, and run additional scans on your PC. It is frequent that one malware remover does not get all of the bad stuff.

1 user thanked author for this post.

pammywammyv

Reply | Quote

Also posted at WD Community:

How Do I Get Rid of Malware (HackTool (x10 instances) AND Trojan) on My Book 1230 4 TB USB Drive

1 user thanked author for this post.

Kirsty

Reply | Quote

I agree with PK Cano, but as an FYI, many “toolbox” like programs often show as viruses even though they may not be due to the actions they are programmed to run.  Your issue may, or may not be a false positive.

It would be a good idea to scan any program you download prior to running it and always download from a reliable source.

Reply | Quote

… and the Windows Repair Toolkit site specifically warns about that:

Important note: some of the tools may trigger false positive alerts from your AV (e.g: the Nirsoft tools).

Windows Repair Toolbox

Reply | Quote

FL Jack wrote:

FYI, many “toolbox” like programs often show as viruses even though they may not be due to the actions they are programmed to run

b wrote:

… and the Windows Repair Toolkit site specifically warns about that

… so I would expect and excuse the HackTools find. That’s a normal classification for a repair toolkit and thus not a false positive.

By definition, a “trojan” is always malware while “hacktools” means dual-use with legitimate uses as well – such as repairing a computer.

I would NOT expect and excuse the “Trojan:Win32/Nedsym” find as easily. Might still be a false positive anyway.

(And even a trojan usually isn’t a virus… there being three major categories of executable malware, those being trojan, virus and worm.)

Reply | Quote