Jump to content

Fresh Installing Windows - What am I safe to keep?

SamDiCola
 Share
Posted

Hey Everyone,

 

Wondering if I can get any help from anyone out there.

 

I'm really wanting to fresh install windows as I'm concerned I may have some nasty malware on my PC that I cant get rid of. I have run scans with paid version of Kaspersky and Malwarebytes but they have both come back saying my PC is clean, but I'm not sure I can trust it.

 

I have not fresh installed windows since I got my PC over four years ago so it might be a good idea to do so anyway.

 

I've have a couple of attempts in someone trying to access a couple of my accounts for certain programs, and although they were unsuccessful and long times apart I'm still concerned.

 

My main question is, if I do have a virus/malware, what am I safe to back up?

 

If I back up my images/documents and then put them on the fresh install, could this put me at risk? Can I carry the virus on malware over?

 

I'm hoping someone will know what is safe to back up and bring accross?

 

Thanks in advance!

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

Documents/images/music/videos are fine. The hacking attempts you are seeing are not related to your Windows install, but generic attempts of people (usually overseas) trying to steal accounts.

NOTE: I no longer frequent this site. If you really need help, PM/DM me and my e.mail will alert me. 

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
12 minutes ago, SamDiCola said:

I'm really wanting to fresh install windows as I'm concerned I may have some nasty malware on my PC that I cant get rid of. I have run scans with paid version of Kaspersky and Malwarebytes but they have both come back saying my PC is clean, but I'm not sure I can trust it.

Though extremely uncommon, malware has the ability to follow you through uses of "Reset this PC". If you want to be absolutely certain your device is clean, make sure to reinstall with USB Installation Media created with the tool from https://www.microsoft.com/en-us/software-download/windows10.

12 minutes ago, SamDiCola said:

I've have a couple of attempts in someone trying to access a couple of my accounts for certain programs, and although they were unsuccessful and long times apart I'm still concerned.

This is probably not caused by malware. Make sure that your passwords have not been compromised, visit https://haveibeenpwned.com/.

12 minutes ago, SamDiCola said:

If I back up my images/documents and then put them on the fresh install, could this put me at risk? Can I carry the virus on malware over?

Just backup your entire user folder (Win+R, enter %UserProfile% in Run) to an external drive. There is very little risk in transferring this to a new install.

Make sure to quote me or use @PorkishPig to notify me that you replied!

 

 

Desktop

CPU - Ryzen 9 3900X | Cooler - Noctua NH-D15 | Motherboard - ASUS TUF X570-PLUS RAM - Corsair Vengeance LPX DDR4-3200 32GB Case - Meshify C

GPU - RTX 3080 FE PSU - Straight Power 11 850W Platinum Storage - 980 PRO 1TB, 960 EVO 500GB, S31 1TB, MX500 500GB | OS - Windows 11 Pro

 

Homelab

CPU - Core i5-11400 | Cooler - Noctua NH-U12S | Motherboard - ASRock Z590M-ITX RAM - G.Skill Ripjaws V DDR4-3600 32GB (2x16)  | Case - Node 304

PSU - EVGA B3 650W | Storage - 860 EVO 256GB, Sabrent Rocket 4.0 1TB, WD Red 4TB (x6 in RAIDZ1 w/ LSI 9207-8i) | OS - TrueNAS Scale (Debian)

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
  • Author
13 minutes ago, PorkishPig said:

Though extremely uncommon, malware has the ability to follow you through uses of "Reset this PC". If you want to be absolutely certain your device is clean, make sure to reinstall with USB Installation Media created with the tool from https://www.microsoft.com/en-us/software-download/windows10.

This is probably not caused by malware. Make sure that your passwords have not been compromised, visit https://haveibeenpwned.com/.

Just backup your entire user folder (Win+R, enter %UserProfile% in Run) to an external drive. There is very little risk in transferring this to a new install.

Hey Porkish,

 

Thank you so much for the insight.

 

The more recent hack attempt was spotify, which they seemed to have got in but spotify actually picked up on the suspicious login and auto reset my password for me to change, which I did have not been hacked since. 

 

The others have been my ubisoft account (more than once) and facebook a couple times. Most of my stuff has 2 step verification so they struggle to get in. 

 

Do you know a spotify leak as of late? I know facebook has had many.

 

I had a look at my emails on that site you linked and two of my emails have been in many data leaks but my main one which is linked to spotify had not.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
  • Author

Also please note when I say that the attempts were unsuccessful, I mean they technically had the correct password but due to either 2 step verification, the website itself picking up suspicious activity or getting an alert telling me I have a new login from whatever location allowed me to quickly login and then log them out.

 

Its not a case of someone just trying a whole bunch of passwords over and over trying to get in.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
1 minute ago, SamDiCola said:

The more recent hack attempt was spotify, which they seemed to have got in but spotify actually picked up on the suspicious login and auto reset my password for me to change, which I did have not been hacked since. 

 

The others have been my ubisoft account (more than once) and facebook a couple times. Most of my stuff has 2 step verification so they struggle to get in.

Are you using the same/similar passwords across these services? If so, if one of your passwords have been compromised, your other accounts will be vulnerable as well. I'd suggest using a password manager like LassPass, 1Password, or Bitwarden.

2 minutes ago, SamDiCola said:

Do you know a spotify leak as of late?

I'm not aware of any breaches from Spotify itself, though there have been breaches from apps linked to Spotify accounts. You can check third-party app authorizations at https://www.spotify.com/us/account/apps/. Spotify is normally on top of informing users of these breaches, which generally impact very few users.

 

Keep in mind that Spotify credential stuffing is very lucrative for bad actors, as it is extremely easy to resell accounts, or use them for stream farming.

 

You can read about credential stuffing at https://en.wikipedia.org/wiki/Credential_stuffing.

8 minutes ago, SamDiCola said:

I know facebook has had many.

Facebook leaks have exclusively involved personal details, not passwords.

Make sure to quote me or use @PorkishPig to notify me that you replied!

 

 

Desktop

CPU - Ryzen 9 3900X | Cooler - Noctua NH-D15 | Motherboard - ASUS TUF X570-PLUS RAM - Corsair Vengeance LPX DDR4-3200 32GB Case - Meshify C

GPU - RTX 3080 FE PSU - Straight Power 11 850W Platinum Storage - 980 PRO 1TB, 960 EVO 500GB, S31 1TB, MX500 500GB | OS - Windows 11 Pro

 

Homelab

CPU - Core i5-11400 | Cooler - Noctua NH-U12S | Motherboard - ASRock Z590M-ITX RAM - G.Skill Ripjaws V DDR4-3600 32GB (2x16)  | Case - Node 304

PSU - EVGA B3 650W | Storage - 860 EVO 256GB, Sabrent Rocket 4.0 1TB, WD Red 4TB (x6 in RAIDZ1 w/ LSI 9207-8i) | OS - TrueNAS Scale (Debian)

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
  • Author
4 minutes ago, PorkishPig said:

Are you using the same/similar passwords across these services? If so, if one of your passwords have been compromised, your other accounts will be vulnerable as well. I'd suggest using a password manager like LassPass, 1Password, or Bitwarden.

I'm not aware of any breaches from Spotify itself, though there have been breaches from apps linked to Spotify accounts. You can check third-party app authorizations at https://www.spotify.com/us/account/apps/. Spotify is normally on top of informing users of these breaches, which generally impact very few users.

 

Keep in mind that Spotify credential stuffing is very lucrative for bad actors, as it is extremely easy to resell accounts, or use them for stream farming.

 

You can read about credential stuffing at https://en.wikipedia.org/wiki/Credential_stuffing.

Facebook leaks have exclusively involved personal details, not passwords.

Ok thanks so much

 

I am guilty of using the same password for a lot of things even though I have tried to change this recently.

 

The real question is do you think I have something to worry about in my PC being infected or do you think this could just be a product of me being lazy/maybe a bit of bad luck.

 

If I do go down the Windows reset route, you did say it is unlikely if I use the "reset my PC" function that malware can still creep through, do you think if I still used it anyway I'm a very good chance of getting rid of any potential problem?

 

Also forgot to mention I have never had any problems with a hacked bank account or card information being stolen and used, and I use them a fair bit on my PC but never had any problems, which gives me a little peace of mind as you would assume most of these hackers would most likely be after money wouldn't they?

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
4 minutes ago, SamDiCola said:

The real question is do you think I have something to worry about in my PC being infected or do you think this could just be a product of me being lazy/maybe a bit of bad luck.

I would say this is unlikely. You may want to reset anyways, just to make sure Windows is running how it should.

8 minutes ago, SamDiCola said:

If I do go down the Windows reset route, you did say it is unlikely if I use the "reset my PC" function that malware can still creep through, do you think if I still used it anyway I'm a very good chance of getting rid of any potential problem?

I always recommend reinstalling with Installation Media, as it eliminates any chance of an OS-related issue following you between installs. If you're insistent on using "Reset this PC", make sure to use "Remove everything".

9 minutes ago, SamDiCola said:

Also forgot to mention I have never had any problems with a hacked bank account or card information being stolen and used, and I use them a fair bit on my PC but never had any problems, which gives me a little peace of mind as you would assume most of these hackers would most likely be after money wouldn't they?

More than likely, yes.

Make sure to quote me or use @PorkishPig to notify me that you replied!

 

 

Desktop

CPU - Ryzen 9 3900X | Cooler - Noctua NH-D15 | Motherboard - ASUS TUF X570-PLUS RAM - Corsair Vengeance LPX DDR4-3200 32GB Case - Meshify C

GPU - RTX 3080 FE PSU - Straight Power 11 850W Platinum Storage - 980 PRO 1TB, 960 EVO 500GB, S31 1TB, MX500 500GB | OS - Windows 11 Pro

 

Homelab

CPU - Core i5-11400 | Cooler - Noctua NH-U12S | Motherboard - ASRock Z590M-ITX RAM - G.Skill Ripjaws V DDR4-3600 32GB (2x16)  | Case - Node 304

PSU - EVGA B3 650W | Storage - 860 EVO 256GB, Sabrent Rocket 4.0 1TB, WD Red 4TB (x6 in RAIDZ1 w/ LSI 9207-8i) | OS - TrueNAS Scale (Debian)

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
  • Author
12 hours ago, PorkishPig said:

I would say this is unlikely. You may want to reset anyways, just to make sure Windows is running how it should.

I always recommend reinstalling with Installation Media, as it eliminates any chance of an OS-related issue following you between installs. If you're insistent on using "Reset this PC", make sure to use "Remove everything".

More than likely, yes.

Thanks for all the help! much appreciated

Link to comment
Share on other sites
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing Troubleshooting

×