Should I reinstall Windows 11 after security incident?

[maartendc]

Hello all,

 

Long story short, my wife ended up on a website that got hacked. She stupidly clicked on a link that told her her "browser was outdated". It downloaded 'something' to her downloads folder. She then realized her mistake, and without opening the downloaded file, she deleted it and emptied her trash.

 

- She had Avira antivirus running the whole time, and it did not detect / pop up anything.

- I've done a full system scan with Avira, didn't find anything.

- I've done a full system scan with ESET, didn't find anything.

 

I'm still kind of worried that clicking this malicious link somehow infected her PC with some trojan, zero-day attack, or whatever. I know some forms of attack don't even require the user to click anything, and visiting a malicious website is enough.

 

So I am tempted to just reinstall Windows 11 to be on the safe side? Or am I being paranoid? What would you do?

 

Thanks!

[ChrisLoudon]

9 minutes ago, maartendc said:

So I am tempted to just reinstall Windows 11 to be on the safe side? Or am I being paranoid? What would you do?

Yes, reinstalling your OS is generally the only way to be sure your starting from fresh. Don't do an 'in-place' upgrade, delete all the partitions and start from scratch.

 

On a similar note, as you have just seen, 3rd part AV tools are pretty useless. Windows Defender and some common sense are all you need.

 

If the file was just downloaded and not opened then you're probably ok but maybe spend a little time changing some key passwords and setting up 2FA on the more important logins such as MS or Google and your online banking.

[ET_Explorer]

It won't hurt if you reinstall windows 11.

I would advise to use the built-in windows security that comes with windows 11 which is free instead of paying for antivirus. You can install this utility to make windows security more effective on your system > DefenderUI

[mMontana]

Everything subsequent is a personal opinion, the things I would do and do not consist in any way as legally binding, professionally certified opinion, subject to any implicit or explicit guarantee that anything goes as the poster expects.

I am not responsible in any way of the things going wrong with the approach I suggest.

 

4 minutes ago, maartendc said:

So I am tempted to just reinstall Windows 11 to be on the safe side? Or am I being paranoid? What would you do?

Being a little paranoid is a safe thing, expecially if you're not familiar with computer OS, network, security.

You already used a "second opinion" approach, using ESET for a full system scan.

 

According to this

6 minutes ago, maartendc said:

It downloaded 'something' to her downloads folder. She then realized her mistake, and without opening the downloaded file, she deleted it and emptied her trash.

your special one downloaded but did not run the downloaded file. It's a nice thing that she did not run it, but I personally won't play the "safe" card for that.

 

For avoiding customer support bashing, not all "unconventional" packing/compressing/cyper systems for single executable files can be flagged as suspect. It's bit less safe than the other approach, but also avoids a lot of false positives. So Avira not alerting for the file might not be "problem".

 

Also, if what reported fulfill the actual behaviour, the combination should be of a Windows (or browser) "hiccup" of run the file at the end of the download and the malevolent file. And this is not impossible, however current unlikely.

 

You want more peace of mind? You can use a boot media from any AV producer that boots the PC from a optical disc or from an USB drive, then from a recovery system mount your windows installation and do a full system scan, with Windows simply... not running. Create the media from another PC, and don't use the one provided from ESET or AVIRA, could lead to sort of pointless result.

I feel ok with Kaspersky Rescue Disk, but as an alternative consider also Dr.Web. I'd also suggest Sophos, but they are really pedatinc with registration. download medias only from the official websites, follow the official procedures for creating the disks,

 

This will clear the status from any other possible infection? Not really but...

• the infection should have been ignited from a windows vulnerability
• the infection should be unknow in any part from AVIRA Gmbh.
• the infection should be unknow in any part from ESET sro.
• the infection should be unknow in any part also from the producer of your boot media.

It's quite unlikely, don't you think?

 

Last but not least: safeness is a feeling, not a status. Security is a journey, not a destination. In the deep, if you still feel unsafe your setup, there's no other option.
Create from a safe PC a new boot media. Backup your data. Install Windows 11. Install another antivirus which is not AVIRA using trial time, then restore.

 

[Poinkachu]

21 minutes ago, maartendc said:

Hello all,

 

Long story short, my wife ended up on a website that got hacked. She stupidly clicked on a link that told her her "browser was outdated". It downloaded 'something' to her downloads folder. She then realized her mistake, and without opening the downloaded file, she deleted it and emptied her trash.

 

- She had Avira antivirus running the whole time, and it did not detect / pop up anything.

- I've done a full system scan with Avira, didn't find anything.

- I've done a full system scan with ESET, didn't find anything.

 

I'm still kind of worried that clicking this malicious link somehow infected her PC with some trojan, zero-day attack, or whatever. I know some forms of attack don't even require the user to click anything, and visiting a malicious website is enough.

 

So I am tempted to just reinstall Windows 11 to be on the safe side? Or am I being paranoid? What would you do?

 

Thanks!

IMHO, you're fine as long your wife didn't run the installer.

 

But that's an opinion of someone over the internet, if reinstalling makes you feel safer, then nobody is stopping you from doing so.