Windows – Cleaning up a compromised Windows 7 laptop

malware-removalSecuritywindowswindows 7

OS: Windows 7 Home Premium

Machine: Dell Inspiron N7010

Incident : User indicated that after clicking through what he later realized was a bogus Anti-Virus install message all his documents had 'diappeared.' Machine still boots into Windows successfully.

Ran in order :

1.Microsoft Security Essentials ( Full Scan ) and found

  • Java/Blacole.H ( 4 other instances with K,I,J,N appended )
  • Trojan: Win32/FakeSysDef

2.Microsoft Malicious Software Removal Tool ( Full Scan )

Nothing found

3.MalwareBytes ( Full Scan )

  • Trojan.FakeAlert ( 2 instances )

Probably just wiping this drive and restoring from Dell disks would be optimal…but for various reasons, this is not an option in this case.

After running these three programs and removing what was found, can we feel confident that the malware has been cleaned up as best as possible?

Is there anything else that should be run to clean the machine up?

Best Answer

The direct answer is no - you cannot be confident. As @Moab says, if you have been compromised, there is no way to ensure you aren't still compromised. If the system owner can live with possible on-going compromise of their data and any accounts they access from this machine (banking, social media, etc), then what you've done is fine. If they are not, then it is time to rebuild.
But I would make sure the end user understands and makes that decision.