windows 7 - Is it possible to safely contain a virus - not letting it spread?

08
2014-07
  • Fischer

    I need to run a program, but I don't trust the author. I think it is infected with spyware or viruses, malicious files. I scanned it, did n't find anything, but still not feeling good about it.

    So I was thinking to create another windows user account

    • Will viruses on one account infect the second account? Do I have to scan both user accounts?
    • And if I removed the account infected, will viruses be removed from the PC?

    If that won't work then

    • Is there any "sandbox" to do some testing and insure that you're PC is safe?
    • Is Virtualbox an option?
    • Answers
  • Duke Nukem

    Use Sandboxie. You can get it at sandboxie.com

    Using another account will only help if you set the account as limited and the program you're trying to run doesn't request privilege escalation. Running your program in a sandbox like Sandboxie is much safer and easier.

  • Excel VBA problem with Find

    Note that a problem (the main problem) with solutions like VirtualBox, Vmware, or Windows Virtual PC, is that some (many) viruses are designed to spread to network shares and attached drives.

    A solution to this problem is to make sure that your virtual box/machine has no network connections and no attached drives.

    Which does make it rather harder to use, and much less convinient. But not impossible. Copy any software you want to test to the virtual box/machine, stop it, disconnect it. Restart it and install/test/use the software you want to install/test/use, the stop (and discard any changes that have been made to the virtual machine)

  • Blackbeagle

    When running suspect programs, you have to be aware that the program will infect the operating system of the computer, not just the user account.

    To do so semi-safely, it would be best to run some sort of virtualization program like parallels or vmware or others which creates a virtualized instance - another copy of the operating system running partitioned. You could then boot the virtual OS, run the program and then later exit and throw away the virtual copy.

    That said, it is highly desirable to NOT do this since it could do things like try to change your router settings or get other info about your LAN devices, damage or transmit info from files it can see and do other things - only limited by how much you allow the virtualized OS to see other things on your LAN.

  • Mark Lopez

    From my personally experience if you want to run a program, but do not trust it, don't run it. However, take a look at where the program comes from. Many programs can be found on sites like sourceforge.com, github.com, etc, are open source and are generally peer reviewed - thus are unlikely to harbor a virus.

    • Will viruses on one account infect the second account? Do I have to scan both user accounts? Yes, and yes Viruses will spread (why they are called viruses).
    • And if I removed the account infected, will viruses be removed from the PC? Unlikely - if the viruses was designed well removing directories (users) will not help.
    • Is there any "sandbox" to do some testing and insure that you're PC is safe? Yes, many. This depends on what you want and what type of testing.
    • Is Virtualbox an option? A great option. and free. This will lower the chance of the virus escaping the testing grounds. However, there is still a chance (small) that a good virus can escape.

    • Related Question

    windows - How to clean a computer with multiple accounts infected with spyware, viruses?
  • Questioner

    Possible Duplicate:
    What to do if my computer is infected by a virus or a malware?

    What's the best way to clean a computer with multiple accounts infected with spyware, viruses and malware? Should you install and run software to remove the infections on each account? If you install the software on one account, will it clean the entire computer including each account?

    For example, some programs like CCleaner will install only on one account and not offer the option for all users (accounts). Does this mean the program will clean the entire computer including other accounts or do I have to install CCleaner on each account to clean up each user's account?


    • Related Answers
  • Will

    The best way would be to wipe the harddrive and then reinstall everything, reinstalling the anti-virus program first, then anti-spyware. This will fix all the accounts.

    The details for whether a malware removal tool will affect all accounts or just one is dependent on that particular tool. However, wiping the harddrive will guaruntee every trace is gone (usually). Malware removal tools may leave pieces of malware scattered about.

  • Adam

    I usually use malware bytes to remove stubborn viruses. Most of the time it is much better to just nuke the hard drive and freshly install the operating system. A deep rooted virus can take vital system files with it whenever you try to remove the virus. This can cause instability and cause a lot of system errors. If you do decide to use a removal approach instead of a reformat, make sure that you use 2 or 3 well known virus removers since not every kind will catch every strand of virus.

  • Harri Siirak

    You also should boot up the computer in safe mode, because anti-spyware/virus software may not be able remove infected files in normal mode.

  • pelms

    I'd suggest:

    1. Running a virus scan from one of the various anti-virus boot disks e.g. the Avira rescue disk.
    2. Then backup all the stuff you want to hang on to.
    3. Reformat the HDD and reinstall the OS.
    4. Reinstall a good anti-virus program.
    5. Set up users with a limited (not administrator) account.

    Spy/ad-ware can be a nightmare to get rid of and reinstalling Windows has the benefit of increasing speed of the system.

  • Col

    Running something like spybot search and destroy from an admin account will scan the whole disk. It depends on how bad the infection is if this is worth the effort. After a certain point it's better to just bite the bullet and do a clean install after backing up your data.

  • Umber Ferrule

    Whilst I agree with nuking the hard disk, sometimes it's not always practical. Say for instance you have some rare software you can't reinstall because you don't have the original media or keys and can't afford to replace it. This happened recently to a friend.

    On the other hand, some things just can't be cleaned - I've seen instances of Windows where every single .exe and .dll has been terminally infected. However, I'd say quite a bit of malware and spyware can be recovered from. In which case I'd either put the offending hard disk into another PC to clean or boot from a live CD such as created using BartPE.

    Another thing with spyware etc., no single product fixes everything so you may have to try several things. You may even have to resort to editing the registry and removing files manually. Google is your friend - somebody somewhere has almost always been in the same position.

  • redacted

    Famous quote from Aliens seems appropriate here.

    But seriously, without wiping and reinstalling the OS there is no way to be sure. If you absolutely can't reinstall you at minimum must boot from a different drive to clean it.