this post was submitted on 16 Sep 2024
5 points (77.8% liked)

Windows 11

849 readers
18 users here now

Welcome to the community for Windows 11, Microsoft's latest computer operating system.

Rules:

founded 1 year ago
MODERATORS
 

It's been a long time but It finally happened, I've been compromised. Like an idiot I reused passwords and they got into most of my accounts. I've changed 300 different passwords and recovered all except one account, my Facebook, which I'm being told is unlikely I'll ever get into again.

This is probably from a data breach, I'm in a few, however, I still want to do a wipe of my PC, but it's been a few years and I don't remember the best practices.

This is a long time coming though because as well as simply possibly being compromised my PC has been experiencing a myriad of errors and annoyances, such as random entire system stutters, apps crashing out of nowhere and general performance slowdown.

Luckily I've got about 7 drives all holding various things, but the entire OS is on the tiny NVME C drive, as well as program installations. IIRC I can factory reset without losing data on the other drives but this one will probably be wiped yes? Is this enough for security though? I would imagine most malicious files would be completely removed by reinstalling the OS but I want to make sure no other avenues exist.

Also what is best practices this day and age to do a clean reset? Thanks guys

all 8 comments
sorted by: hot top controversial new old
[–] [email protected] 4 points 2 months ago (1 children)

Are those seven separate physical drives?

A reset shouldn't affect them, but if you want to be sure, first you should have backups, like with a cloud provider. For example, my data is replicated in 3 places at home (to protect against drive failure and me being a dumbass), and one online backup.

If it were me, I'd make sure I had a backup, then I'd disconnect those drives just to be sure. Software can't delete a drive that's not connected.

Then I'd do the reset, setup the machine, and then reconnect the drives.

[–] yokonzo 1 points 2 months ago (2 children)

Yes they're physical, and I'm not worried about accidentally deleting them, but I'm just checking to make sure there's not some sort of virus that can jump to non system drives or something, also, some of them do have program data in them, I should just delete all of those right? I can only imagine it causing problems on the reinstalls

[–] helpImTrappedOnline 1 points 2 months ago* (last edited 2 months ago)

Ignoring the virus part, for the sake of conversion.

The programs on secondary drives might be okay. I've found some programs will survive a "system swap", and others won't. Part of it depepeds if they have any dependaccies that are also installed during installation (such as one of the dozens of "microsoft visual code" versions that always end up on an old system).

Another factor my be a programs reliance on the registry. A clean install would wipe that, so the program woundn't have the necessary data.

There's also user appdata folders, a program might survive, but if it was storing user data there, you loose what ever config you might have had.

You'll also have to manually re-add them to the start menu folder, windows doesn't scan or anything like that, the start menu is just a folder of shortcuts added during a program's install.

[–] [email protected] 3 points 2 months ago

Save what you want on a different drive or in the documents folder. All the personal user folders and anything on drives other than where windows is installed are the only things that, by default, do not get erased when you reinstall Windows.

[–] helpImTrappedOnline 1 points 2 months ago* (last edited 2 months ago) (2 children)

I'm not much of a cyber security expert, but I'd be cautious with the old files.

As other said, unplugging those drives while you reinstall will ensure no mess ups can happen (typically a misclick when selecting the drive/partition). Yes the OS drive will be wiped. For "clean" reset, I'll usually just let the OS installer wipe everything. When it asks to "keep data" say no (at this point you've unplugged your actual data drives).

What the nature of the compromise? Was it limited to some online accounts, or was there an active virus on the computer?

If the computer was infected personally I'd boot up a linux live boot and run them all drives through an anti virus or two and painstakingly only keep personal data that can't easily be re-downloaded. Yes, it'll probably take a week. The theory behind this is, if something hid it self on the other drives, you reduce the chance of coming back. I am not aware of this actually happenning, but I'd play it safe as reasonable. A truly parinoid person would just throw out all the drives and start over - but that's not practicle.

If it was only some online accounts, I'd be a less anal about copying data over, but would at least run a scan or two over it.


Finally, I hope part of your password reset included a password manager and using long random passwords on everything, as well as set up 2fa wherever possible.

If not, bit warden (self-hosted) or keepass are popular choices in the realm of you have control of the data, not relying on someone else's cloud to keep it all safe and backed up (backing up the keepass file to a cloud drive is recommended for off-site back up, and to sync between devices if you don't use something like syncthing).

[–] [email protected] 1 points 2 months ago

i use this password manager. it is not connected to the Internet and you can download a backup of your passwords whenever.

[–] yokonzo 1 points 2 months ago

I use nordpass since its just a few bucks that way, but yeah, absolute redo of all my passwords in a much more secure way, and I'm pretty sure it's not on the computer and have done some scans, but I'm being extra cautious