Windows 10: Can a Repair upgrade of Windows 10 remove traces of malware?

Discus and support Can a Repair upgrade of Windows 10 remove traces of malware? in Windows 10 Installation and Upgrade to solve the problem; I had unknowingly installed an unwanted program which had created problem for me for quite some time. I suspected that it might be some kind of... Discussion in 'Windows 10 Installation and Upgrade' started by ArijitKD, Jun 24, 2021.

  1. ArijitKD Win User

    Can a Repair upgrade of Windows 10 remove traces of malware?


    I had unknowingly installed an unwanted program which had created problem for me for quite some time. I suspected that it might be some kind of malware, so after some really hard work I was finally able to remove that program from my PC. But now it seems that the program might have corrupted some of the system files and registry entries, and so I get error messages popping up randomly. Running the SFC and DISM utility didn't help.So my question is, will a repair upgrade of Windows fix this issue and remove any traces of the malware from the registry? Or do I need to reinstall Windows all

    :)
     
    ArijitKD, Jun 24, 2021
    #1
  2. Kursah Win User

    Repair Windows 7/8/10

    Repairing Windows 8

    Further improving on previously deployed OS repair methods, Windows 8, 8.1, Server 2012 and 2012 R2 further allowed advanced repair where an in-place upgrade or total re-install would be required on previous operating systems. In all honesty, before Windows 10 implementation, this was arguably the easiest OS to repair for a couple of years by running more basic commands.

    This has since been advanced to more closely match Windows 10/Server 2016 repairs but with the below information I hope to guide you through performing these advanced tasks more easily!

    Spoiler: Windows 8/8.1 Repair DISM

    If CHKDSK and SFC fail to repair the issues with the system, then it this is your next option and besides restoring from a previous backup might be the second-to-last option before re-installing the operating system. We will utilize DISMfor this next repair option.
    • In some instances, you won't need the OS ISO to perform the DISM image cleanup. You can attempt this on any OS from 8-10 by using the following command in elevated CLI: DISM /Online /Cleanup-Image /RestoreHealth
    • In many cases now due to some changes Microsoft made, you'll need to have a copy of the OS ISO available. The ISO will need to be a standard deployment variety that contains Install.WIM in the Sources directory, otherwise the process will fail. Once you have the correct ISO, mount it in Explorer (can do this natively on Microsoft Windows 8.0+), verify the drive letter, verify Image.WIM in the Sources directory.
      • To download a Windows 8.1 ISO from Microsoft, click here.
    • Enter the following in elevated CLI: DISM /Online /Cleanup-Image /RestoreHealth /source:WIM:X:\Sources\Install.wim:1 /LimitAccess
      • X = drive letter of mounted ISO. Change to match the appropriate drive letter.
      • Say I had the Install.WIM located in C:\Images, I would type the following command: DISM /Online /Cleanup-Image /RestoreHealth /source:WIM:C:\Images\Install.WIM:1 /LimitAccess
    The DISM scan can take a while, often times longer than an CHKDSK or SFC scan. To speed up the process, have the Image.WIM on a faster flash media or on local storage rather than disc media. This will help greatly. In many cases one or two runs of this command will repair most issues I've found with Windows 8/8.1.

    Once the DISM repair process has been found successful, or not, I will perform a reboot. If the repair was unsuccessful, this will be when I attempt a second pass. If the second pass fails, it is time to move onto the next solution.

    However, if the DISM repair passes at any point, reboot the system and then perform an SFC to confirm no further issues are found or need resolved. This step is likely overkill for those not seeking to do optional steps.

    Operating System Refresh

    It should be noted that in the event DISM fails to repair the system, then an OS refresh would be the next suggestion if the deployed that could save the user's files and OS deployment.

    This feature has been an available feature since Windows 8 launched in 2012. The biggest benefit with this option over Windows 7's in-place-upgrade is not necessarily requiring the OS installation media to perform the repair.

    If the system is an OEM, an OS refresh from the OEM partition may mean a reinstall of the OS and loss of user data but the restoration of OEM software and bloatware. But you can still choose a manual OS-only refresh without the bloatware if you take the correct steps.

    The best choice in my opinion is to run an OS refresh procedure from the advanced boot menu or you can run the installation media while in Windows to perform and Upgrade installation, this will keep your files and settings but replace Windows files and components.

    To access the advanced boot menu for Windows 8, there are a several options.
    • When choosing restart from the OS GUI, hold down SHIFT and click restart. This method will work even if you cannot log into a profile on the system which makes it very useful in some situations.
    • If logged in, access PC Settings, and click Restart Now under Advanced Startup.
    • If logged in, open a command prompt window and type shutdown /r /o /t 0 which will initiate a reboot into the advanced menu right with no delay. Without /t 0, there will be a 60-second delay. The number value after the /t is delay seconds.
    Once you've reached the advanced boot menu, choose Troubleshoot. From there you can choose to Refresh your PC, Reset your PC and Advanced Options. For this repair, we want to choose Refresh your PC. It's description reads "If your PC isn't running well, you can refresh it without losing our files." That is exactly what we want to accomplish here!

    Follow the prompts and processes, and after the refresh installation and rebooting, you should be greeted with a login screen back to your profile in your stable OS environment. At this point you should be able to use the system as intended, if in doubt then re-run the SFC and DISM scans.

    In-Place Upgrade

    If CHKDSK, SFC and DISM fail to repair the issues with the system, yet you can still boot to the Windows desktop, then the next option is to perform an in-place upgrade. This is more in-depth than an Operating System Refresh. It re-installs most of the operating system's core image and critical files without losing your profiles, data or programs, but do expect to lose some settings. In many cases this process can fix some major issues and refresh an otherwise corrupt and issue-ridden OS installation back to something stable and usable.

    Time to close the CLI windows and get back into the GUI, unless you want to deploy Windows through CLI. You'll have to source a different guide for that process!

    Requirements to perform an in-place upgrade:
    • Must have installation media that matches the installed OS version and type. This applies to both Windows and Windows Server.
    • Must be able to get to the desktop on the affected system to correctly initiate this process, booting to the media will not allow an upgrade to be performed.
    That last rule is the frustrating part of this repair process if you cannot get that far, backup what you can and do a fresh installation. Otherwise proceed.
    • Start the process by using autorun or manually running setup.exe from the installation media.
    • Windows 8/Server 2012+ can mount ISO's in Windows Explorer, you can use that instead of physical media options to perform this task.
    • You'll come to the installation window, the options will be Upgrade or Custom. Choose Upgrade. This is critical as choosing custom will force you to overwrite, append or wipe out the current install rather than performing any kind of repair.
    • Follow the on-screen prompts, which should be very few for you to interact with. The overall process looks and is the Windows install GUI. Once it is completed, the system will automatically reboot (may need to more than once).
    • After the reboot(s) after the in-place upgrade you should have a fully functional Windows without issues or corruptions.
    Performing an in-place upgrade makes sense, and gives you a stable and clean running operating system when there's an issue or corruption you just can't fix but things aren't broken enough to warrant a fresh installation. The point of this process is to refresh the Windows OS files but retain your data, programs, and settings. That is precisely what the in-place upgrade procedure accomplishes.

    I should also add that this process can be accomplished remotely as well, from start to finish. I have done so with persistent LogMeIn, ScreenConnect and Teamviewer installations on various remote systems I have performed this task on, RDP should work as well. Being able to do this level of repair remotely is a huge benefit to any sysadmins out there looking to keep a client happy and perform that "remote magic" IT guys are known for.


    **If at this point your issues are not fixed, then there is something else occurring that is causing the issue be it Malware, hardware, drivers, etc. Please refer to the OP in this thread to run through some of those tests and diagnostics, or create a new thread seeking help and stating what you've tried.**
     
    Kursah, Jun 24, 2021
    #2
  3. Best way to remove problem Malware

    Hi There,

    I am trying to remove a bundle of Malware without success.

    There is a bundle of listed programs which I try to uninstall through the typical Control Panel effort, but they remain listed there:

    Buenosearch Toolbar
    MyPC Backup
    PC Performer
    Speed Test 127
    UnknownFile

    I was looking at this weblink which provides a 5 step process for Buenosearch alone:
    Remove Bueno Search (Removal Guide)

    Not sure how much certain guides can be trusted. One of the first things I read was to download Revo Uninstaller, and I've not heard of it so I'm not sure if it's trustworthy..........
     
    radioraheem, Jun 24, 2021
    #3
  4. Can a Repair upgrade of Windows 10 remove traces of malware?

    Traces

    Trace malware is a detection which typically indicates harmless pieces of leftovers also known
    as remnants (registry keys, file fragments, folders) generally found after cleaning a previous malware infection. Traces are typically useless and not dangerous since the primary malicious file(s) has been removed. A
    Malware.Trace detection is just another name used by Malwarebytes, SUPERAntiSpyware and other security vendors for trace malware.

    Performing the scans suggested by
    José Antonio Pontón Posada CEO should remove most of them.
     
    quietman7 - MVP, Jun 24, 2021
    #4
Thema:

Can a Repair upgrade of Windows 10 remove traces of malware?

Loading...
  1. Can a Repair upgrade of Windows 10 remove traces of malware? - Similar Threads - Repair upgrade remove

  2. Remove Malware from the Windows 10

    in AntiVirus, Firewalls and System Security
    Remove Malware from the Windows 10: What is the best way to find and remove Malware on Windows 10?[Original Title: Malware] https://answers.microsoft.com/en-us/protect/forum/all/remove-malware-from-the-windows-10/e276fafc-ff12-467f-bbb5-275b76e50c27
  3. Can I remove a RootKit malware?

    in AntiVirus, Firewalls and System Security
    Can I remove a RootKit malware?: Corrupted system files with a type of malware that even after system reinstall it is still in my system even without connecting the system to the internet, from what I gathered it is possibly a RootKit malware I don't know other types of malware that is hidden and still can...
  4. Malware removal

    in AntiVirus, Firewalls and System Security
    Malware removal: Hello today i was checking task manager and found out that half of the RAM resourses were used somewhere and found out that trojan type malware have been dowanloadet on my PC and now i was wondering how to remove it the folder it resdies in has no stuff in it and it messed...
  5. How to trace WebNavigatorBrowser malware installation

    in AntiVirus, Firewalls and System Security
    How to trace WebNavigatorBrowser malware installation: Recently I had to remove WebNavigatorBrowser malware. I used Malwarebytes MS Safety Scanner quick scan did not remove it to remove it. However, I wonder how it got installed in the first place when user did not even have rights to install software on their own. User has a...
  6. Removing traces of Miracast connection

    in Windows 10 Network and Sharing
    Removing traces of Miracast connection: I have an hp laptop with W10. Local Battlefield 2 LAN games worked fine with my W7 desktop until I setup and used Miracast with my W10 laptop and TV. Now, If I serve the Bf2 game from the W10 laptop then all is fine but the W10 laptop can't find the game when the W7 desktop...
  7. malware removal

    in AntiVirus, Firewalls and System Security
    malware removal: How to remove a rogue Chromium from windows 10 ver 1903 https://answers.microsoft.com/en-us/windows/forum/all/malware-removal/0b4e954c-b9b2-4458-b2f7-c9713d40ac53"
  8. malware removal

    in AntiVirus, Firewalls and System Security
    malware removal: My computer is infected with malware called eleseems-insector. How can I remove it. https://answers.microsoft.com/en-us/protect/forum/all/malware-removal/7c20f981-2735-49e6-a327-541f0f686bd0
  9. Malware removal

    in AntiVirus, Firewalls and System Security
    Malware removal: Hello. I am running Windows 10. I had a pop up take over my screen while online, using Firefox. It started talking to me and telling me I was under attack, etc. Figured it was ransomware and shut down pc immediately. I have run scans using Defender, AVG, Avast, Spybot, and...
  10. Repair/Malware program

    in AntiVirus, Firewalls and System Security
    Repair/Malware program: What is a good repair/malware program to install? It can be free or purchased, as long as it does the job properly. 62097