Windows 10: Can a Repair upgrade of Windows 10 remove traces of malware?

I had unknowingly installed an unwanted program which had created problem for me for quite some time. I suspected that it might be some kind of malware, so after some really hard work I was finally able to remove that program from my PC. But now it seems that the program might have corrupted some of the system files and registry entries, and so I get error messages popping up randomly. Running the SFC and DISM utility didn't help.So my question is, will a repair upgrade of Windows fix this issue and remove any traces of the malware from the registry? Or do I need to reinstall Windows all

:)

 

Repair Windows 7/8/10

Repairing Windows 8

Further improving on previously deployed OS repair methods, Windows 8, 8.1, Server 2012 and 2012 R2 further allowed advanced repair where an in-place upgrade or total re-install would be required on previous operating systems. In all honesty, before Windows 10 implementation, this was arguably the easiest OS to repair for a couple of years by running more basic commands.

This has since been advanced to more closely match Windows 10/Server 2016 repairs but with the below information I hope to guide you through performing these advanced tasks more easily!

Spoiler: Windows 8/8.1 Repair DISM

If CHKDSK and SFC fail to repair the issues with the system, then it this is your next option and besides restoring from a previous backup might be the second-to-last option before re-installing the operating system. We will utilize DISMfor this next repair option.

• In some instances, you won't need the OS ISO to perform the DISM image cleanup. You can attempt this on any OS from 8-10 by using the following command in elevated CLI: DISM /Online /Cleanup-Image /RestoreHealth
• In many cases now due to some changes Microsoft made, you'll need to have a copy of the OS ISO available. The ISO will need to be a standard deployment variety that contains Install.WIM in the Sources directory, otherwise the process will fail. Once you have the correct ISO, mount it in Explorer (can do this natively on Microsoft Windows 8.0+), verify the drive letter, verify Image.WIM in the Sources directory.
  • To download a Windows 8.1 ISO from Microsoft, click here.
• Enter the following in elevated CLI: DISM /Online /Cleanup-Image /RestoreHealth /source:WIM:X:\Sources\Install.wim:1 /LimitAccess
  • X = drive letter of mounted ISO. Change to match the appropriate drive letter.
  • Say I had the Install.WIM located in C:\Images, I would type the following command: DISM /Online /Cleanup-Image /RestoreHealth /source:WIM:C:\Images\Install.WIM:1 /LimitAccess

The DISM scan can take a while, often times longer than an CHKDSK or SFC scan. To speed up the process, have the Image.WIM on a faster flash media or on local storage rather than disc media. This will help greatly. In many cases one or two runs of this command will repair most issues I've found with Windows 8/8.1.

Once the DISM repair process has been found successful, or not, I will perform a reboot. If the repair was unsuccessful, this will be when I attempt a second pass. If the second pass fails, it is time to move onto the next solution.

However, if the DISM repair passes at any point, reboot the system and then perform an SFC to confirm no further issues are found or need resolved. This step is likely overkill for those not seeking to do optional steps.

Operating System Refresh

It should be noted that in the event DISM fails to repair the system, then an OS refresh would be the next suggestion if the deployed that could save the user's files and OS deployment.

This feature has been an available feature since Windows 8 launched in 2012. The biggest benefit with this option over Windows 7's in-place-upgrade is not necessarily requiring the OS installation media to perform the repair.

If the system is an OEM, an OS refresh from the OEM partition may mean a reinstall of the OS and loss of user data but the restoration of OEM software and bloatware. But you can still choose a manual OS-only refresh without the bloatware if you take the correct steps.

The best choice in my opinion is to run an OS refresh procedure from the advanced boot menu or you can run the installation media while in Windows to perform and Upgrade installation, this will keep your files and settings but replace Windows files and components.

To access the advanced boot menu for Windows 8, there are a several options.

• When choosing restart from the OS GUI, hold down SHIFT and click restart. This method will work even if you cannot log into a profile on the system which makes it very useful in some situations.
• If logged in, access PC Settings, and click Restart Now under Advanced Startup.
• If logged in, open a command prompt window and type shutdown /r /o /t 0 which will initiate a reboot into the advanced menu right with no delay. Without /t 0, there will be a 60-second delay. The number value after the /t is delay seconds.

Once you've reached the advanced boot menu, choose Troubleshoot. From there you can choose to Refresh your PC, Reset your PC and Advanced Options. For this repair, we want to choose Refresh your PC. It's description reads "If your PC isn't running well, you can refresh it without losing our files." That is exactly what we want to accomplish here!

Follow the prompts and processes, and after the refresh installation and rebooting, you should be greeted with a login screen back to your profile in your stable OS environment. At this point you should be able to use the system as intended, if in doubt then re-run the SFC and DISM scans.

In-Place Upgrade

If CHKDSK, SFC and DISM fail to repair the issues with the system, yet you can still boot to the Windows desktop, then the next option is to perform an in-place upgrade. This is more in-depth than an Operating System Refresh. It re-installs most of the operating system's core image and critical files without losing your profiles, data or programs, but do expect to lose some settings. In many cases this process can fix some major issues and refresh an otherwise corrupt and issue-ridden OS installation back to something stable and usable.

Time to close the CLI windows and get back into the GUI, unless you want to deploy Windows through CLI. You'll have to source a different guide for that process!

Requirements to perform an in-place upgrade:

• Must have installation media that matches the installed OS version and type. This applies to both Windows and Windows Server.
• Must be able to get to the desktop on the affected system to correctly initiate this process, booting to the media will not allow an upgrade to be performed.

That last rule is the frustrating part of this repair process if you cannot get that far, backup what you can and do a fresh installation. Otherwise proceed.

• Start the process by using autorun or manually running setup.exe from the installation media.
• Windows 8/Server 2012+ can mount ISO's in Windows Explorer, you can use that instead of physical media options to perform this task.
• You'll come to the installation window, the options will be Upgrade or Custom. Choose Upgrade. This is critical as choosing custom will force you to overwrite, append or wipe out the current install rather than performing any kind of repair.
• Follow the on-screen prompts, which should be very few for you to interact with. The overall process looks and is the Windows install GUI. Once it is completed, the system will automatically reboot (may need to more than once).
• After the reboot(s) after the in-place upgrade you should have a fully functional Windows without issues or corruptions.

Performing an in-place upgrade makes sense, and gives you a stable and clean running operating system when there's an issue or corruption you just can't fix but things aren't broken enough to warrant a fresh installation. The point of this process is to refresh the Windows OS files but retain your data, programs, and settings. That is precisely what the in-place upgrade procedure accomplishes.

I should also add that this process can be accomplished remotely as well, from start to finish. I have done so with persistent LogMeIn, ScreenConnect and Teamviewer installations on various remote systems I have performed this task on, RDP should work as well. Being able to do this level of repair remotely is a huge benefit to any sysadmins out there looking to keep a client happy and perform that "remote magic" IT guys are known for.


**If at this point your issues are not fixed, then there is something else occurring that is causing the issue be it Malware, hardware, drivers, etc. Please refer to the OP in this thread to run through some of those tests and diagnostics, or create a new thread seeking help and stating what you've tried.**

 

Best way to remove problem Malware

Hi There,

I am trying to remove a bundle of Malware without success.

There is a bundle of listed programs which I try to uninstall through the typical Control Panel effort, but they remain listed there:

Buenosearch Toolbar
MyPC Backup
PC Performer
Speed Test 127
UnknownFile

I was looking at this weblink which provides a 5 step process for Buenosearch alone:
Remove Bueno Search (Removal Guide)

Not sure how much certain guides can be trusted. One of the first things I read was to download Revo Uninstaller, and I've not heard of it so I'm not sure if it's trustworthy..........

 

Traces

Trace malware is a detection which typically indicates harmless pieces of leftovers also known
as remnants (registry keys, file fragments, folders) generally found after cleaning a previous malware infection. Traces are typically useless and not dangerous since the primary malicious file(s) has been removed. A
Malware.Trace detection is just another name used by Malwarebytes, SUPERAntiSpyware and other security vendors for trace malware.

• Spyware Traces in Detail
• An in-depth look at the Emsisoft scanner technology: Traces Scan

Performing the scans suggested by
José Antonio Pontón Posada CEO should remove most of them.