win 10 - What are the things to look out for after you uninstalled a suspected malware?

Question

I'm relatively under informed when it comes to windows operating system's core, other than it is notoriously insecure and features a wacky access control system unlike Linux.

I've accidentally installed the opera browser and soon discovered its owned by Chinese companies (not the least of which being Qihoo, an infamous spyware/malware distributor) which is a major security concern. I promptly uninstalled it, but as I understand, the uninstallation in windows could mean something very differently depends on the actual scenario!

So I want to know what I should manually clean up to increase my odds of removing it completely? Do I have to worry about the rootkit?

Thanks!

Answer 1

No, chances are you do not have to worry about a rootkit, and chances are you need not actually do anything, similarly, I'd actually argue adversely and suggest that windows security is actually pretty decent at this point. What used to be a facade for security is now very much more in tune with modern security standards, but we digress.

Honestly, the only residual files that might be left hanging around with be various cached or user config files residing in %APPDATA% and a few settings in the registry, neither of which you should be concerned about for anything more than the inconvenience of a few mb.

To further this point, you assert the possibility that opera may contain malware. Lets assume this is true, then its only a matter of time before said malware is pulled apart and checksum'ed by Windows Defender, or one of the many other AV companies and would no longer be tolerated for anyone's system, at which point there would be an uproar and a backlash against opera at the discovery, and the user base would evaporate overnight.

What is far more likely however, that they, just like everyone else, is collecting anonymised usage statistics and reselling customer behaviour data and marketing. There is far more money in this than in... malware and rootkits for which purpose exactly? to do"evil Chinese stuff"? I'm sorry but this perspective holds little weight, sure its possible, but it has no benefit to the actors you suggest, as it would become glaringly obvious and result in the death of the platform when discovered.

The moment you uninstall the program, all of its binaries residing in its program directory will be removed, and it will no longer be able to run as a process, collect statistics and analyse user behaviour. Simply uninstalling a legitimate application like opera is enough to make impotent its ability to collect analytical statistics.

Typically, Uninstallers are distributed by the software developer, so yes, they are in control of both what is installed, and uninstalled (as they are the one ones capable of deciding what must and must not be removed, relative to their application/services). So while yes, they may have the capability to install malware onto your system and neglect to remove it, you will be hard pressed to find any official software vendor doing as such. It is in most software interest to respect the users resources and to clean up after themselves properly. Failing to do so leads to a bad reputation and loss of sales, just look at Norton.

If however, you do truly suspect a rootkit, then the only solution is to format your installation disk in order to both wipe the bootsector as well as the operating system and start from fresh, its the kind of scenario where you go "The house is infested, lets just burn it down and rebuild it fresh". Usually rootkits remain undetectable by any means available from within the operating system, and to some extents from outside as well. Such an attack vector would never be used so frivolously by an application which attempts to generate revenue for owners.