A factory reset will remove most common viruses and other forms of malware. But there are specialized viruses and malware that can survive a factory reset, but they are quite rare.
If your phone or computer has fallen victim to a virus, one of the recommended solutions is to perform a factory reset. But will it make your device safe again?
Before we discuss whether factory reset is useful in case of malware infection, it is good to understand what factory reset entails for the device.
What is factory reset?
Factory reset is an option found on many modern electronic devices, including computers and smartphones, that allows you to restore the device's operating system (OS) and drivers to their original state.
It also resets all settings to their default state and removes any programs or files that don't come with the device. In the case of computers, you have the ability to keep the files. But if you're restoring your system to remove viruses, you'll need to delete everything after backing up all critical files.
Interestingly, the name “factory reset” implies that your device will be restored to the same state it was in when you purchased it. But this is not always technically true, especially in the case of phones and tablets that have received an upgraded operating system.
For example, let's say you're trying to use the factory reset option on a phone or tablet that has received an upgraded operating system. In this case, your device will revert to a fresh install of the current operating system on the device, not its original operating system. But it will work the same way for any malware infection as it would for a true factory reset.
Is factory reset useful for virus removal?
You can get rid of almost all viruses and other malware by doing a factory reset. By returning the operating system to its original state, the factory reset option also inadvertently removes any infected programs or files on your device. It is the best option that works, except in some very rare cases.
Every year, viruses become more sophisticated and hackers find new ways to infect unsuspecting devices. So you may encounter trojans and rootkits that can survive a factory reset, but this is relatively rare.
One such trojan – xHelper – appeared in 2019. It targeted Android devices and managed to survive a factory reset.
What if the virus comes back after factory reset?
If your device is infected with malware that comes back even after a factory reset, there's a chance you're dealing with one of the following scenarios:
- Your backup is infected and as soon as you try to restore it to your device with the recent restore, the malware jumps to your device and infects it again.
- Another possibility is that malware has invaded your device's recovery partition. This is a space on your device storage that holds a clean system image for the factory reset option. So if the recovery partition itself is infected, factory reset won't do you much good.
- Rootkits and bootkits could also be responsible for infecting your device. Unfortunately, these are notoriously complex and can evade detection and removal with a factory reset.
- Some cutting-edge malware can also sometimes sneak into your system's peripherals, such as Wi-Fi adapters and web cameras. Many modern peripherals have built-in storage to store user settings, and malware can use it to keep a copy of itself. So even if you reset your device, it can jump back from the peripheral to your device.
Fortunately, all of these are relatively rare. But if you're dealing with such malware, there are a few things you can try, or if you're not very tech-savvy, you can turn to an expert, like a computer technician.
One of the first things you can try when dealing with malware that continues to survive a factory reset is to scan the drive containing your backup. You can connect it to another machine with good antivirus software and scan it. You can also use a rescue disk to thoroughly check your device, including the recovery partition, to make sure nothing malicious is hiding there.
If both fail, you can completely wipe your computer's SSD or HDD and do a clean install after wiping all partitions.
While these methods are useful for computers, it's best to contact your device manufacturer if the malware is on your phone and a factory reset doesn't help.
Lack of root access on mobiles makes it difficult to do anything beyond factory reset. Your device manufacturer will likely be able to completely wipe the storage and flash a fresh OS image to eliminate the infection.
How to avoid viruses again
As they say, prevention is better than cure. So, if you managed to prevent malware infection by doing a factory reset, it's a good idea to secure your device to avoid virus infection in the future. One of the best and easiest ways to achieve this is to keep your device's operating system and apps up to date with the latest updates.
It's also a good idea to install apps and programs only from trusted sources, preferably from official app stores. Don't fall into the trap of free games or free apps and don't install anything from an unverified source.
Always be on guard, however, because even apps from verified sources are known to "sideload" viruses, prompting users to download malicious updates from external sources.
As a general rule, avoid clicking on unknown links or opening suspicious attachments in chat messages or emails.
Factory reset is a powerful tool and can be useful as a last resort if your computer or smartphone is infected with malware.
But it should only be used as a last resort because you'll have to set everything up again, which is time-consuming. Finally, basic security rules can go a long way in keeping your devices free from malware.