As was foretold, we've added advertisements to the forums! If you have questions, or if you encounter any bugs, please visit this thread: https://forums.penny-arcade.com/discussion/240191/forum-advertisement-faq-and-reports-thread/
Options

Too many virii

clsCorwinclsCorwin Registered User regular
edited October 2008 in Help / Advice Forum
So I got my mother-in-law's laptop to fix, because she said it was overran with virii. I did not know how bad it was.

First, I couldn't get this thing to even boot up without running chkdsk on it.

So it boots up and I am greeted not only by MS Antivirus, but also some other random "antivirus." Having dealt with the former before, I figured it shouldn't be too bad.

I was wrong. One of these things has hijacked the start menu, so that will not come up at all. Also, it has disabled pasting, as well as the ability to drag and drop. I installed Spybot with updates, Firefox 3.0, and extracted SmitFraudFix from my thumbdrive, and used those tools respectively, waiting to get on antivirus.com through firefox when done.

Well, I've ran multiple scans with spybot, and let smitfraud run its course, and still connectivity is denied, instantly.

And if anyone says post a hijack this log, remember that the laptop cannot drag and drop or paste, and has no internet connectivity.

Help me purge the devil from this beast!

clsCorwin on

Posts

  • Options
    ShogunShogun Hair long; money long; me and broke wizards we don't get along Registered User regular
    edited October 2008
    It sounds like you need to format that shit.

    Shogun on
  • Options
    contrabandcontraband Registered User regular
    edited October 2008
    If a system is way too tied up with malware to be easily recoverable, I would personally just reformat the machine. You can never be sure otherwise.

    contraband on
    sigxw0.jpg
  • Options
    DrFrylockDrFrylock Registered User regular
    edited October 2008
    At this point reformatting and reinstalling is probably a fairly good option. However, since you've got little to lose, back up the data (hang the hard drive off another machine) and then:

    - Run Malwarebytes Anti-Malware
    - Run ComboFix

    Spybot and Ad-Aware are weak sauce against any serious malware. I disagree that you can "never be sure otherwise;" you can almost certainly be sure by looking at the appropriate HijackThis log and getting clean bills of health from the appropriate tools.

    DrFrylock on
  • Options
    clsCorwinclsCorwin Registered User regular
    edited October 2008
    I would have already done this, but as this is not my machine, I'm not putting my copy of windows onto it. Besides, its running Media Center Edition, which my mother-in-law claims she uses the media parts, and I don't have a copy of it.

    clsCorwin on
  • Options
    nerdgaymernerdgaymer Registered User regular
    edited October 2008
    if you cant find virus scanners that get rid of the bugs it is possible to manually remove stuff most of the time. That said it can be complicated and time consuming. look into a tool called Process Explorer, its kind of like a beefed up task manager, but basically lets you track down running processes and sometime you can see what is viral and shut it down, and then delete the file. There are tutorials out there on how to use it, which I would advise if you havent touched it before.

    also turn off system restore while getting rid of the bugs, it wont help get rid of them and sometimes they hide in there to reinfect the machine. all of this presumes some level of functionality in the computer which it sounds like you may not have, might want to look into manual Registry fixes to deal with things like missing Control Panels and disabled taskmanagers (be careful when playing with the registry though as it can quickly mess up a computer if not treated right). hope this is all some help...

    nerdgaymer on
  • Options
    clsCorwinclsCorwin Registered User regular
    edited October 2008
    Ok, so a related questio then. Since my mother in law never got an XP Media Center Install CD (as most OEm users didn't), what is the legality of downloading an OEM version that I can burn to a CD, and then use that to install (using the CD key provided on the bottom of her laptop)?

    Does anyone know of a place where I can download such a copy (providing legality is not against this).

    clsCorwin on
  • Options
    JebusUDJebusUD Adventure! Candy IslandRegistered User regular
    edited October 2008
    Does it still have all the same ailments in safe mode?

    If you boot into that you may regain some of the functionality like drag and drop or copy paste.

    JebusUD on
    and I wonder about my neighbors even though I don't have them
    but they're listening to every word I say
  • Options
    clsCorwinclsCorwin Registered User regular
    edited October 2008
    Actually, it doesn't. I tried. Many times I tried.

    clsCorwin on
  • Options
    ReitenReiten Registered User regular
    edited October 2008
    Contact the manufacturer and explain that you need a copy of the operating system for a reformat and reinstall.

    Reiten on
  • Options
    JebusUDJebusUD Adventure! Candy IslandRegistered User regular
    edited October 2008
    You could try to run some antivirus stuff that works in DOS.

    Another idea is to start up the computer in safe mode, CTL ALT DEL and kill any process you dont need on startup. If any process is unneeded or looks fishy just end process tree. this might take some trial and error as you will certainly accidentaly kill some vital system processes and have to restart. It may regain some functionality if you do it right though.

    Run all your antivirus and anti spyware programs near simultaneously, some programs are sneaky and will reinstall themselves while removal programs have only removed part of them. If you catch them in the right order or before they have reloaded themselves you can get them sometimes.

    JebusUD on
    and I wonder about my neighbors even though I don't have them
    but they're listening to every word I say
  • Options
    AtomBombAtomBomb Registered User regular
    edited October 2008
    I would think it would be fine to torrent a copy of XP Media center to install with your valid key. Just make sure not to download a cracked version or a version that comes with a key. I'm going to do the same thing for this old laptop that just got dropped off to me with no discs that needs win98se before I donate it (unless I can find my old 98se disc at home). As a side note, it's kind of fun to see all the spyware/malware from 8 years ago. This thing has gator, weatherbug, all the oldies on it :)

    AtomBomb on
    I just got a 3DS XL. Add me! 2879-0925-7162
  • Options
    brandotheninjamasterbrandotheninjamaster Registered User regular
    edited October 2008
    AtomBomb wrote: »
    As a side note, it's kind of fun to see all the spyware/malware from 8 years ago. This thing has gator, weatherbug, all the oldies on it :)

    ARRG! I hated Gator! It was bad enough that I couldn't afford high speed cable in the 90's because it costed $texas so I got stuck with super high speed 56k dialup; everytime I would go to a web page that mother fucker would come sliding in from the side asking me if I want to save some passwords :x. Hell, I was young; I didn't know any better I saved all my passwords.

    Edit: Relevant information: I'm sure you probably already looked at this. but I remember a few companies (mainly Compaq) partitioning space on the HDD for the operating system; just incase you had to format. If its there it would show up in my computer more then likely assigned the letter "D". Just a thought.

    brandotheninjamaster on
  • Options
    clsCorwinclsCorwin Registered User regular
    edited October 2008
    Taskmanager is out, remember? Even in safe mode.

    clsCorwin on
  • Options
    YarYar Registered User regular
    edited October 2008
    Get Avast's free virus cleaner and put it on a floppy (or USB drive or whatever the kids use these days).

    Yar on
  • Options
    PeregrineFalconPeregrineFalcon Registered User regular
    edited October 2008
    Extract the legal key using Magical Jellybean Keyfinder (or off the bottom of the laptop)
    Obtain an XP MCE disc and use the proper OEMBIOS files for your make of laptop to alter it to accept your key. As long as you have a legit key and COA, you're on pretty solid ground legally.

    But first things first.

    Orbital nuke, deploy.

    PeregrineFalcon on
    Looking for a DX:HR OnLive code for my kid brother.
    Can trade TF2 items or whatever else you're interested in. PM me.
  • Options
    MrMonroeMrMonroe passed out on the floor nowRegistered User regular
    edited October 2008
    Are you sure that this laptop, like many others, does not have a recovery partition with a packed-up clean install? Most lappys won't even come with the OS media. (which is completely whack, but useful if you're dealing with someone without the foresight to save the OS media)

    MrMonroe on
  • Options
    clsCorwinclsCorwin Registered User regular
    edited October 2008
    If said partition exists, I would not be confident that it is uninfected. Also, the key is printed on a nice MS tag on the underside of the machine.

    clsCorwin on
  • Options
    Dance CommanderDance Commander Registered User regular
    edited October 2008
    If you're really feeling adventurous you could use something like Helix to try and scrub the machine.

    Dance Commander on
  • Options
    JaysonFourJaysonFour Classy Monster Kitteh Registered User regular
    edited October 2008
    I'd present the situation to the machine's owner.

    It's thier machine, you have to tell them:

    "Your computer is so full of malware that it must have rolled around on the floor of the Internet's bathroom. The only real option here is a reformat and reinstall, because even if I did clear every piece of crap out of it, you'd never have the same functionality, and you can never be sure you got every last bit on a machine so infested like this. It would just be better if we got a clean install of Windows in there, so that we can be sure there's no surprises waiting for us. We can set everything back the way it was, including some programs to make sure this stuff doesn't happen again."

    Long story short, fire up the tactical nuke and destroy everything.

    JaysonFour on
    steam_sig.png
    I can has cheezburger, yes?
  • Options
    EliteLamerEliteLamer __BANNED USERS regular
    edited October 2008
    Anyone know anything Free for removing malware?

    EliteLamer on
    SEGA
    p561852.jpg
  • Options
    MordrackMordrack Registered User regular
    edited October 2008
    http://www.malwarebytes.org/
    It works for me.

    Mordrack on
    steam_sig.png
Sign In or Register to comment.