Friend's computer is virused up to the max

[McGraw]

So I'm going round there to sort it out.

I've sorted quite a few people's PCs out before and it's usually the trick of turning system restore offthat gets rid of the little blighters.

However, this infection sounds quite bad. Although I built the machine and set her up with Spybot, AVG and made sure the Windows firewall was on, she has backdoor trojans, w32.myzor and various malware threats. This is down to all the dodgy "game of the day" sites she goes on as well as less as not updating and immunising Spybot for at least 6 months.

She says her internet connection has now dropped so there's a small chance I won't be able to fix it without having some general purpose virus removal tools.

So, whilst I've got the chance, what does anyone recommend I burn to CD and take round?

Cheers.

if its that bad reformat and take a ghost image once the machine is up and running.
I have very little time for customers of mine that allow their system to get virused up to the max as it were and unless there prepared to pay 15 quid an hour for me to sit there watching a boot time virus scan then id just format and tell them off for downloading garbage

Dude its obvious you put yourself accross as a system builder you should know what to do

[gazzae]

format c:\

Seriously. If a PC is that bad esp with some of the nasty spyware about then I find it far quicker just to do a clean reinstall.

Quote:

Originally Posted by gazzae

format c:\

Seriously. If a PC is that bad esp with some of the nasty spyware about then I find it far quicker just to do a clean reinstall.

who uses that command often nowadays lol lol

[Stuart]

Assuming you have your XP or Server 2003 disks, you can use Bart PE to build a bootable windows CD. This includes a plug in and instructions to enable you to download a McAfee virus scanner from the web. You can then run this from the CD.

Note: The plug in doesn't seem to require a McAfee licence.

[dilli-theclaw]

Quote:

Originally Posted by zinglebarb

who uses that command often nowadays lol lol

Well not without the /u switch anyway

[Aragorn]

I'm with the Zing on this - you could spend days trying to get rid of stuff and still not be certain there isn't a hidden rootkit.
Nuke it and tell her not to be so careless!

Quote:

Originally Posted by Stuart C

Assuming you have your XP or Server 2003 disks, you can use Bart PE to build a bootable windows CD. This includes a plug in and instructions to enable you to download a McAfee virus scanner from the web. You can then run this from the CD.

Note: The plug in doesn't seem to require a McAfee licence.

or you can follow my instructions for modifying bart pe to have full shell access allowing you to run apps off the hard drive its all posted here somewhere

[Gareth]

Yeah, like it says here... http://www.eweek.com/article2/0,1895,1945782,00.asp

Quote:

In a rare discussion about the severity of the Windows malware scourge, a Microsoft security official said businesses should consider investing in an automated process to wipe hard drives and reinstall operating systems as a practical way to recover from malware infestation.

"When you are dealing with rootkits and some advanced spyware programs, the only solution is to rebuild from scratch. In some cases, there really is no way to recover without nuking the systems from orbit," Mike Danseglio, program manager in the Security Solutions group at Microsoft, said in a presentation at the InfoSec World conference here.

[Stuart]

Quote:

Originally Posted by zinglebarb

or you can follow my instructions for modifying bart pe to have full shell access allowing you to run apps off the hard drive its all posted here somewhere

TBH, I was thinking more along the lines of copying important data somewhere then nuking the system. The Virus scanner was to make sure you don't copy any viruses.

http://www.cableforum.co.uk/board/sh...7&postcount=12 here is my link it shows you how you can use nero(you can run this from program files as long as its installed on the drive ) also so you can burn and saved files to cd/dvd without running from the hdd.
Having full shell access allows for easier copy and paste options

[punky]

Quote:

Originally Posted by McGraw

So I'm going round there to sort it out.

I've sorted quite a few people's PCs out before and it's usually the trick of turning system restore offthat gets rid of the little blighters.

However, this infection sounds quite bad. Although I built the machine and set her up with Spybot, AVG and made sure the Windows firewall was on, she has backdoor trojans, w32.myzor and various malware threats. This is down to all the dodgy "game of the day" sites she goes on as well as less as not updating and immunising Spybot for at least 6 months.

She says her internet connection has now dropped so there's a small chance I won't be able to fix it without having some general purpose virus removal tools.

So, whilst I've got the chance, what does anyone recommend I burn to CD and take round?

Cheers.

Easiest thing to do is take a Linux live CD round. You insert the disk, and it boots into Linux giving you a complete operating system without making any changes to your HD. I have good success with Mandriva lately.

I'm with everyone else though, just nuke it and start afresh. Much easier in the long run.

[McGraw]

Ok, thanks for the advice.

[greencreeper]

I usually go for a once over with Stinger, then Windows Update, AV install/config, and Spybot/SpywareBlaster.

[ADd]

Hi McGraw, you mention backdoor trojams, which is by far one of the worst infections a user could have. This is because of their backdoor capabilities, which means the attacker could have installed almost anything on the sysytem, indeed many backdoor trojans/worms allow the attack to have so much control they could be sitting at the desk using the computer in question, thus you are never really able to trust that system fully again. So the decision to re-format and reinstall depends upon the infection, and also what the pc is used for.
The w32.myzor infection isn't a real problem, you should be able to remove it using the info at this link:
http://www.bleepingcomputer.com/forums/topic63896.html

Good tools are as follows:
Anti-Spyware/Adware
Adaware SE Personnal:
http://www.lavasoft.de/software/adaware/
(Free, manual update)

Anti-Malware:
Ewido Anti-spyware:
http://www.ewido.net/en/download/
14 day full trial then on demand scanner have to update manually after trial(very good piece of software!) download setup files for ewido, and the separate full signature manual update to cd.

Trojan Hunter:
http://www.misec.net/
another free trial thinks it's 30 days.

It is best to run all these scans in safe mode, as many malware files will not be deleted in normal mode, and [b]disconnect the infected PC from the internet [b](pull the plug)

CCleaner:
http://www.ccleaner.com/ccdownload.asp (I would run this first)

Very good, but be careful of using the 'Issues' part of program, as it has been known to delete needed registry entries. The 'Cleaner' section which you need is completely safe, however it will remove cookies from your system so make sure you have all your passwords for forums hotmail etc witten down before using, and perhaps bookmarked (in Firefox,or put in favourites if you use IE) pages you visit regularily.

Without knowing exactly what infections you have, I cannot help more, but I would strongly advise you to visit one of these ASAP forums:

http://www.malwareremoval.com/a-sap.html

and post a HijackThis log. This link may help you decide if a reformat is necessary:

http://www.dslreports.com/faq/10063

In addition if you have been infected by backdoor trojans, there is the possibility of rootkit infected, which are often very hard to detect and remove, hence the previous reply to boot with a linux cd is a good idea, as most modern rootkits hide at the kernel level.

Above all goodluck