Virus is beating me

[Gary L]

I'm looking at a mates laptop with virus's and trojans on. the CD drive don't work so that's buggering everything up, and I can't run .exe's. some will run and others won't.

I'm trying to run portable virus apps but they keep closing on me. I'm totally stumped without a CD drive. I'm gonna have to go and borrow an external one later.

on the USB stick it keeps making a RAR.exe. I've had a look on Google but can't find nothing. just that it's a worm when I put it on my PC.

the other thing is the wireless doesn't work on it, so I can't do an online scan either.

I'm giving up on it. I haven't got the time

[MetaWraith]

Would SAFE MODE and restoring to some point prior to infection help?
You might at least then be able to at least run a scan.
Just an thought without knowing much more about the specific nasty.

[Kymmy]

I always take out the drive, put it in another PC then virus scan it as a non-bootable drive.. (thank gawd for 2.5 to 3.5 IDE convertors)

1st thing I'd look at is the running processes, sounds like you have the virus running in memory and it's replicating itself to any drive that pops up.

[haydnwalker]

How about looking into a USB CD/DVD Drive to flatten the drive and reinstall windows ... or even use it to boot a live version of knoppix to copy any files off that may be needed (note though these MAY be infected too).

[Gary L]

System Restore has been turned off.
When he gave it me it had no boot.ini, and I'm not having any more luck in safe mode anyway.

[Kymmy]

Yep, safe mode will only reduce the drivers and 3rd party software running, most virii though hide themselves in the files needed for running windows even in safe mode.

Are there no AV scanners that will boot and run from the USB?

[Gary L]

Quote:

Originally Posted by Kymmy

I always take out the drive, put it in another PC then virus scan it as a non-bootable drive.. (thank gawd for 2.5 to 3.5 IDE convertors)

1st thing I'd look at is the running processes, sounds like you have the virus running in memory and it's replicating itself to any drive that pops up.

I've got one of them adapters, but I really can't be bothered opening my PC up to go through it all.
I'm gonna get the external CD later and just do a fresh install.

---------- Post added at 10:54 ---------- Previous post was at 10:53 ----------

Quote:

Originally Posted by haydnwalker

How about looking into a USB CD/DVD Drive to flatten the drive and reinstall windows ...

That's what I probably will have to do.

---------- Post added at 10:56 ---------- Previous post was at 10:54 ----------

Quote:

Originally Posted by Kymmy

Are there no AV scanners that will boot and run from the USB?

I've tried them all. they just won't open. one opened found a load of stuff but they were all there again when I rebooted and rescanned.

[Kymmy]

Quote:

Originally Posted by Gary L

I've tried them all. they just won't open. one opened found a load of stuff but they were all there again when I rebooted and rescanned.

It happens a lot..

The virii files are removed quite happily, but the virii installer/package isn't found (hard to tell if a encrypted and compress installer is safe or not.) When you reboot afterwards the package is run and the deleted files re-appear.

do you know what virus it is causing the main problems?

I use a bootable usb stick with live xp on with AV and Malware aps

if its really that bad just recover to factory defaults and tell him lesson learnt lol

[Gary L]

Quote:

Originally Posted by zing

do you know what virus it is causing the main problems?

I use a bootable usb stick with live xp on with AV and Malware aps

if its really that bad just recover to factory defaults and tell him lesson learnt lol

There was too many to know who's the most dominant
it has got it's own restore partition, and even that was infected. I only said I'd have a look at it because I thought it wouldn't be too bad.

if I can't get it back to normal with the recovery CD, he'll just have to sort it out some other way.

[Dai]

If it's that bad Gary, you'll never be certain you've got every one of the nasties.

Better, quicker and safer to flatten and reinstall otherwise it may come back to haunt you later when something you missed steals the customer's bank details.

[Gary L]

I'm reinstalling now. I tried the same CD drive in it and it worked, so I borrowed that to do it with.

[Anonymouse]

It sounds as if you have some sort of rootkit on your hands. Very difficult to kill without the right software...but a doddle to kill with it.

I suggest you try Blacklight Beta - excellent app. I had a rootkit a few years ago - I was always redirected to Microsoft.com regardless of what browser I used, IE6 was somehow downgraded to IE5, so I couldn't even run the repair tool, and McAfee was somehow disabled. Spybot & Ad-Aware were baffled. Luckily I had an uninfected laptop, with which I conducted desperate research. I discovered Blacklight, put it on the case, and voila!

Try it. The worst that'll happen is that it won't work.

One thing I always advise when someone's buying and setting up a computer: always set up two accounts, not one, even if you are the only user, and then downgrade the one you're going to use to access the Internet from Administrator to User. That stops most malware in its tracks because it can't install. Never use an Admin account to access the Internet unless you know the site is safe; only use the Admin account to install/uninstall software. It annoys me that this is never explained by either the setup manual or the store you're buying the computer from. For anyone not all that tech-savvy, there's a simple analogy between Administrators and Users: it's the difference between having a ticket to a concert and having a backstage pass.

If this advice had been given out routinely 10 or more years ago, the malware problem would be nowhere as prevalent as it is. If it were given out routinely now, the problem would perhaps not get any worse.

[Gary L]

All done now. he just needs to reinstall everything himself now.

regarding the seperate accounts, I always have at least 2 Windows installs on all my PC's. easier to get in and fix things