PDA

View Full Version : PC is completely overwhelmed w/ viruses /spyware



BasketballOSU
07-04-2010, 12:56 PM
taking me a minute per word fighting through the popups.

comp wont restart in safe mode - gets blue screen of death.

task manager wont work - can't open anti spyware programs.

WHERE TO START? HELP PLEASE!

BasketballOSU
07-04-2010, 12:59 PM
Antimalware doctor and Total XP Security might be the source of it...

snoopy
07-04-2010, 01:00 PM
Format & reinstall

wratterus
07-04-2010, 01:06 PM
Don't wipe it just yet mate.

Can you download combofix from here?

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Try that when the PC is booted up normally.

Another option is slaving the drive and scanning over the top of it with a good AV and malwarebytes, sometimes you actually have to do this to get it clean enough that anti malware software will even run.

BasketballOSU
07-04-2010, 01:06 PM
ill try

wainuitech
07-04-2010, 01:09 PM
Got one laptop at the moment with Total XP Security - its going down fighting, but its losing the battle :D

Mind you it is slaved to another workshop PC to get the first clean out. The basics on removing (http://www.myantispyware.com/2010/03/17/how-to-remove-total-xp-security/) BUT there are a few more steps required that site doesn't mention.

Since you have at least two types, you could be in for one hell of a battle. BUT This may help (http://www.bleepingcomputer.com/virus-removal/remove-antimalware-doctor) - it should allow you to at least get to a working desktop to clean it correctly.

I can tell you now - it wont be a "quick fix" :groan:

Edited: IF its the like the three customers Pc's I have here, all infected - then combofix may not run - total security may kill it. so you will have to slave the drive to get a part clean first. Then comes the fun bit :)

BasketballOSU
07-04-2010, 02:07 PM
wainuitech,

downloaded and ran rkill.

It finished, no noticeable changes. Tried to then run Malwarebytes and it still would not open...

BasketballOSU
07-04-2010, 02:09 PM
And that first link you provided "the basics on removing" unfortunately doesn't work...

bk T
07-04-2010, 02:12 PM
Format & reinstall

+ 1


Don't wipe it just yet mate.

Can you download combofix from here?

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Try that when the PC is booted up normally.

Another option is slaving the drive and scanning over the top of it with a good AV and malwarebytes, sometimes you actually have to do this to get it clean enough that anti malware software will even run.

You may be able to clean up all the garbage but most likely your OS files will be 'cleaned' up together with the garbage as well.:D

pctek
07-04-2010, 02:26 PM
Slaved scans first.
Then scans with NOD32, Spybot, Malware Bytes, HJT and specialised tools.
If after all that it's still unstable then pull their personal data and wipe it, but I like to try a clean first. Satisfying when you finally win.

Paul.Cov
07-04-2010, 02:39 PM
If you disable Java you might get a tad less bother from the malware also.

Spend as much time as possible with the modem physically disconnected.

If there's a Firewall, check that there are no exceptions to allow particular programs access. Any progs you don't recognise should be locked down or terminated.

nofam
07-04-2010, 02:40 PM
Slaved scans first.
Then scans with NOD32, Spybot, Malware Bytes, HJT and specialised tools.
If after all that it's still unstable then pull their personal data and wipe it, but I like to try a clean first. Satisfying when you finally win.

For sure, but with these latest malware infections like virut, it's often a pyrrhic victory.

BasketballOSU
07-04-2010, 02:56 PM
Slaved scans first.
Then scans with NOD32, Spybot, Malware Bytes, HJT and specialised tools.
If after all that it's still unstable then pull their personal data and wipe it, but I like to try a clean first. Satisfying when you finally win.

Sorry, I'm not the most computer-saavy person ever. Could you explain to me in a little more detail what I should do?

wainuitech
07-04-2010, 03:04 PM
And that first link you provided "the basics on removing" unfortunately doesn't work... The link does work, just retired it-- the reason you wont get it to work could be the infections are stopping you going to any site that has antimalware "fixes" The HOSTS file will more than likely be altered and this can stop the sites from loading as well.

Told ya it would be "fun" ;)

Just in case Pctek is not about -- What she is telling you -- remove the Hard Drive from your computer, that then needs to be slaved to another Computer - the Clean Computer will have the programs listed - you scan the infected drive from the clean computer with ALL the programs.
This will get rid of "most" ( but not all) of the infections, then you put the original drive back, and start again the cleaning process.

This whole process - depending on the speed of the PC, the amount of data can easily take many hours - expect 5-8.

The rkill does work - you may need to run it a dozen times or more before it actually takes hold - the infections every time you run it, try to kill it - sooner or later the infections lose and rkill works.

Off to do battle ---- :nerd:

linw
07-04-2010, 03:52 PM
Bit OT but what do the customers say when given a bill for 8hrs ($400-$500?) work?

wainuitech
07-04-2010, 04:06 PM
Bit OT - regarding what ?? one drive has been scanning since 11am this morning, and Nod is approx 94 % of the way through it. theres a lot more scanning to do yet.

This is where COWBOYS come into play -- fix it with in an hour, and the PC is NOT clean.

I dont bill for bench time, only time worked.

Unless I'm on site, and if its obvious its going to take longer than an hour I advice of the time it may take and its cheaper for them to have the PC back at the workshop, than me sitting on my bum for hours watching scans tick over. Hence 4 going at once at the moment - 3 PC's and 1 laptop.

Generally speaking its under $200 - not including any hardware that may be required Eg: one badly infected PC I have here, the RAMS knackered - run memtest and MS memory tester -- Massive fail from both pieces of software.

nofam
07-04-2010, 04:19 PM
- regarding what ?? one drive has been scanning since 11am this morning, and Nod is approx 94 % of the way through it. theres a lot more scanning to do yet.

This is where COWBOYS come into play -- fix it with in an hour, and the PC is NOT clean.

I dont bill for bench time, only time worked.

Unless I'm on site, and if its obvious its going to take longer than an hour I advice of the time it may take and its cheaper for them to have the PC back at the workshop, than me sitting on my bum for hours watching scans tick over. Hence 4 going at once at the moment - 3 PC's and 1 laptop.

Generally speaking its under $200 - not including any hardware that may be required Eg: one badly infected PC I have here, the RAMS knackered - run memtest and MS memory tester -- Massive fail from both pieces of software.

Nicely put WT - I usually charge around $100 for virus removal and general cleanup - sure, it's not purely for bench time, but you can't exactly queue up everything that needs done and go out for the day - hence why I usually do repairs on a weekend so I can peep into my workshop window while doing the gardening and see how scans etc are going! :D

It's the old story though - people will jokingly say that all you did was run some software, but it's knowing which ones to use and when that they're paying for!

berryb
07-04-2010, 05:16 PM
It's the old story though - people will jokingly say that all you did was run some software, but it's knowing which ones to use and when that they're paying for!

It's not all software driven either. I have many times had to manually delete files etc before being able to run any software.

nofam
07-04-2010, 08:33 PM
It's not all software driven either. I have many times had to manually delete files etc before being able to run any software.

Oh for sure - but it always comes back to knowing what to do and (hopefully!) what not to do!!

Digby
08-04-2010, 06:46 AM
I had a pc like that.
I Ran Avast's deep scan two two hours but got rid of most of the viruses.

pkm
08-04-2010, 11:16 AM
Wainuitech: also this is the reason why the NZCS has to bring in this new ITCP qualification with code of ethics and about how to be a nice person and not steal from the customer. Its sad but theres always some one who will be the cowboy. If only you could run them out of town!
"
As a professional body, members of NZCS abide by the NZCS Code of Ethics as well as complete CPD - Continual Professional Development (continual education)."

etc etc

ANOTHER qualification to pay for?! Already have one Dip in It, getting another(open poly proper one)then need an industry cert,ccna,mcse,redhat....

wainuitech
08-04-2010, 12:13 PM
Its sad but theres always some one who will be the cowboy. If only you could run them out of town! Indirectly that can be done. Word of mouth is a powerful thing, both good and bad reps.

Interesting that subject is brought up - I know many Techs that have no Quals at all, yet I would hire them if I could in a flash - their skill levels are great.

BAD service:

Just had a call this morning - a person who called me about 6 months ago and asked for pricing on a job - she didn't like it so she said she would look else where. I quoted $200 max excluding if any hardware was faulty.

Rang back today - the person she got - so far had the PC back to the company 3 times in 6 months with the same problem, was charged between $250 -$350 each time - wouldn't tell them what was done apart from to say they would never have the problem again, and to quote her was very rude and abrupt.

Going to her place on Monday. Currently fighting these viruses on teh PC's as mentioned earlier -- finding loads as well on the second scans, now that it boots into windows.

BTW-- there is a way to clean these without having to slave - you do need a certain CD though (legal) if any one wants the "easier way" let me know and I'll post it.

Billy T
08-04-2010, 03:22 PM
Rang back today - the person she got - so far had the PC back to the company 3 times in 6 months with the same problem, was charged between $250 -$350 each time - wouldn't tell them what was done apart from to say they would never have the problem again, and to quote her was very rude and abrupt.

And she went back again twice, and coughed up around $900 into the bargain?

The mind boggles....

I think you will have a friend/customer for life there though!

Cheers

Billy 8-{) :confused: