Jump to content



Photo

I have never seen a more infected computer in my life

virus malware

  • Please log in to reply
85 replies to this topic

#1 f0rk_b0mb

f0rk_b0mb

    Neowinian Senior

  • Tech Issues Solved: 3
  • Joined: 02-June 12

Posted 20 November 2012 - 17:33

I offered to fix one of my teacher's daughter's laptops and she has this virus (don't worry link is safe): http://blog.yoocare....fine-to-unlock/

Along with a ton of other viruses/malware/crapware/etc. She is running Windows 7 and has a ton of personal data on it (so she says). I'm doing the job tomorrow. I'm here to tell my plan of attack and take suggestions.

1. I'm going to boot into safe mode with networking and remove those registry entries as shown in the tutorial in the link above.
--I'll take 2 Advil before doing this... :argh:

2. I'm going to remove the crapware
--So I can get some f***ing work done. It's slowing down her machine and clogging up the computer. I will use:
* Revo Uninstaller
* CCleaner

3. Go ham on the malware
- Get all the other crap off. I will use:
* Malwarebytes
* Spybot
* Install MSE when all is said and done. (It's my antivirus of choice)

4. General System maintenance
* Update Drivers
* Update Programs
* Do Windows Updates

What Do ya think?


#2 t_r_nelson

t_r_nelson

    Neowinian Senior

  • Joined: 01-September 05
  • Location: Minneapolis, US

Posted 20 November 2012 - 17:37

First thing I'd do is take the drive out of the laptop, connect it to a clean system and scan it with AV and malware products. That will remove the files that are running at boot.

#3 Astra.Xtreme

Astra.Xtreme

    Electrical Engineer

  • Tech Issues Solved: 4
  • Joined: 02-January 04
  • Location: Milwaukee, WI

Posted 20 November 2012 - 17:39

You could always backup all the important files and put on a fresh copy of Win 7. Extract the key beforehand obviously.

Might be quicker and less of a headache that way.

#4 Soldiers33

Soldiers33

    Neowinian Senior

  • Joined: 01-September 06
  • Location: London
  • OS: Windows 7 Professional

Posted 20 November 2012 - 17:42

your post title makes no sense. you havent seen any viruses yet except the fbi scam one, that doesnt mean there are lots of them. I was expecting a screenshot with a massive number of alerts.

#5 remixedcat

remixedcat

    meow!

  • Tech Issues Solved: 1
  • Joined: 28-December 10
  • Location: Vmware ESXi and Hyper-V happy clouds
  • OS: Windows Server 2012 R2
  • Phone: I use telepathy and cat meows to communicate

Posted 20 November 2012 - 17:43

ugh.... find a decent spare system.... scan the files all of them..make sure the client's files (music,movies,pics,docs) are clean.. then if the files are clean backup the important ones only... then.... nuke the install and start fresh.

#6 Dot Matrix

Dot Matrix

    Neowinian Senior

  • Tech Issues Solved: 5
  • Joined: 14-November 11
  • Location: Upstate New York
  • OS: Windows 8.1
  • Phone: Nokia Lumia 920

Posted 20 November 2012 - 17:44

Nuke it from orbit.

#7 Audioboxer

Audioboxer

    Hermit Arcana

  • Joined: 01-December 03
  • Location: UK, Scotland

Posted 20 November 2012 - 17:45

Kaspersky Emergency Boot Disk is your friend, will rid you of boot viruses, and most likely many more (had to tackle one recently).

http://support.kaspe...uses/rescuedisk

#8 Shane Nokes

Shane Nokes

    Neowinian Senior

  • Joined: 29-July 12

Posted 20 November 2012 - 17:46

You could always backup all the important files and put on a fresh copy of Win 7. Extract the key beforehand obviously.

Might be quicker and less of a headache that way.


This isn't a corporate machine with a nice image of everything, it's a home PC. That's a last resort.

As I've said before in other places...do the job right, don't just wipe and install. That's a waste of your time, and their time.

#9 Xilo

Xilo

    Neowinian Senior

  • Joined: 28-May 04
  • Location: Austin, TX

Posted 20 November 2012 - 17:46

Better save off those nude photos first... :shiftyninja: :woot:

#10 remixedcat

remixedcat

    meow!

  • Tech Issues Solved: 1
  • Joined: 28-December 10
  • Location: Vmware ESXi and Hyper-V happy clouds
  • OS: Windows Server 2012 R2
  • Phone: I use telepathy and cat meows to communicate

Posted 20 November 2012 - 17:48

Shane you're wrong... it may take 10 or more hours to clean it, when a fresh install is just under 1 hour on even a very very slow system. I'd rather do that.

#11 Hum

Hum

    totally wAcKed

  • Tech Issues Solved: 10
  • Joined: 05-October 03
  • Location: Odder Space
  • OS: Windows XP, 7

Posted 20 November 2012 - 17:49

Teach her a lesson -- wipe it clean and Install Windows 8 !

#12 Semtex

Semtex

    Neowinian

  • Joined: 20-February 11
  • Location: Europa/Poland

Posted 20 November 2012 - 17:51

To remove this crap use OTL, post logs on their forum or Bleeping Computer forum, they will make script for OTL and remove this crap. On so heavy infected machine it is extreme difficult to get rid malware completely using only scanners on demand . OTL is best solution ;)

#13 ZakO

ZakO

    Neowinian

  • Tech Issues Solved: 2
  • Joined: 21-September 07
  • Location: Finland

Posted 20 November 2012 - 17:53

Kaspersky Emergency Boot Disk is your friend, will rid you of boot viruses, and most likely many more (had to tackle one recently).

http://support.kaspe...uses/rescuedisk

+1. Had to fix someones computer with a similar virus the other day (without wiping it), nothing would work in standard boot and attempting to boot safe mode of any kind just caused a reboot loop. Kaspersky Emergency Boot Disk cleaned the worst of it off.

#14 c.grz

c.grz

    Neowinian

  • Joined: 22-September 04
  • Location: Chicago, Illinois
  • OS: Windows 8.1U1 Professional
  • Phone: Nokia Lumia 925

Posted 20 November 2012 - 17:54

If time is of the essence; a backup of user data and a wipe is the way to go.

I can re-install Windows and most of the apps they use in less time to clean it. Difference is that with a re-install I know that the machine is 100% clean.

I also create an image of their C:\ drive with gimagex just in case they find something missing once I return the PC to the user.

#15 +Brando212

Brando212

    Neowinian Senior

  • Tech Issues Solved: 13
  • Joined: 15-April 10
  • Location: Omaha, NE
  • OS: Windows 8.1
  • Phone: Sony Xperia ZL, Nokia Lumia 925

Posted 20 November 2012 - 17:55

To remove this crap use OTL, post logs on their forum or Bleeping Computer forum, they will make script for OTL and remove this crap. On so heavy infected machine it is extreme difficult to get rid malware completely using only scanners on demand . OTL is best solution ;)

what is OTL, I google it and I get a bunch of different crap
I've been hearing people mention it a few times lately yet i have no idea what it is