My dad can't remove a virus on his computer. What should he do?

[DaDude]

My dad works in Networking and with his skills, he was able to see that someone is hacked into his home computer. He uses McAfee Total Protection and has been using it for many years, so he doesn't understand how this hacker was able to bypass the software's proection. He's done a whole computer scan and the McAfee will not find anything wrong. He even went as far as downloading some free anti-virus softwares such as AVG, but those didn't find anything either.

I told my dad that he should just reformat the computer, but he said he can't because not only does he not have the CD backups for his OS, softwares and drivers, but the McAfee is a downloaded copy that he renews every year, so he can't reinstall it once it's gone from the reformat. So, he's stuck with this virus.

Is there anything my dad can do? He's on the verge of just throwing his computer out the window in frustration. Can anyone help?

Thanks!

[episode]

1) Ditch McAfee.

2) Scan with MalwareBytes

3) Scan with ComboFix

4) Install MSE.

[DaDude]

Then if he won't take your advice, why bother trying to help him fix it when it goes wrong? Just tell him you told him so and let him worry about it, maybe next time he`ll listen

Because he went crazy mad yesterday and said he wants to throw the computer out the window. Based on past experiences, he just might do it. About 10 years ago, my dad took all of his books and threw them out in anger because he got so angry at the mess it was causing. Yeah, he had THAT many books. After he cooled off, he regretted what he did, apologized and bought all his books all over again.

[Detection]

1) Ditch McAfee.

2) Scan with MalwareBytes

3) Scan with ComboFix

4) Install MSE. A good AV

Fixed that for you

Because he went crazy mad yesterday and said he wants to throw the computer out the window. Based on past experiences, he just might do it. About 10 years ago, my dad took all of his books and threw them out in anger because he got so angry at the mess it was causing. Yeah, he had THAT many books. After he cooled off, he regretted what he did, apologized and bought all his books again.

So let him, his computer, his money, and when he buys a new one, it won't be infected.

Sounds like someone needs to mature somewhat if they take hissy fits and smash up

[mduren2445]

my question would be ..what kind of computer is this? ..... is there a hidden restore partition? speaking of restore, save everything you cannot replace (i.e pictures documents etc...) and use windows system restore back to a point and get it running enough that maybe you can install malwarebytes and other things suggested and scan the crap out of it just a thought!

[DaDude]

I don't mean to offend, but with his supposed skills, why in the blue HELL would he do something like that? Anyone with any sort of skills knows that you don't ever throw that stuff out. What would happen if he had some catastrophic hardware or software failure that REQUIRED him to re-install his OS. Would he just go out and buy a new computer? Just sayin'.

Well he actually is claiming that he never got any CDs with his computer. But that is not true because not only does Dell always include them, but I was at the house the day he got the computer. I saw all the CDs that came with it. I'm 100% sure, believe me. But my dad is denying such a thing. He keeps saying, "Nope, it never came with any CDs."

So he probably threw them out and is denying it. Or he threw them out and forgot he ever got any CDs. Or heck, maybe it's junked up somewhere in the house and doesn't know where it is....

[Hum]

Sounds like Dad is a hacker with a lot of pirate softwares. :s

[mduren2445]

a a clue!!! if its a recent dell you should when you see the dell logo at boot be able to press f8 or f10 to get to a restore partition IF this pc has not been formatted befoire

[Buttus]

He knows of some kind of trick to see that kind of stuff. Not sure how. He didn't want to share it with me.

I think there's more to the story than either you know, or you're telling...

he asks for help, but won't tell you what he knows?

[hckngrtfakt]

I think there's more to the story than either you know, or you're telling...

he asks for help, but won't tell you what he knows?

Either that, or the dad is simply one of those parents that portray themselves as "know-it-all-wannabe-pc-wizards"

to keep kids in check, but is too hard headed to admit he's a computer noob :shifty:

There's definitely more to this story ... how can anyone in the "networking" field (lol)

not know how to monitor data ports, and analyze data packets, then block "stuff" accordingly ? :s

[Dot Matrix]

There's definitely more to this story ... how can anyone in the "networking" field (lol)

not know how to monitor data ports, and analyze data packets, then block "stuff" accordingly ? :s

Maybe he's a mailman. That counts as "networking", right? :laugh:

[hckngrtfakt]

Maybe he's a mailman. That counts as "networking", right? :laugh:

i had to unlike your post once just so i could click the "Like" button again ....

Thanks for the laugh .... Spot on, spot on. :D

[DaDude]

There's definitely more to this story ... how can anyone in the "networking" field (lol)

not know how to monitor data ports, and analyze data packets, then block "stuff" accordingly ? :s

My guess is that maybe his work involves more complex issues and this issue is too minor and therefore, out of his league. *shrug*

I really don't know. My dad doesn't share a lot about his work. He just tells me he works with computers and networking. That's all I know. Whatever it is, he gets paid good money for it.

[Astra.Xtreme]

Download and run Magical Jelly Bean to get the OS key and then just download or torrent an "uncracked" MSDN copy of the OS. There are also probably "backdoor" links on Microsofts servers where you can snag OS isos. Nothing illegal about that since you have a legit key.

When crap like that happens to the OS, it's generally faster and easier just to start fresh. (in my opinion)

[linsook]

Direct your father to this thread otherwise, since he doesn't listen to you anyway, who cares. Let him deal with it.

[sc302 Veteran]

networking guy who doesn't know how to fix a fairly simple issue...hmmm.

wait it out until the virus defs come out with something to eradicate the virus.

try different programs that are known to work - mcafee has let so many people down countless numbers of times

format and reinstall...perhaps he has some software that cannot be duplicated, he should look into purchasing said software again or trying real hard to find the installs for them.

Any IT guy knows to always have a backup of important software at the very minimum, at the very best a image of your system not any older than 6 months. The last thing that I would be doing is asking my son for help (this would be admitting defeat) I would be asking others in my department first. Tell him to run a olt diagnostic scan that should get him started and wondering what to do next.

http://oldtimer.geekstogo.com/OTL.exe

http://www.geekstogo...ldtimer-listit/

[_dandy_]

If his computer didn't come with a set of restore CDs/DVDs, then it surely has come with a utility that lets the user burn them himself.

If the data's that valuable to him, and he doesn't have a restore disc set, then he should be more than willing to spend the few bucks it takes to get one from his vendor.

From there, I'd say don't even try removing the virus. Put the drive as a slave in another machine, transfer the data elsewhere, put the drive back in the original machine, then repave over the OS.

I really hope you're not going to tell us next he doesn't have a spare machine. If he's in this field, he should have everything he needs.

[Detection]

I'm thinking "My Dad" should be replaced with "I" ;)

[Som]

This all seems very odd, I think your "dad" should maybe look for another job....

[DaDude]

I'm thinking "My Dad" should be replaced with "I" ;)

I'm not the one with the virus. But then again, I don't have my dad's magic skills of detecting such a thing, like he did with his computer. So, maybe I do have one, but just don't know. I only can rely on my anti-virus software to tell me. :/

[hckngrtfakt]

My guess is that maybe his work involves more complex issues and this issue is too minor and therefore, out of his league. *shrug*

but you said ...

...He's on the verge of just throwing his computer out the window in frustration.

maybe try to convince him this is not such a "minor" issue, and direct him to this thread as linsook said. :)

[DaDude]

This all seems very odd, I think your "dad" should maybe look for another job....

He's retiring at the end of the year. No need for him to look for one.

[Detection]

I'm not the one with the virus. But then again, I don't have my dad's magic skills of detecting such a thing, like he did with his computer. So, maybe I do have one, but just don't know. I only can rely on my anti-virus software to tell me. :/

Not sure why you keep saying your dad has magic skills at detecting viruses, if the AV doesn't detect them, and he has no idea how to remove them, then I don't see how he would even know he had one.

In order to detect something an AV misses, you have to know exactly what you are looking for, and if you do, then you know how to remove it too.

For example, my AV says nothing, but my PC is acting weird / slow / crashing, first place I look is in task manager > processes, find out what is causing it, when I see the malware process, I then know which steps to take to end it / hunt it down / remove it

The reason I looked in task manager > processes, is because I know the way most malware works, where it hides, where it runs,

If I didn't know that, then I wouldn't have any reason to look in task manager in the first place, and therefore would have absolutely no idea that it was a virus, it could be a faulty piece of hardware

So, from the above, if your dad knows he is 100% infected, then he has to know where to look to confirm that, and if he knew that, he would know how to kill it

[cleverclogs]

If it's not in msconfig, it's perhaps a scheduled task. BUt seriously, how do you know you've got a virus unless you know to look there anyway, if the av hasn't detected it.

[ingramator]

First of, like many other people have said, how on earth has he concluded that his computer has a "virus"... I'm a qualified network engineer/ security expert as well and I can tell you that it can be very very difficult to tell friend from fo. I'm going to presume he's picking up a TCP stream/sniffing/listening on ports and he has seen some sort of in/outbound traffic on an unrecognised port? If that is the case, and this guy is a networking guy he would know how to close of ports as well as restrict and deep packet analyse the sources and destinations of the packets.

The other more likely situation is that there is absolutely nothing wrong with the computer...

PS. What kind of IT guy doesn't have access to an OS disc/ISO/USB or recovery media/partition...

[sc302 Veteran]

Not sure why you keep saying your dad has magic skills at detecting viruses, if the AV doesn't detect them, and he has no idea how to remove them, then I don't see how he would even know he had one.

In order to detect something an AV misses, you have to know exactly what you are looking for, and if you do, then you know how to remove it too.

For example, my AV says nothing, but my PC is acting weird / slow / crashing, first place I look is in task manager > processes, find out what is causing it, when I see the malware process, I then know which steps to take to end it / hunt it down / remove it

The reason I looked in task manager > processes, is because I know the way most malware works, where it hides, where it runs,

If I didn't know that, then I wouldn't have any reason to look in task manager in the first place, and therefore would have absolutely no idea that it was a virus, it could be a faulty piece of hardware

So, from the above, if your dad knows he is 100% infected, then he has to know where to look to confirm that, and if he knew that, he would know how to kill it

Just because you know you are infected doesn't mean squat. Have you ever dealt with a worm manually? I have, it hides behind other processes. The only detection was the computer communicating to rogue sites. Process monitor showed everything that wasn't the virus running at the time of transmission. Explorer.exe googletoolbar, iexplore, Firefox, outlook, etc. removed/disabled the exe and it picked a different one to hide behind. Really a pain. I was able to detect but no one had a solution for about 2 weeks. It was the morto worm.