I have never seen a more infected computer in my life

By f0rk_b0mb
in Smart Home, Network & Security

 Share

Recommended Posts

Grand Master

f0rk_b0mb

Posted
Posted

I offered to fix one of my teacher's daughter's laptops and she has this virus (don't worry link is safe): http://blog.yoocare.com/computer-locked-by-fbi-moneypak-virus-asking-to-pay-200-fine-to-unlock/

Along with a ton of other viruses/malware/crapware/etc. She is running Windows 7 and has a ton of personal data on it (so she says). I'm doing the job tomorrow. I'm here to tell my plan of attack and take suggestions.

1. I'm going to boot into safe mode with networking and remove those registry entries as shown in the tutorial in the link above.

--I'll take 2 Advil before doing this... :argh:

2. I'm going to remove the crapware

--So I can get some f***ing work done. It's slowing down her machine and clogging up the computer. I will use:

* Revo Uninstaller

* CCleaner

3. Go ham on the malware

- Get all the other crap off. I will use:

* Malwarebytes

* Spybot

* Install MSE when all is said and done. (It's my antivirus of choice)

4. General System maintenance

* Update Drivers

* Update Programs

* Do Windows Updates

What Do ya think?

Veteran

Soldiers33

Posted
Posted

your post title makes no sense. you havent seen any viruses yet except the fbi scam one, that doesnt mean there are lots of them. I was expecting a screenshot with a massive number of alerts.

Grand Master

remixedcat

Posted
Posted

ugh.... find a decent spare system.... scan the files all of them..make sure the client's files (music,movies,pics,docs) are clean.. then if the files are clean backup the important ones only... then.... nuke the install and start fresh.

Grand Master

+Audioboxer Subscriber²

Posted
  • Subscriber²
Posted

Kaspersky Emergency Boot Disk is your friend, will rid you of boot viruses, and most likely many more (had to tackle one recently).

http://support.kaspe...uses/rescuedisk

Veteran

Shane Nokes

Posted
Posted

You could always backup all the important files and put on a fresh copy of Win 7. Extract the key beforehand obviously.

Might be quicker and less of a headache that way.

This isn't a corporate machine with a nice image of everything, it's a home PC. That's a last resort.

As I've said before in other places...do the job right, don't just wipe and install. That's a waste of your time, and their time.

Grand Master

remixedcat

Posted
Posted

Shane you're wrong... it may take 10 or more hours to clean it, when a fresh install is just under 1 hour on even a very very slow system. I'd rather do that.

Grand Master

Semtex

Posted
Posted

To remove this crap use OTL, post logs on their forum or Bleeping Computer forum, they will make script for OTL and remove this crap. On so heavy infected machine it is extreme difficult to get rid malware completely using only scanners on demand . OTL is best solution ;)

Veteran

ZakO

Posted
Posted

Kaspersky Emergency Boot Disk is your friend, will rid you of boot viruses, and most likely many more (had to tackle one recently).

http://support.kaspe...uses/rescuedisk

+1. Had to fix someones computer with a similar virus the other day (without wiping it), nothing would work in standard boot and attempting to boot safe mode of any kind just caused a reboot loop. Kaspersky Emergency Boot Disk cleaned the worst of it off.

Mentor

c.grz

Posted
Posted

If time is of the essence; a backup of user data and a wipe is the way to go.

I can re-install Windows and most of the apps they use in less time to clean it. Difference is that with a re-install I know that the machine is 100% clean.

I also create an image of their C:\ drive with gimagex just in case they find something missing once I return the PC to the user.

Grand Master

Brandon H Supervisor

Posted
  • Supervisor
Posted

To remove this crap use OTL, post logs on their forum or Bleeping Computer forum, they will make script for OTL and remove this crap. On so heavy infected machine it is extreme difficult to get rid malware completely using only scanners on demand . OTL is best solution ;)

what is OTL, I google it and I get a bunch of different crap

I've been hearing people mention it a few times lately yet i have no idea what it is

Veteran

thechronic

Posted
Posted

If a system is heavily infected i would always recommend backing up important files then doing a full reinstall. Salvaging the current installation may sound like a good plan but truthfully, it'll only result in more grief long term.

Grand Master

f0rk_b0mb

Posted
  • Author
Posted

your post title makes no sense. you havent seen any viruses yet except the fbi scam one, that doesnt mean there are lots of them. I was expecting a screenshot with a massive number of alerts.

I have never seen a more infected computer in my life---it means I have never seen a computer this dirty. :p It's an attention grabber.

Shane you're wrong... it may take 10 or more hours to clean it, when a fresh install is just under 1 hour on even a very very slow system. I'd rather do that.

I was thinking about grabbing all her stuff with a Kubuntu live CD and pushing f11 or whatever it is to restore from the recovery partition. I just invited him to my house so I'll have more time to play with it. He was just going to bring it on campus.

Teach her a lesson -- wipe it clean and Install Windows 8 !

LOL! I was just thinking that.

Experienced

Sadelwo

Posted
Posted

I'd boot from a Linux Live CD/USB and delete the "App Data/ Temp" and "App Data/Microsoft/Windows/ Temporary Internet" files as well. While in the live disc you can also delete some of those pesky copy.exe and Bron.tok.xxx files that may be distributed in the documents, pictures and music folders. Also booting in safe mode and running combofix may be helpful but be careful using that one.

Veteran

Shane Nokes

Posted
Posted

Shane you're wrong... it may take 10 or more hours to clean it, when a fresh install is just under 1 hour on even a very very slow system. I'd rather do that.

10 hours? What in the world are you doing with these systems?

I recently had a system that I worked on for a client. It had 6 drives with a total of around 4TB worth of storage that was mostly used. Someone had been doing some naughty things on that system.

It had a rootkit, and several other infections. I had the system clean and back in the clients hands within 3 hours...

What would you be doing that takes 10 hours? I've never had a single system clean take me more than about 4 hours...the one above was one of the longest clean jobs I've ever had.

Grand Master

Semtex

Posted
Posted

what is OTL, I google it and I get a bunch of different crap

I've been hearing people mention it a few times lately yet i have no idea what it is

It is small app which list all files, registry entries, apps etc. in Your system, skilled guy will find malware entries, prepare script, User need to Ctr. C Ctrl. V this script into OTL window and confirm, OTL will do rest, after this You will get new log, You need to show this again on forum, if something stays in system You will get new script. It is 100% safe, OTL is used instead Combofix, CBfix is danger and suppose be used only if there is no other way to clean system.

Scripts for OTL and Combofix suppose be created by User with experience in system security, otherwise system can be damaged. :)

Veteran

Shane Nokes

Posted
Posted

She's a 13 year old girl. 'nuff said.

Ah. I hadn't realized she was 13. I'm not saying that being a girl makes a difference (it doesn't), but at 13 oftentimes you haven't had the time to figure out how to work on these things as effectively.

That's just a matter of practice. :)

  • f0rk_b0mb and goretsky
  • Like 2
This topic is now closed to further replies.
 Share
Go to topic listing

  • Posts

    • SpaceX reportedly plans a Starlink mobile service for U.S. consumers

      By neufuse · Posted

      AT&T has been spying on US citizens with the NSA for decades.. they just know how to keep it more under wraps.. the evil level is still there.
    • Politically funny images of the World

      By SidVicious · Posted

    • Windows 11 is getting redesigned taskbar settings in new build

      By excalpius · Posted

      >Improved system sounds when using Windows in dark mode. The story behind that bug would be an interesting one.
    • Edifier S3000MKII hi-fi audiophile grade bookshelf speaker is at its lowest price now

      By hellowalkman · Posted

      Edifier S3000MKII hi-fi audiophile grade bookshelf speaker is at its lowest price now by Sayan Sen Yesterday we covered a bunch of Dolby Atmos soundbar deals with several ones from Sony, as well as from JBL, Samsung, Polk Audio, and more. You can check them out in this dedicated piece. Those are not audiophile category speakers though as they are built with home theater use in mind. If you are searching for the former then Edifier has its S3000MKII at its lowest price at the moment (purchase link under the specs table down below). This is a two-way bookshelf monitor speaker designed to produce accurate sound. While it may not produce the best high-fidelity audio possible out there, it should still be significantly better than what you will get on soundbars of this price range. As such it will do justice to high-res audio played back through it. The only thing that may feel lacking is sub-bass as Edifier claims the unit can go down to 38 Hz, which should be enough for studio monitor purposes, but not for deep room-shaking rumbling bass. Where this does excel though is in its treble reproduction. With its super-tweeter, it claims to go as high as 40 kHz in the frequency spectrum, which should offer a sense of "air"yness. This is an active speaker which means it packs its own amplfication. It has a top-notch Class D amp that may be able to rival many Class AB designs too in terms of sound reproduction quality. The technical specs of the Edifier S3000MKII are given in the table below: Specification Value RMS Output Power 256W RMS (Treble: 8W × 2, Mid-Low: 120W × 2) Tweeter Driver 107mm × 107mm Planar Magnetic Tweeter Mid-Low Driver 6.5-inch (179mm) Long-Throw Aluminum Diaphragm Driver Frequency Response 38Hz – 40kHz Signal-to-Noise Ratio ≥ 85dB (A) Bluetooth Version Bluetooth 5.0 Bluetooth Codec Qualcomm® aptX™ HD Wireless Speaker Link Proprietary 5.8GHz wireless connection between speakers Supported Hi-Res Audio Hi-Res Audio Certified, up to 24-bit/192kHz Digital Processing XMOS XU216 Digital Signal Processor Audio Inputs Balanced XLR, Optical, Coaxial, USB Type-B, Line In, Bluetooth Input Sensitivity (USB) 400 ± 50mFFs Input Sensitivity (Optical) 400 ± 50mFFs Input Sensitivity (Coaxial) 400 ± 50mFFs Input Sensitivity (Bluetooth) 450 ± 50mFFs Input Sensitivity (Balanced XLR) 1000 ± 50mV Input Sensitivity (Line In) 600 ± 50mV ADC Capability Up to 24-bit/192kHz DSP Capability Up to 24-bit/192kHz DIX Capability Up to 24-bit/216kHz DAC Capability Up to 32-bit/384kHz XMOS Processing Power Up to 2,000 MIPS Edifier S3000MKII Audiophile Active (Powered) Wireless Speakers: $799.99 (Sold by Edifier US, Shipped by Amazon US) If you do not have the kind of budget to spend on the S3000MKII, you can also check out the Edifier R1280Ts which is right now on sale at just $114 (its lowest price in a very long time). Good to know This Amazon deal is U.S. specific, and not available in other regions unless specified. We only use first-party seller links (at the time of article publishing); ensure that you purchase from a first-party seller link only. Check out Today's Deals on Amazon | or our recent tech deals. Become a Prime member (for Students or SNAP) via Neowin Get Prime Access - Prime for half price (for qualifying Medicaid, EBT, SNAP) Subscribe to Prime Video, Audible Plus, Music Unlimited or Kindle Unlimited via Neowin As an Amazon Associate, we earn from qualifying purchases.
    • The best controller for XBOX and PC is down to the lowest price

      By Gideon Waxfarb · Posted

      > The G 7 Pro supports wireless (XBOX Wireless, proprietary dongle, or Bluetooth) If anybody else's brain translates this to 'it works wirelessly on Xbox', according to the linked product page, it does not.

  • Recent Achievements

    • One Year In
      bernmeister earned a badge
      One Year In
    • Week One Done
      Scoobystu earned a badge
      Week One Done
    • Week One Done
      tuben earned a badge
      Week One Done
    • First Post
      OffsetAbs earned a badge
      First Post
    • Reacting Well
      OffsetAbs earned a badge
      Reacting Well

  • Popular Contributors

    1. 1
      +primortal
      442
    2. 2
      +Edouard
      200
    3. 3
      PsYcHoKiLLa
      155
    4. 4
      FloatingFatMan
      71
    5. 5
      Steven P.
      67
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!