I have never seen a more infected computer in my life

By f0rk_b0mb
in Smart Home, Network & Security

 Share

Recommended Posts

Grand Master

f0rk_b0mb

Posted
Posted

I offered to fix one of my teacher's daughter's laptops and she has this virus (don't worry link is safe): http://blog.yoocare.com/computer-locked-by-fbi-moneypak-virus-asking-to-pay-200-fine-to-unlock/

Along with a ton of other viruses/malware/crapware/etc. She is running Windows 7 and has a ton of personal data on it (so she says). I'm doing the job tomorrow. I'm here to tell my plan of attack and take suggestions.

1. I'm going to boot into safe mode with networking and remove those registry entries as shown in the tutorial in the link above.

--I'll take 2 Advil before doing this... :argh:

2. I'm going to remove the crapware

--So I can get some f***ing work done. It's slowing down her machine and clogging up the computer. I will use:

* Revo Uninstaller

* CCleaner

3. Go ham on the malware

- Get all the other crap off. I will use:

* Malwarebytes

* Spybot

* Install MSE when all is said and done. (It's my antivirus of choice)

4. General System maintenance

* Update Drivers

* Update Programs

* Do Windows Updates

What Do ya think?

Veteran

Soldiers33

Posted
Posted

your post title makes no sense. you havent seen any viruses yet except the fbi scam one, that doesnt mean there are lots of them. I was expecting a screenshot with a massive number of alerts.

Grand Master

remixedcat

Posted
Posted

ugh.... find a decent spare system.... scan the files all of them..make sure the client's files (music,movies,pics,docs) are clean.. then if the files are clean backup the important ones only... then.... nuke the install and start fresh.

Grand Master

+Audioboxer Subscriber²

Posted
  • Subscriber²
Posted

Kaspersky Emergency Boot Disk is your friend, will rid you of boot viruses, and most likely many more (had to tackle one recently).

http://support.kaspe...uses/rescuedisk

Veteran

Shane Nokes

Posted
Posted

You could always backup all the important files and put on a fresh copy of Win 7. Extract the key beforehand obviously.

Might be quicker and less of a headache that way.

This isn't a corporate machine with a nice image of everything, it's a home PC. That's a last resort.

As I've said before in other places...do the job right, don't just wipe and install. That's a waste of your time, and their time.

Grand Master

remixedcat

Posted
Posted

Shane you're wrong... it may take 10 or more hours to clean it, when a fresh install is just under 1 hour on even a very very slow system. I'd rather do that.

Grand Master

Semtex

Posted
Posted

To remove this crap use OTL, post logs on their forum or Bleeping Computer forum, they will make script for OTL and remove this crap. On so heavy infected machine it is extreme difficult to get rid malware completely using only scanners on demand . OTL is best solution ;)

Veteran

ZakO

Posted
Posted

Kaspersky Emergency Boot Disk is your friend, will rid you of boot viruses, and most likely many more (had to tackle one recently).

http://support.kaspe...uses/rescuedisk

+1. Had to fix someones computer with a similar virus the other day (without wiping it), nothing would work in standard boot and attempting to boot safe mode of any kind just caused a reboot loop. Kaspersky Emergency Boot Disk cleaned the worst of it off.

Mentor

c.grz

Posted
Posted

If time is of the essence; a backup of user data and a wipe is the way to go.

I can re-install Windows and most of the apps they use in less time to clean it. Difference is that with a re-install I know that the machine is 100% clean.

I also create an image of their C:\ drive with gimagex just in case they find something missing once I return the PC to the user.

Grand Master

Brandon H Supervisor

Posted
  • Supervisor
Posted

To remove this crap use OTL, post logs on their forum or Bleeping Computer forum, they will make script for OTL and remove this crap. On so heavy infected machine it is extreme difficult to get rid malware completely using only scanners on demand . OTL is best solution ;)

what is OTL, I google it and I get a bunch of different crap

I've been hearing people mention it a few times lately yet i have no idea what it is

Veteran

thechronic

Posted
Posted

If a system is heavily infected i would always recommend backing up important files then doing a full reinstall. Salvaging the current installation may sound like a good plan but truthfully, it'll only result in more grief long term.

Grand Master

f0rk_b0mb

Posted
  • Author
Posted

your post title makes no sense. you havent seen any viruses yet except the fbi scam one, that doesnt mean there are lots of them. I was expecting a screenshot with a massive number of alerts.

I have never seen a more infected computer in my life---it means I have never seen a computer this dirty. :p It's an attention grabber.

Shane you're wrong... it may take 10 or more hours to clean it, when a fresh install is just under 1 hour on even a very very slow system. I'd rather do that.

I was thinking about grabbing all her stuff with a Kubuntu live CD and pushing f11 or whatever it is to restore from the recovery partition. I just invited him to my house so I'll have more time to play with it. He was just going to bring it on campus.

Teach her a lesson -- wipe it clean and Install Windows 8 !

LOL! I was just thinking that.

Experienced

Sadelwo

Posted
Posted

I'd boot from a Linux Live CD/USB and delete the "App Data/ Temp" and "App Data/Microsoft/Windows/ Temporary Internet" files as well. While in the live disc you can also delete some of those pesky copy.exe and Bron.tok.xxx files that may be distributed in the documents, pictures and music folders. Also booting in safe mode and running combofix may be helpful but be careful using that one.

Veteran

Shane Nokes

Posted
Posted

Shane you're wrong... it may take 10 or more hours to clean it, when a fresh install is just under 1 hour on even a very very slow system. I'd rather do that.

10 hours? What in the world are you doing with these systems?

I recently had a system that I worked on for a client. It had 6 drives with a total of around 4TB worth of storage that was mostly used. Someone had been doing some naughty things on that system.

It had a rootkit, and several other infections. I had the system clean and back in the clients hands within 3 hours...

What would you be doing that takes 10 hours? I've never had a single system clean take me more than about 4 hours...the one above was one of the longest clean jobs I've ever had.

Grand Master

Semtex

Posted
Posted

what is OTL, I google it and I get a bunch of different crap

I've been hearing people mention it a few times lately yet i have no idea what it is

It is small app which list all files, registry entries, apps etc. in Your system, skilled guy will find malware entries, prepare script, User need to Ctr. C Ctrl. V this script into OTL window and confirm, OTL will do rest, after this You will get new log, You need to show this again on forum, if something stays in system You will get new script. It is 100% safe, OTL is used instead Combofix, CBfix is danger and suppose be used only if there is no other way to clean system.

Scripts for OTL and Combofix suppose be created by User with experience in system security, otherwise system can be damaged. :)

Veteran

Shane Nokes

Posted
Posted

She's a 13 year old girl. 'nuff said.

Ah. I hadn't realized she was 13. I'm not saying that being a girl makes a difference (it doesn't), but at 13 oftentimes you haven't had the time to figure out how to work on these things as effectively.

That's just a matter of practice. :)

  • f0rk_b0mb and goretsky
  • Like 2
This topic is now closed to further replies.
 Share
Go to topic listing

  • Posts

    • You've tried DuckDuckGo and Brave Search, now get serious with SearXNG

      By Skyfrog · Posted

      For some reason I suddenly have the urge to go shopping at Sears.
    • You've tried DuckDuckGo and Brave Search, now get serious with SearXNG

      By Nas · Posted

      So I did a quick test based on 3+ different public instances from the litany at searx.space ... and it spins everything rather differently. It seems that SearXNG is a meta-search engine (queries multiple search indexes rather than only Google's or Bing's or Wikipedia's or Reddit's) that operates in two modes: > public instances ... each instance opens itself to outside users who piggyback on its cached search history; this instance's own identity becomes known/tracked but end-users are hidden similar to an anonymization proxy; this instance's querying of major search indexes may be API based [rated limited, blocked, etc.]). > private instances ... your private install/instance that itself queries multiple (configurable) search indexes of crawled web content; every major Search Engine associates all traffic to your private instance (so your traffic is tracked via network usages) but client-side tracking (your own browser/computer specs) is flushed because it's a "server" doing the querying rather than your browser. My test asked the same 1 question to the 3+ engines and they all returned vastly different results: some had CAPTCHA failures against Google, some had failures against Wikipedia, and the actual results were also different -- some had auto-complete enabled, others returned a wikipedia highlighted excerpt despite the Wikipedia failure (hinting at results being cached from previous keyword matching), and others just gave an Are-You-Human non-CAPTCHA loop before returning random results. So this begs the caveat: Search query results will vary based on which instance is used because every instance queries the other search indexes separate (and thus its results are influenced on that instance's aggregate search history and index-access limitations). The major distinctions for SearXNG versus DDG or Brave: > The search UI is 'untracked' since no UI trackers are baked-in which would phone home or lay cookies into your browser (for DDG/Brave usage stats), > There is no 'crawler' that canvasses the Internet to discover fresh content (it leaves that to the major search indexes), > Queries multiple search indexes ("meta-search engine") based on the configurations and usage history of the server instance, > Privacy-friendly due to its ability to shield user tracking via standing up a non-local server instance connectable to major VPN providers: queries would all appear to come from general VPN/Proxy providers rather than your private instance (whether installed locally or on your own VPS in the cloud). PS: I've previously come across specialized search engines of this nature that indexes searches across media assets like YT, OF, etc. SearXNG seems to be a good backbone...if the rate-limiting/captcha/etc. issues were resolved.
    • The Trump administration doesn't want you to use OpenAI's GPT-5.6 without its approval

      By excalpius · Posted

      For a guy who claims to hate Farage and the ignorant, gullible, rightwing racist skinheads sponsored by Putin that his lies represent, you sure are quoting them time and time and time again, mate. I guess you're conveniently ignoring the fact that your country and commonwealth just happened to work much better when it was still part of the E.U.? Denial isn't just a river in Egypt.
    • The Trump administration doesn't want you to use OpenAI's GPT-5.6 without its approval

      By ad47uk · Posted

      Do you live in the U.K? Do any of the people here that are against the UK leaving the E.U, live in the U.K? If not then why are you bothered? If you do live here then it is a different thing . Brexit was a good idea, should have done it years before, it was done badly, but the idea was good. You are saying the same thing as remainers do, oh we did what Putin wanted, we listened to the lies and Farage. I hate Farage and never believed most of what he said, certainly did not believe the £350m a week for the NHS. But we did pay a lot of money to the E.U and yes some of it came back, but what is the point of paying it out for only some of it to come back? Get out of the E.U, no money to them and in theory we can use the money to do things in the country. I said in theory, but our governments are a total and complete waste of space. No matter what colour rosette they wear. You and others say it was a mistake and yet the two main parties in the U.K are not looking at rejoining the EU, I wonder why that is? I was not tricked by anyone. Makes no odds now, we are out and have been for 10 years, what we need is a decent government to run the country. All they do is shout at each other like a load of kids and seems to do nothing and make this country more into a police and nanny state. Getting more like China all the time.
    • 4TB TEAMGROUP MP44Q, 2TB T-Force G50, and 2TB WD My Passport SSDs drop to great prices

      By Fiza Ali · Posted

      4TB TEAMGROUP MP44Q, 2TB T-Force G50, and 2TB WD My Passport SSDs drop to great prices by Fiza Ali Prime Day may be over, but there are still worthwhile storage deals available, including discounts on SSDs for shoppers who missed the event or are looking to upgrade their storage solution. Particularly, 2TB Western Digital My Passport, 2TB TEAMGROUP T-Force G50, and 4TB TEAMGROUP MP44Q SSD are selling at great prices with up to 23% off. The 2TB TEAMGROUP T-Force G50 is an M.2 2280 PCIe 4.0 x4 NVMe SSD with sequential read speeds of up to 5,000MB/s and sequential write speeds of up to 4,500MB/s. The drive has an endurance rating of 1,300 TBW (terabytes written) and features a DRAM-less design. The company specifies a mean time between failures (MTBF) of 3 million hours. The drive includes an "ultra-thin" graphene heat spreader that helps dissipate heat without significantly increasing the drive's thickness. It also supports S.M.A.R.T. monitoring, allowing compatible software to monitor drive health and operating status. The SSD is rated for operating temperatures from 0°C to 70°C, with a storage temperature range of -40°C to 85°C. The drive is backed by a five-year limited warranty as well. 2TB TEAMGROUP T-Force G50 SSD: $269.99 (Amazon US) The TEAMGROUP MP44Q is an M.2 2280 PCIe 4.0 x4 NVMe SSD that delivers sequential read speeds of up to 7,000MB/s and sequential write speeds of up to 5,900MB/s. It uses 3D QLC NAND flash memory to provide 4TB of storage capacity for games, applications, media files, and other data. The drive has an endurance rating of 2,000 TBW and an MTBF of 1.6 million hours. The SSD features a DRAM-less design and supports TEAMGROUP's S.M.A.R.T. monitoring software, allowing users to monitor drive health, temperature, and remaining lifespan. For thermal management, the MP44Q also includes an "ultra-thin" graphene heat spreader. It is designed to operate at temperatures between 0°C and 70°C and can be stored at temperatures ranging from -40°C to 85°C. The SSD is also backed by a five-year limited warranty. 4TB TEAMGROUP MP44Q SSD: $478.99 (Amazon US) The 2TB WD My Passport SSD connects via a USB-C port using the USB 3.2 Gen 2 interface. It delivers sequential read speeds of up to 1,050MB/s and sequential write speeds of up to 1,000MB/s through NVMe technology. In terms of security features, the drive includes password protection with 256-bit AES hardware encryption. The SSD is also designed to resist shock and vibration and is rated to withstand drops from heights of up to 6.5 feet. The recommended operating temperature range is 5°C to 35°C, while the non-operating temperature range is -20°C to 65°C. This drive is also backed by a five-year limited warranty. 2TB Western Digital My Passport SSD: $279.99 (Amazon US) Good to know This Amazon deal is U.S. specific, and not available in other regions unless specified. We only use first-party seller links (at the time of article publishing); ensure that you purchase from a first-party seller link only. Check out Today's Deals on Amazon | or our recent tech deals. Become a Prime member (for Students or SNAP) via Neowin Get Prime Access - Prime for half price (for qualifying Medicaid, EBT, SNAP) Subscribe to Prime Video, Audible Plus, Music Unlimited or Kindle Unlimited via Neowin As an Amazon Associate, we earn from qualifying purchases.

  • Recent Achievements

    • Week One Done
      flexorcist earned a badge
      Week One Done
    • One Month Later
      Woland13 earned a badge
      One Month Later
    • Week One Done
      Woland13 earned a badge
      Week One Done
    • One Year In
      bernmeister earned a badge
      One Year In
    • Week One Done
      Scoobystu earned a badge
      Week One Done

  • Popular Contributors

    1. 1
      +primortal
      491
    2. 2
      +Edouard
      225
    3. 3
      PsYcHoKiLLa
      147
    4. 4
      Steven P.
      74
    5. 5
      FloatingFatMan
      71
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!