10 replies to this topic

[magicboxgifts]

got himself infected (PC that is). The short story is...

used to use Tiscali PAYG then changed to Homecall B/B (god knows why?)

When I set up his PC to connect to BB I checked that his FW was on and he had Anti Virus Software, then off we went. I ran a full system check and discovered over 80 infected files (dial up trojans mainly).

So in an attempt to kill these off I tried to connect to tiscali dial up, WHAMMO, pages and pages of ads and dos screens appeared with no way of stopping them (unless I used my size nine). He then informed me he had already connected to the BB BEFORE we set up his protection, even though he was informed NOT TO.

We are now at the stage where I have located some downloadable virus killers, but how do I indentify his strain? and how can I get his PC online to download this file or if not possible, can I download the cure onto disk and kill it off this way?

Cheers guys

[Randy]

Here's the way I usually do it, from having to deal too many times with family members computers.

From a totally different computer, Download a good Trial installation of any of the anti-virus packages out there. I use Computer Associates eTrust myself, but Nortons, McAfee or any of the rest are just fine. Make sure you have the latest Virus Signature files too. Just make sure you're using a different brand than what he already had installed. That'll make sure it hasn't already been corrupted by a virus.

Also download the latest Adaware and Spybot Search and Destroy and make sure you have the latest databases for those.

Keep your firend's computer DISconnected from the Internet.

Drop all of the above onto a CD.

Take the CD to his house and install first the A/V software and run a full scan. Then also install Adaware and Spybot.

It'll take some time to run all three, depending upon how large the hard drive is and how much stuff is on it. But when you're done the computer should be pretty clean.

Uninstall the trial A/V software, assuming he has another one already installed.

Create a Restore Point, assuming he's on XP or something that allows a restore point. Name it something that is obvious.

Log the computer back onto the internet and update the virus signatures of the A/V software he's been using. I usually run the computer through one of the the online virus checkers at this point too just to be ultra safe.

At this point he should be pretty safe. Though I've been known to also download and run the trial version of MooSoft's trojan catcher. It will get some that other A/V software doesn't get.

[magicboxgifts]

Cheers Randy

already downloaded the spybot and adware so thats one step done. Will burn the AV now for him. I use AVG Pro and have put the free version on his PC. This is fine for catching them before they arrive but not AFTER

Hey ho, thanks again

[Googlewhacked]

Hey MagicBoxGifts,

I don't know if you have grabbed the most updated version of AVG Free (I just upgraded the other night after getting tired of bypassing the nag screen for it), but when it is installed there is a new option to create a recovery boot disk. You might want to check that out, as it might do the trick for your friend...

Phil

[magicboxgifts]

cheers Phil

cheers for that. Once he has cleaned up his machine I will do that for him.

Got me para at this end as he sends me emails regularly, doing full scans all round...

nothing here thankfully

[Googlewhacked]

As another alternative, you might want to try making a BartPE CD (http://www.nu2.nu/pebuilder/). This will allow you to boot into a virtual windows environment from which you can run a virus scan & anything else you need.

If you get Maximum PC (the magazine), there is a nice article in it about customizing a BartPE environment with things like device drivers, anti-virus software, & any other utilities you might want. I highly recommend picking it up if you decide to go this route...

[McFox]

Don't forget to disable / turn off the system restore feature before you start scanning for viruses. That's usually one of the first places a virus stashes itself.
(Control Panel >> System in WindowsXP to get to the system restore)

Personally, I would reformat the HD and reinstall everything from scratch. Chances are there is now a load of undetectable malware also installed on the system (keyloggers, etc, etc)

[magicboxgifts]

Hi guys

worked on his PC yesterday and it is a blimming nightmate!

Found out WHY he has these viruses (collectod.ae amongst others) he is still running off SP1 without ANY updates?!?!

So, having tried all suggestions and some from other forums, the virus and his mates still exist (SR turned off, eTrust ran etc). Each time I run and clean with any virus software we get to the point of healing/deleting and the system freezes.

I have it at a point where he can now get online and TRY and get the updates for XP but to be honest Mcfox is right, reformat is the best option.

Cheers

Edited by magicboxgifts, 08 January 2005 - 03:49 AM.

[magicboxgifts]

Hi guys

RESULT

I reformatted the HD and re-installed everything. All clear! Everything updated and he is now safe as houses until the next time!

Told IF there is a next time there will be a charge! lol

Thanks guys

[Googlewhacked]

Once your friend gets all of the desired software installed, make sure they create an image of the drive on CD / DVD. That way, if / when this happens again the process will be faster & less painful.

BTW, did you create multiple partitions on his / her HDD so they can keep their data in a safe® place?

[magicboxgifts]

Hi googlewhacked

already burnt the required data

Partioned the drive so that he has one for apps, one for games and one for day to day use

All seems ok for now to my amazement!

The main bug bear was that he did not update anything?! He now knows different!

Cheers