Neighbour has a Virus

Joined
18 Oct 2002
Posts
9,637
Location
Xbox Live
The next door neighbor has a virus on her daughters laptop. Typical teenage girl, got a "Check this out" message through MSN and clicked on it.

All hell has broken loose on the computer, it downloaded an app called Total Security (I think its version 4.52) which is claiming to be able to resolve all the problems for a fee. (modern extortion if you ask me)

Anyway the computer has Norton 360 on it, so I downloaded the updates and ran a quick scan (as the full scan required the backup settings to be configured which hasn't been done)

Nothing came up. Now its plain to see there is something not right with the laptop, its sluggish and doesn't always respond to your actions

I tried to look at task manager but it was closed as soon as it opened.
Ditto cmd.

I suspect there is more than just Total Security on there (which upon a bit of surfing is most likely some dodgy malware.) There are programs which claim to remove it but I'm not sure of their authenticity.

I also suspect that the virus(s) on the machine are hindering Norton's attempts to detect them.

I tried downloading adaware however it either never got to the Save as box or when I clicked run it downloaded and died. Again I suspect the virus(s) are fighting back.

I was a bit tired last night so I said I'd download the latest av and malware software today and see if I can install and run it... however I suspect I may struggle to install it (I cant remember if you can or cant install software in safe mode)


So my Plan on dealing with this computer is

A) Boot into safe mode
B) install av and malware software until something finds and removes the viruses
C)Reboot back to normal mode and see if everything is back to normal

Failing the above I was planning on taking the HDD out (its a laptop, so is this possible) and hooking it up to my PC and running AV/Malware software until clean.

Failing that I'll try to save all documents to a CD and see if I can run a recovery from the recovery partition and failing that either rebuild or send them to the purple shirt brigade.

Any hints/tips would be much appreciated.
 
Last edited:
What laptop is it? If it's one from purple shirt world or similar, it'll probably just be easier to whip the hard drive out, back up all her documents and everything she needs and then just do a full system restore.

Believe me I've tried clearing up drives before of viruses and I swear you can never get rid of everything. It's much easier and quicker to back up and restore/recover.
 
What laptop is it? If it's one from purple shirt world or similar, it'll probably just be easier to whip the hard drive out, back up all her documents and everything she needs and then just do a full system restore.

Believe me I've tried clearing up drives before of viruses and I swear you can never get rid of everything. It's much easier and quicker to back up and restore/recover.

Agreed!
 
It's reinstall time. Hard drive out, back up data, check data for viruses. Format partition, put hard drive back in, reinstall from CD or recovery partition.

Otherwise you'll spend hours and hours trying to root out all the files, registry keys and settings that it's modified, and even if you succeed you'll never be sure it's gone.
 
It's reinstall time. Hard drive out, back up data, check data for viruses. Format partition, put hard drive back in, reinstall from CD or recovery partition.

Otherwise you'll spend hours and hours trying to root out all the files, registry keys and settings that it's modified, and even if you succeed you'll never be sure it's gone.

Agreed. Also sounds like a SteadyState installation as well.
 
As mentioned above, it's just a silly ammount of effort required to try and completly remove. I've seen and tried before with I think this same virus, if memory serves it even disables task manager etc in safe mode! A re-install would be the best/easiest option to make sure its all gone and to take some of the work/pressure off you :)

I imagine it should have a restore partition on it that you can boot from and reinstall windows/drivers and a few apps in one go. Just make sure her docs, desktop and favourites are backed up (minus possible infected files lol) and you should be good.

You can take the lappy drive out but you'll probably need a converter to make it compatible with your main PC to slave it up so to speak. alternativly maybe use a USB drive on the laptop but making sure to run a good/decent virus and malware scan on that if you use it on your own machine.
 
Another vote for reinstall if it is at all possible. I also wouldn't put an infected hard drive anywhere near my own machine. SteadyState is an option. No doubt she was running in an admin account and/or clicked through any UAC prompts regardless.

Be worth taking a disk image so you have the option to easily restore it should it happen again. Charge em a tenner each time!
 
If they insist on not formatting then try this

I don't know if Norton supports scan before Windows has loaded up, but Avast home edition did. You stiil have the issue of installing it on the infected laptop though, if it's doable.

If you can install it, also take the definition update file with you incase online updating is hindered.
Avast Home Edition
Avast database update

You don't need to register as you get about 50 days usage before prompting. In the options enable scan compressed files. It should provide an prompt to run a scheduled scan on first reboot during installation. If you missed it or cancelled, here are the instructions to enable it
Scheduling the Boot Time Scan

Click on the Menu button.
Choose Schedule Boot Time Scan.
Doing so displays a dialog allowing you to schedule virus scanning.
Check Archives, if you want scan all the archives.
Specify whether all the disks or just a specific folder should be scanned.
Select Advanced options for scheduling details.
Select how to automatically process infected files.
Choose how to automatically process infected system files.
Click the Schedule button to confirm the settings.
 
With total security my understanding was to DL superantispyware to a usb

Turn off system restore, delete all system restore, reboot to safe mode, install SAS, run SAS, eliminate total security, cold shutdown, reboot to normal mode, repeat scan to ensure all infection gone.

Why won't this work? Did this to a friends machine at work 8 months ago, not a peep out of it since.
 
sigh..

disable system restore
remove you 'av'
run ccleaner slim http://www.ccleaner.com/download/builds/downloading-slim
run nod32 trial http://www.eset.com/download/free_trial_download_int.php
run mbam http://www.malwarebytes.org/mbam-download.php
run spybot http://fileforum.betanews.com/download/Spybot-Search-Destroy/1043809773/1


still screwed?
run combofix http://www.bleepingcomputer.com/combofix/how-to-use-combofix


following this, stop going to bad sites etc

use firefox http://www.mozilla-europe.org/en/firefox/
install this addon for firefox https://addons.mozilla.org/en-US/firefox/addon/1865

when firefox opens following the restart, tick the 'Easylist' subscription


get the girl to permablock the user who sent her that link, and tell the girl it's her fault etc etc
 
Just put a Ubuntu CD and copy the files to a memory pen and reinstall. Remember to check for viruses in the backed up data!
 
Is it Windows XP or Windows Vista?

If I had been given her laptop I would:

1) Ask her where all her 'documents' are stored (Pictures, Music, homework etc) and which programs she wants to be reinstalled (Normally iTunes, MSN etc.) I would back up her documents and download all the programs she wants reinstalled from online.

2) Make a full image of her hard drive as a safety net in case you forgot to backup some of her documents. If all goes wrong you can restore the laptop to its original state.

3) Completely wipe the hard drive and reinstall the laptops licensed O/S from standard Microsoft media. By installing from generic media you prevent all the other karp being installed which normally comes included with branded recovery disks (internet security trials, and other rubbish)

4) Install the latest drivers from the laptop manufacturers website.

5) Put the daughters documents back in place and reinstall programs

6) Put a decent Internet Security package on the system as well as some anti-spyware programs (Spybot, Spywareblaster, Malwarebytes are my chosen ones)

7) Fully update Windows. Make sure UAC is on (if Vista) and make her use IE7 in protected mode.

Let her enjoy your hard work :).
 
Last edited:
Malware Bytes will get rid off all the fake AV programs, over the past week we've had a real surge in them at work Personal AntiVirus, Win AntiVirus, Private AntiVirus you name it

You also need to check startup and make sure no dodgy .exe's are starting up and what might make running the scans easier is ending the exe processes if you can locate which one it is PAV.exe is one that's most obvious
 
Bitdefender + Firefox + Windows Firewall and you'd have to be pretty stupid to get a virus :). (Yes I know, that's exactly what young teenage girls are xD)
 
We've got this too. I'm going to have to leave it on for a while , is this Total Security dangerous or just an annoyance that I can live with for a bit ??
 
Malware Bytes will get rid off all the fake AV programs, over the past week we've had a real surge in them at work Personal AntiVirus, Win AntiVirus, Private AntiVirus you name it

You also need to check startup and make sure no dodgy .exe's are starting up and what might make running the scans easier is ending the exe processes if you can locate which one it is PAV.exe is one that's most obvious

OMG i was one of the stupid ones to fall into the 'personal anti-virus' trap, little git was hogging my pc like crazyyy, malware bytes sorted it out and kaspersky cleaned up the little bits, great teamwork
 
Back
Top Bottom