Virus Scan issue....

PinkFloyd · 31 Dec 2008 at 12:41

I've been given a pc to *fix* by a friend and it is loaded with viruses, its sluggish, constant windows popping up trying to install things, suspicious processes, the whole lot.

Its horrendusly slow trying to scan on it, and AVG pops up with an error within seconds of starting a scan (although seemingly continues to find hundreds of threats within a few minutes)
AVG is out of date on the machine but it is unable to update, most websites won't resolve, I had it suggested to try the online Kaspersky scanner, but that won't load.

Is there a way to scan it across the network from my pc?
Going through it bit by bit with everything as sluggish as it is is tiresome, I've never needed to remove so much crap from a pc before, can't remember the last time I had anything worse than a suspicious cookie on my pc. Would getting a live Linux disc with a virus scanner built in be a good option?

Rabtech · 31 Dec 2008 at 12:43

You'll need a USB flash drive and using another machine download the following (run on the infected machine in this order too):

1) Combofix
2) Malwarebytes or Spybot (inc manual def updates if necessary)
3) Latest AVG

The above should fix things nicely, the redirecting websites/program updates thing sounds like tdsserv which is a nasty rootkit. Combofix will sort that out for you and should get the machine in a semi usable state by itself.

Diggsy · 31 Dec 2008 at 16:55

If I was handed one in such a state then it would be reformatted. No way on earth would I spend ages messing around trying to remove all infections, unless there was VITAL data on there that absolutely had to be recovered.

Problem with a lot of infections at the same time is it is almost impossible to be sure that everything has been removed, and that nothing important has been affected on the system.

Best just to tell them how bad it is and suggest a reformat IMHO.

PinkFloyd · 31 Dec 2008 at 18:33

I'm slowly moving towards a reformat although I'll have to sort out with my mate what needs to be backed up in terms of work.
I've ran through Spybot twice now, both times it has found hundreds of threats, I've never seen a pc so full of crap. Currently doing an adaware scan for the fun of it, still unable to browse the web without tonnes of popups telling me to install a different AV, and still unable to update AVG (can't update Adaware either, both are newest versions of the websites though)

AVG Smartscan results, 1 in 1000 files infected, removed most of the spyware, just need to go again to get rid of the redirect things.....

I could just reformat, but this is personal now!

Rabtech · 31 Dec 2008 at 18:47

Combofix? This should have been the first thing you should have run imo - you havent mentioned it...

PinkFloyd · 31 Dec 2008 at 18:50

Rabtech said:
Combofix? This should have been the first thing you should have run imo - you havent mentioned it...

Oh yeh I've left that for the meantime after reading through about it, sounds fairly complicated so I have ran the other things in the hope it would get everything

(granted it is silly of me to ask for advice and not actually follow it - will no doubt be done tomorrow after I've read through how to use it properly)

Rabtech · 31 Dec 2008 at 18:52

Its not complicated, just run it and follow the prompts

Ratbag · 31 Dec 2008 at 18:56

Frankly, Adaware is for sausage smokers. It has been surpassed in a big way by Malwarebytes and SuperAntiSpyware. Switch off system restore, then deploy both of those and Combofix and when the PC is semi-usable do a driver backup [if you don't have any discs to hand] and seriously consider a reinstall. If those programs won't run or install then try renaming their .exe files prior to deployment.

PinkFloyd · 31 Dec 2008 at 19:13

Ratbag said:
Frankly, Adaware is for sausage smokers. It has been surpassed in a big way by Malwarebytes and SuperAntiSpyware. Switch off system restore, then deploy both of those and Combofix and when the PC is semi-usable do a driver backup [if you don't have any discs to hand] and seriously consider a reinstall. If those programs won't run or install then try renaming their .exe files prior to deployment.

Fair enough, I'm completely out of the loop with pc protection, I've ran AVG on my own rigs for the last few years and don't think I've had a single virus. Tried Adaware since I've used it in the past.

Diggsy · 31 Dec 2008 at 20:37

If you're determined to get rid of it, try Trendmicro Housecall online to scan for nasties... http://housecall.trendmicro.com/uk/

And also give Stinger a run through... http://vil.nai.com/vil/stinger/default.aspx

Then make sure you run HiJackThis... http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

...and you can post your results of the HiJackThis log either here or on other sites too for help.

PinkFloyd · 2 Jan 2009 at 14:52

Think I'm all clear now. Went through with combofix after initially avoiding it. Seems to have got rid of the rootkits aswell as lots of other evil crap. Adaware took out a load too, as did AVG.
AVG and windows now update properly so I think I'll have a happy friend who can then go and fil it up with crap again

Think I'll be demanding more than a single pint in payment after how long it has taken though! Cheers for the responses all

swinnie · 2 Jan 2009 at 14:58

PinkFloyd said:
Think I'm all clear now. Went through with combofix after initially avoiding it. Seems to have got rid of the rootkits aswell as lots of other evil crap. Adaware took out a load too, as did AVG.
AVG and windows now update properly so I think I'll have a happy friend who can then go and fil it up with crap again

Think I'll be demanding more than a single pint in payment after how long it has taken though! Cheers for the responses all

Replace AVG with Avast.

AVG is cack.