Need help to remove virus & nasties on a Windows box

jester · Sr. Member Joined: 19 Apr 2024 Posts: 1166

I'm staying with a friend while I'm here in the US and his Win2k box is pretty infested.

I've booted with sysrescue CD, mounted /dev/sda1 as /mnt/C: (just for simplicity) and run the following

Germ · Posted: Sun Dec 06, 2024 12:42 am Post subject:

I think Xeroid has some experience doing that. Hopefully, he will show up soon.

_________________
Laptop: Mandriva 2024 PowerPack - 2.6.33.5-0.2mnb
Desktop: Mandriva 2024 Free - kernel 2.6.33.2-1mib

melloe · Posted: Sun Dec 06, 2024 12:58 am Post subject:

Before you boot back into 2K, if he still has the Norton's disk..a recent one. Boot with disk in tray, and boot Norton's CD.. When it asks if you want to scan, say yes. This will scan the HD for badies at a very low level. also. Can't hurt, and often catches ones napping. I suspect Norton's might well be broken or outdated is there are that many badies not in quarantine. Does he have spybot Search and destroy and / or Adaware ..or some such installed? Look for files close to those names which are often badies themselves posing as ad and spybot killers. Nortons often don't see them as redirectors or such. Clam win does a pretty good job against older known threats, but will not do the whole job. in most cases.

If it is not a recent disk, or virus software is outdated, you need to uninstall Nortons ( no small task to get it all out** ), and install a recent virus software. ( most will do a scan before they install ) A good firewall, and some form of ad and spybot protection.

** Downloading and running a few times jv16power tools will usually get most of the Nortons files out. I understand it has been sold and went commercial, but old versions of jv16power tools are still on the net, or it might be worth buying in the worst case. No other reg cleaner comes close to getting out all the Nortons crap left after a supposed "uninstall" It is everywhere. That is what makes it valuable when kept up to date.

AVAST and AVG both have a very good free version of virus sofware if he (she ) cannot aford virus software. But none will be totally effective unless you get all the Nortons crap out. Even a new copy of Nortons. New kids on the block in virus software that seem to work well are K7, Bullguard, and Fsecure. ( I am not saying they are better than some of the better known ones. Just that they worked well. ) For the club, we had a different virus software on each box with two exceptions. But ended up using the firewall with a suite or Zone alarm and one other which name I can't remember. Zone Alarm is a pain now because they want to sell their virus software suite, but does a good job.

_________________
mell0: 1. Kubuntu, XP, Sabayon 2. Mandriva,Mint, Mephis
Thor: 1. VISTA, Fedora 2. Chakra, Debian
Sam:XP, SuSE Zues: win7, SuSE testing

JP · Posted: Sun Dec 06, 2024 6:00 am Post subject:

We used TrendMicro Housecalls http://housecall.trendmicro.com/ , for the wife's XP - works real good, as well as Lavasoft Ad Aware (also free) ..... AVG is really good, but as melloe says, you've got to get rid of Norton ..... Norton was into her XP so bad, we had to just backup and reinstall without the Norton to get rid of it! If it were me, I'd try Housecall first, because it's just a very small download (launcher) and it works great ........ one note; try to download the newest each time you go there, as it doesn't automagically update the older one Wink

TrendMicro would be my preferred AV for purchase if I were to run WNDOS (which I won't), because it doesn't take over your computer like Norton and McAfee do, (at least it didn't used to).

_________________
Dell Box - Arch Linux
Dell Lappy - DreamLinux 3.5 - Default OS
Mepis 8.0 - Backup

Germ · Posted: Sun Dec 06, 2024 2:12 pm Post subject:

lynch · Posted: Sun Dec 06, 2024 2:34 pm Post subject:

I tell my winders friends and customers to use these free utilities:
Avast Free Edition
Malwarebytes
CCleaner
Avast has a pretty good virus/malware scanning engine that runs using little resources. ( I have found AVG's last few releases to be a bit hoggish with the memory).
Malwarebytes is a free spyware remover with updates.
CCleaner scans at startup to rid the drive of the gunk that gets collected by windows over time. Has a nice registry cleaner and application uninstaller also.

I would suggest trying melloe's tip and also try scanning from safe mode. Turn off system restore and delete all save points. If you can get W2K's service pack 4 and install that, you can clean up a whole lot of system files that may have gotten corrupted/overlooked.
servive pack 4

_________________
Mandriva 2024 Spring -2.6.31.12-server-2mnb
PCLinuxOS 2024 -2.6.26.8.tex3

jester · Sr. Member Joined: 19 Apr 2024 Posts: 1166

thanks for the suggestions guys - I'm going to have to leave him to do this for himself as I have to head off

I have to say, I have never seen a PC in this condition before...

_________________
Arch64 :: Funtoo64 :: FreeBSD-8.0 :: OSX-10.4.11 (PPC)
Testing: Fedora12_x86-64 :: Ubuntu-10.04-LTS_x86-64

crouse · Site Admin Joined: 17 Apr 2024 Posts: 11833 Location: Iowa

For REALLY bad infestations, I usually use Slax, backup everything i need to save and reformat/reinstall.

Many times this ends up being quicker for me than messing with individual virus issues, etc.
Plus, when i give the computer back to my customers, I know it's clean Wink

This probably isn't the advice you were looking for though Wink

_________________
Veronica - Arch Linux 64-bit -- Kernel 2.6.33.4-1
Archie/Jughead - Arch Linux 32-bit -- Kernel 2.6.33.4-1
Betty/Reggie - Arch Linux (VBox) 32-bit -- Kernel 2.6.33.4-1
BumbleBee - OpenSolaris-SunOS 5.11

jester · Sr. Member Joined: 19 Apr 2024 Posts: 1166

Well, that's what he wanted to do but his Win2k CDs are shot and he has everything like work, tax, family photos, mail etc on there - it was hard to tell what was attached to what.

Since he had no experience with linux, it took some convincing even to slip a livecd in there. Fixing his PC wasn't my prime reason for visiting either Wink

He's set on using it that box until it dies before he buys a new one so he'll stick with his fix-up routine - his box, his choice, but boy what a reminder of why I use linux at home Smile

Again, appreciate all the advice - hope it helps someone in the future (I'll send him a link here for future reference anyway).

_________________
Arch64 :: Funtoo64 :: FreeBSD-8.0 :: OSX-10.4.11 (PPC)
Testing: Fedora12_x86-64 :: Ubuntu-10.04-LTS_x86-64

crouse · Site Admin Joined: 17 Apr 2024 Posts: 11833 Location: Iowa

still using win2k ...... wow..just a small step above win95/98 isn't it ? Wink

Gotta love those "pc repair visits" that aren't planned lol, glad I'm not the only one that happens to Wink

_________________
Veronica - Arch Linux 64-bit -- Kernel 2.6.33.4-1
Archie/Jughead - Arch Linux 32-bit -- Kernel 2.6.33.4-1
Betty/Reggie - Arch Linux (VBox) 32-bit -- Kernel 2.6.33.4-1
BumbleBee - OpenSolaris-SunOS 5.11

Lord.DragonFly.of.Dawn · Posted: Tue Dec 08, 2024 2:37 am Post subject:

i forget. are those better or worse than the ones where they bring the computer to you and then vanish after implying that they might be greatful for you fixing it but never actually asking you to fix it?

I never can remember. happens to me a couple of times a year too....

of course if you are mean and/or don't like the person. Just sell the computer and tell them later that their cut of the sale price was only $5 because the thing was a total POS. Of course when they complain you can simply explain that since they gifted the computer to you you felt it only fair that they get 10% of the sale price.

note that this is not a good thing to do. you would have to be a very mean person to do such a thing. very mean.

_________________
ArchLinux x86_64 - Custom Built Desktop
ArchLinux x86_64 - Compaq CQ50 Laptop
ArchLinux i686 - Acer Aspire One Netbook
ArchLinux i686 - Dell Presario ze2000 (w/ shattered LCD)

PuppyLinux, CloneZilla, PartedMagic, DBAN - rescue thumbdrives
Windows 7 (x86_64 desktop alternate boot)

VHockey86 · Posted: Tue Dec 08, 2024 5:46 am Post subject:

Interesting stuff, didn't realize those sorts of tools existed.
If anyone ever brought me a problem that couldn't be fixed with some simple freeware tools in Windows I would just recover the data using a live CD and reinstall like Crouse said. I generally found the time to backup + reinstall windows + install drivers / some basic programs quicker than researching what was actually wrong with it, and then never really feeling quite confident that it was indeed "clean".

_________________
Main Desktops : Kubuntu 10.4. ArchLinux 64-bit. Windows7 64-bit. Windows XP 32-bit.

MacBook: OS X Snow Leopard (10.6)

jester · Sr. Member Joined: 19 Apr 2024 Posts: 1166

Well it was entirely unplanned since I'm over in the US on business - 1 week Boston and 1 week Connecticut with the weekend in the middle at his place.

As the weather Saturday was so miserable it put paid to a lot of other things we had planned and so we stayed in and had a few beers which inevitably lead to 'finding out what was wrong with it'.

I actually thought Win2k was much better than the 9x/ME stable - it was the last Windows that I paid for (directly, at least - wife's Vaio has Vista), though I do use XP on the laptop provided by work (no choice, but also not accountable for fixing it).

My friend's real problem is that even if he could reinstall, most of the freeware apps no longer support Win2k, so he's facing the struggle against obsolescence as well as malware (funny how that stuff doesn't go past its sell-by-date...).

I didn't mind helping him, but it was mission impossible in the time and I had and the tools he was willing to use - at the end of the day, I reckon he should buy a new box, grab all his must keep files, install a Ubuntu on that old box along with OpenOffice, scan them with clamav and then transfer over the absolutely must-haves to the new box.

It'd take an epiphany (and not the Gnome browser) for him to switch to linux.

_________________
Arch64 :: Funtoo64 :: FreeBSD-8.0 :: OSX-10.4.11 (PPC)
Testing: Fedora12_x86-64 :: Ubuntu-10.04-LTS_x86-64

melloe · Posted: Wed Dec 09, 2024 2:33 am Post subject:

http://www.macecraft.com/download/jv16powertools2009/

This one asks for email address, but I just hit download and got it.
Felt like I was stealing so went back <G><

_________________
mell0: 1. Kubuntu, XP, Sabayon 2. Mandriva,Mint, Mephis
Thor: 1. VISTA, Fedora 2. Chakra, Debian
Sam:XP, SuSE Zues: win7, SuSE testing

Xeroid · Posted: Wed Dec 09, 2024 4:42 am Post subject:

I've completely lost my patience with windows clients. I despise working on their boxes anymore. You take one and remove the crud (or reimage if it's bad enough) and the morons don't learn a thing. They bring the thing back to you 6 months later saying it's slow again and you find they haven't updated their antivirus or done a ad-aware/spybot scan since you returned the PC to them.

Like Crouse said, it's usually easier to boot to a live CD, back up the customers data to a USB drive, and just reimage. Unfortunately, if the PC doesn't have a restore partition, the customers can rarely find the windows install CD. You mention Linux to them and they look at you like you just said something in Russian. So just stick with your third rate OS. Laughing

Also, there is a Norton Removal Tool available for download from Symantec. Funny how their Uninstall Norton just leaves 50% of the antivirus program files intact and you have to download a special tool to finish the job. Sad

_________________
Ubuntu 10.04 . . . Kernel-2.6.32-22

	USA Linux Users Group Forum Index » System Administration and Security	All times are GMT Goto page 1, 2 Next
Page 1 of 2