Avast WEBforum
Other => General Topics => Topic started by: SUSZANNAH on May 04, 2005, 09:11:25 PM
-
Hi, my friend asked me to look at her pc today, everything is so slow, just about crawling is a better term...finding it very difficult to carry out any commands, problems connecting and staying connected to the internet....she has no Firewall or Antivirus...she is not getting any error messages...and can't seem to access the help screens..........virus????? also how can I help her to get Firewall and Avast installed, she can't stay on net for more than a few minutes and when you try to search you are disconnected..any advice appreciated...... ::)
-
Susz
Put the programs on a CD for her at your house and then you don't need the net
to update her machine at all. ;D
-
Thanks bob, have cleared all temp files, used disk cleanup it recommended defrag, but pc wouldn't do it, can do disk no problem. but just trying to find out if symptoms are virus related... :)
-
There are almost certainly many active viruses, worms and Trojans on your friends computer, and probably a whole lot of spyware too. If your friend wants to be 100% sure of removing everything (for example if they do internet shopping or banking or use the computer for confidential business information) the only way to do this is use their rescue disks and reintall the operating system. They should save any files they want to keep before doing this. (And bear in mind the disks might also contain viruses etc., so scan them later before copying back.)
If you and your friend want to try to clean the computer, here is my advice. (I've cleaned a few computers like this recently.)
Download all the programs you need beforehand and run them in this order:
1. Start the computer in safe mode. Try to delete internet temporary files and turn off system restore as these are usually full of malware. Copy Trend Micro Sysclean onto the computer (plus definition files in the same directory) and run it.
2. Copy avast! onto the computer and install. Update from your disk. Schedule a boot time scan when requested.
3. Install TDS-3 onto the computer and copy the definitions file to the program folder. Run a scan. Right click on any nasties it finds and delete.
4. Install Ad-aware, update from your CD and run.
5. Install Spybot S & D, update from your CD and run.
6. Turn on Windows firewall, or install a firewall of your choice and see if you can connect to the internet. Check that your filewall is working at Shields Up! as soon as you get a connection.
7. If you get a connection but your browser doesn't work, run WinsockxpFix.
8. Check carefully for any suspicious activity. avast! Network Shield warnings can indicate a worm active in memory. A lot of internet traffic when you connect can indicate a Trojan is active. Use Process Explorer to check running processes: Malware processes sometimes even have an evil icon when viewed with Process Explorer. (Nice!)
9. If you identify any malware processes still running, a web search may find a removal tool from the likes of F-Secure.
10.Download Webroot Spy Sweeper. Install, update and run.
11. Download MS AntiSpyware. Install update and run.
12. Run HijackThis! and analyse at http://www.hijackthis.de/index.php. Remove entries which are positively identified as bad.
Edit: At this point, it might be a good time to turn System Restore back on, because you're going to tidy up and update the computer now.
13. Download TuneUp Utilities, install and run a registry check.
14. If everything is working OK, go to the Microsoft update site and install all available updates. (Or order an SP2 CD if there are too many to download.)
If this all seems too technical, ask your friend to spend some time copying the files they want to keep to disk, then flatten the system with the restore CD's.
All the programs mentioned you can find on Google. I'll try to come back and add some links if I have time later.
Good luck.
-
Thank you so much.....will make a start on downloading some of the programs to set to disk....looks like a lot of work ahead of me....will let you know how we get on...... :)
-
Anybody connected to the internet without an anti-virus and firewall (like your friend) can find out what is happening to their computer by watching this video.
http://www.bbcworld.com/content/clickonline_archive_14_2005.asp?pageid=665&co_pageid=3
-
That was really scary....... :(
-
forgot to ask, she has XP with service pack 1, where do I find Windows firewall as security centre isn't there.?..... ::)
-
Windows Firewall is only for SP2 as I heard of. You should order a SP2 on CD since your friends internet is not working smoothly.
-
Thanks for that as she is on dial up it would take me forever to download it.. ;D also saved me a job of trying to find something that isn't there and wondering why..... ;D ;D
-
Dail-up huh? I use to have dail-up untilm I switch to DSL, hmm. So far right now...does she have a antivirus program and antispyware program?
-
do you really want a laugh.......had pc about 3years and the Panda 90 day trial is still on there, tried uninstalling but that won't come off either.... ::)
-
Hope scandisk is in the same place as service pack 2 or I'll never find it........ ;D ;D
-
do you really want a laugh.......had pc about 3years and the Panda 90 day trial is still on there, tried uninstalling but that won't come off either.... ::)
Panda free trail? I had a McAfee Antipsyware free trial and can't remove it. >:( Those evil McAfee. Anyway, ignore the Panda free trial. Hope scandisk is in the same place as service pack 2 or I'll never find it........ ;D ;D
Scandisk should always be on the same place after upgrade. Do you guys live near a tech support area like Office Depot, Circuit City, private tech support, etc.? Best if you guys go there for a clean up and upgrades.
-
How to find SP1 firewall:
http://www.geocities.com/dontsurfinthenude/firetut.htm
I forgot to mention in my advice that you should turn System Restore back on at some point. I've edited my post above.
-
Hi Suzannah,
As what I gathered of this topic your friends computer is a mess, because she did not attend it properly. Safe all her data that she needs (documents, e-mail addresses etc., etc.) on another machine, and do the inevitable total re installation, install the free XP Pro from Microsoft (they giving it for free, really), install service pack II, a good antivirus program e.g. AVAST, Hitman Pro, a combination pack of good reliable antispy- malware), mailwasher (the last free version), and tell her to auto- or regularly update and run these programs, teach her not to click on anything she sees (danger of Trojans, active X malware, from what I hear she has hit a LSP insert (do you have to rebuild internet connection?), is her winsocks kaputt (dalshian virus).
Sorry go to a pro, let him give you a second opinion, when he tells you I am right in what I fear, do as I tell you.
Kindest regards,
POLONUS
-
Just an update have system here, looks bad, it eventually let me defrag it, got load up time down from 10 mins to 6 mins...lol....have tried installing avast and ad-aware from cd, but it is not having any of it......think I may as well give up and get her to take it to pc shop....... ::)
-
Things looking up managed to get Ad-aware in 113critical objects identified.......I am on a mission, need to know how to uninstall Panda antivirus as its 294 days out of date, can't uninstall from add/remove or the program uninstaller...anybody any ideas??? if you have please let me know...thanks... :)
-
Worst case scenario (very down and dirty), delete the panda programs folder in C:\Program Files on the HDD, run (windows start button, run, type) 'msconfig' without quotes, select the startup tab and untick/delete the entries for panda.
If you have a registry checker, run it and it may find registry entries for panda, remove them.
-
Worst case scenario (very down and dirty), delete the panda programs folder in C:\Program Files on the HDD, run (windows start button, run, type) 'msconfig' without quotes, select the startup tab and untick/delete the entries for panda.
If you have a registry checker, run it and it may find registry entries for panda, remove them.
Worst scenario indeed...
(Why did you install Panda? :-[ :P :'()
Is there any standalone application for uninstalling Panda at its website?
-
Have you tried Trend Micro Sysclean?
http://uk.trendmicro-europe.com/enterprise/support/tsc.php
http://uk.trendmicro-europe.com/enterprise/support/pattern.php
It doesn't need to be installed, just copied to the hard disk (with its definition file.)
You could also try McAfee Stinger and of course, avast! Virus Cleaner.
http://vil.nai.com/vil/stinger/
http://www.avast.com/eng/avast_cleaner.html
These are all stand-alone utilities. Start the computer in safe mode (tap F8 while booting,) copy all three to the hard disk and run.
Don't give up!
It sometimes seems you'll never get on top of an infected computer, but keep going and you will!
-
Hi Suzannah,
Save all her data that she needs (documents, e-mail addresses etc., etc.) on another machine,
I would highly recommend you do this before attempting to clean the system.
-
Thanks to all for help and advice working through things as fast as pc will let me, managed to get avast installed, the VRDB seems to be taking an age at least 40 mins so far is this normal or just another symptom? :)
-
Technical. I didn't install Panda, it was on the machine when my friend bought it, just want to try to get rid of it for her to put avast and zone alarm on........ :)
-
Cancel the database thing- let it run later after you've cleaned the computer. Up date avast! from your CD and run a boot time scan. That's priority No. 1.
Download avast! updates here, copy to CD and update avast! on your friend's computer. (Assuming you haven't already done so and your friends connection is still out.)
http://www.avast.com/eng/updates.html
-
Hi Suzsannah,
It is never a good idea to have two virus scanners on a comp, they come into conflict with each other (norton and AVG e.g. is a notorious example of this). An extra on line-scanner or scan tool like stinger.exe is a good idea. Scan the lot first, all in safe mode, push f8 on start up, you know or else XP restores the filth back automatically, find the 1.9 version of HijackThis, download the zip, read the instruction on the net, make an empty file in the Program Files, name it HijackThis, unzip HijackThis there (after you scanned the zipfile of course), and run it from a shortcut you placed on the desktop. Interesting to see what you have there. Download Startup.List and run the program from the desktop, interesting to know what is in this. Sometimes HijackThis cannot clean out some malware, you have to find the uninstaller from a trustworthy site (but there are lot of rogue sites that give you additional malware, so watch out, you do it at your own risk or your friend's if she lets you do this. Place your Hijackfile on the gladiator.forum site, register there, and ask the Admin or a qualified helper to help you out with your HJT logs. If it is malware or spyware, they are qualified to do this, and make a good job of this. I am only learning to do this, but not qualified as yet, only a member, but I am learning to do this.
Only those that never gave up won,
Greetz,
POLONUS
-
Thanks again everybody...but the time has come for it to go to the doctor.......spoke with the shop she purchased it from today, he was a great help also, he even talked me through doing a repair of XP....but sad to say it did not work...he said it must be full of virus and trojan...the pc now will only get as far as the desktop and that is it...click anything and the eggtimer comes on and stays there.....have tried F8 not even an option there for safe mode, only to reboot from floppy. cd/dvd. IDE 0 or IDE 1, so that is no help at all......I have learned loads from you guys over the last 2 days and really appreciate it........ :) :)
-
There does get to a point where you/they have to bite the bullet, save what data files, favourites, emails, addressbook, etc. and start from a clean formatted disk. They are very close to this point.
Unfortunately offering distance advice and help doesn't always get the job done.
-
Yes you are right....I have to break it to her.....now even the o/s won't load..........not looking good is it....... >:(
-
Has your friend got a wireless keyboard? It's impossible to boot into safe mode with these. You would have to plug in a corded keyboard.
Once in safe mode, run all the anti-virus tools mentioned before (Sysclean, Stinger avast! Virus Cleaner). You're not installing them so they won't conflict.
If your computer still isn't working, think about a reinstall, but even a computer in the condition you mention can clean up to a workable state in the end (bearing in mind my original warning that it impossible to guarantee 100% security in such a case, so internet shopping, banking etc would still be a risk.)
-
Hi FreewheelinFrank,
Be honest about it. A small virus incident, OK Even some spyware you can take off with a removal tool or a known LSP insert that is not too complicated. OK, you can recover from that easily, and the machine won't be compromised. But a computer in this state of SUSZANNAH's friend, a real druid from the isle of Man couldn't make it function again if he ever could. I would not trust this desktop again for the life of me or it must be clean and re-installed. Save all the data from the corrupted one as far as it goes, and then do the inevitable. I know what I am talking about I have been there, won a T-shirt, so to say. After a klez infection, that took out 30% of my 'windhose' files in the good old days, when providers did not screen your very e-mails. It is a bit of a mourning process to loose a comp installation on an incident like that, I know, but after one evening of cleaning up, re-installing the OS, getting the drivers back-on, and putting back the data, I could run the un-compromised thingy. Now I have a restore program and back up on DVD regularly, so with one click I go back to the version of 5 minutes before whenever it becomes sloppy to the time it was working perfectly without the problem, also minus virus or spyware. RESTORE-IT as a programme it is worth every penny of it, and saved me many a pain in the neck, believe me my friends. My wife gave it to me as a present, and it was the best thing I got.
Keep up the good work, stay clear of viruses,
Yours faithfully,
POLONUS
-
People often don't learn a lesson until they feel the pain, there is a lot of pain involved in a format and clean install and it is not something I recommend lightly.
Another valuable lesson that they will have learnt is if you don't want to lose it back it up and by far the easiest is a disk image, I do one every week and back up volatile date every day (emails, data files, addressbook, favourites, etc.).
If I ever get in serious trouble I simply install the last image, restore the data files daily back-up, so very little will be lost. I can't remember the last time I had to restore an image but a 10-15 exercise compared to a format and reinstall, no contest.
-
Well waiting to see my friend to explain what has happened, in the mean time have tried to get it to run, on F8 safe mode is not an option, it keeps saying 'Error loading operating system' only options are
Floppy
IDE 0
IDE 1
CD/DVD
tried with cd it lets you install the files, then on reboot comes back with the error message as before, no idea what has gone on as yesterday at least I had the desktop on there, havn't messed with anything regarding settings..........just wondered really why there is no safe mode option......will have to be a shop job......just curious of the error message... ::)
-
although the PC is most probably riddled with malware, this error sounds suspiciously like hardware error, e.g. Harddisk-problems..
have you managed to backup the most important files earlier ?
if so, try booting with XP-CD and removing/deleting the existing (system/Windows)partition completely, make TWO new partitions, and do a clean install into the first one
(2nd partition is for data and helps keep your data in case of beeding a reinstal in the future)
*
if not, at least boot with XP-CD, then go to repair console ("DOS") and do CHKDSK and (if available) SCANDISK with option of intensive / SURFACE test
;)
-
whocares....have got as far as chkdsk and it says its ok, no option for scandisk...what do I do next?
-
Howdy Suszannah,
From what you tell me here, I fear you have cleaned out part of an essential item to run windows. You can be saved by someone with a special mirror disk run only to burn the data to
image the contents of the machine, but these are specialists.From what I hear what you tell us in your posting last, this virus is a very tricky one. Have you tried the bios settings, can you alter and reset there.. I agree with DadvidR, this is a hacker's virus that can land you in big trouble. That is why it is mighty important to always have a copy of the registry and the system files. If a vital component of windows system is missing, you have the situation at hand you find yourself in now , you cannot start up..no way. There are trojaned viruses, that an internet service provider may let through, because it can hide for the nick of time it has to slip by, it is like the rogue that puts nylons over his head, you cannot see his face and nail him, but thank AVAST it will trace this baddy later.
But I ask DavidR's opinion if she(they) can get away without " total recall"?
POLONUS
-
Thank you .....at least I can get as far as the DOS prompt, but from there I am lost........but I have tried, I am ok at following instructions, but at a loss without them.........she hadn't finished saving her documents....does this mean that the disks she has saved are also infected?
-
Dear Suszannah,
That may not be the case. But educate her to do this next time around, no one can live without a CD or DVD with essential data of their comps nowadays. If what whocares says is true it can be the feed that can take the harddisk down, an accumulation of dust can cause that. People have to open up their computers or turn their keyboards once a year to have the dust out. But what I hear from what you tell in this thread that is not the case. The machine then must hum a different tune, you must hear it tick. No it is definitely a virus or a combination of malware and virus, or I must be very wrong. Hang in there try to push very swiftly alternating between the upward and downward arrows on your keyboard console, and tell us what happens there....
Good luck,
POLONUS
-
Hi Polonus,
Check my first post in this thread and you will find I said the same thing.
However there are people who don't have the option of reinstalling the OS. There seem to be plenty of people who can't find the CD's that came with their computer. I have cleaned a few computers in this situation which have been without any anti-virus or firewall and have been infested with just about every item of spyware, virus, worm, bot and Trojan known to man.
(Leaving with a warning not to use that computer for internet shopping or storing confidential info. etc. of course!)
I did feel as though I was doing battle with the hoards of Mordor, although I wasn't the wizard, it was the people who wrote the many excellent anti-malware programs available. All I had to do was to wander the battlefield afterwards and stab a few remaining Orcs.
It's definitely not recommended: 'nuke and pave' (reinstalling the original operating system) is the only way to guarantee 100% security after a malware attack. But if the computer is only used for casual web browsing or gaming, it can be worth a try. It's a case of weighing up the risks. (And it's also an interesting real life test of anti-malware programs.)
Suszannah, you haven't said if your friend is using a wireless keyboard?
If not, then it probably is time to find those restore CD's that came with the computer.
If your friend has important information still on the hard disk, a virus expert may be able to boot from a special CD and recover the information, or to remove the hard disk, run it as a slave and if not repair any virus damage, then recover important files.
-
No she has a wired keyboard, after following whocares's advice managed to get it do do chkdsk which came out as ok....but no option at the dos prompt to run scandisk.....I havn't deleted anythng so no idea how part of windows could be missing, the only disk here is the xp installation disk........
-
Whether it's a virus or not is imho unimportant at this stage, as the most urgent item is to get a backup of the data
Enter the BIOS while booting, do auto-detecting of hard disk(s): confirm¬e the offered settings
Boot with the XP-Setup-CD, got to repair -> Console
then enter:
Fixmbr [ENTER]
fixboot [Enter]
(maybe you have to search the CD first to see where these tools are located, i.e. path/folder)
then try reinstalling WIN into the existing partition (NO deleting/repartitioning, nor formatting)
What happens exactly ?
any error messages or "success" messages during fixing or installing ?
-
Fixmbr:
Caution
This computer appears to have non-standard or invalid master boot record.
FIXMBR may damage your partition tables if you proceed.
This could cause all the partitions on the current hard disk to become inaccessible.
Are you sure you want to write a new MBR?
said no....as I have no idea what it is..... ::)
-
ask her, if the data is really worth backing up:
if so,
- get Knoppix or
- as said above, plug the harddisk as slave in another PC and
backup her data
if not, go ahead.. Risk of data loss !!
*
do you know if she indeed has an unusual/non-Standard MBR/partitioning ?
Bootloaders, multiboot-system ?
or try Bootable AV-media, e.g. BART-CD or AV-Bootdisks (see below)
those need to be made on a clean PC, of course..
maybe they'll find an MBR/Bootvirus
-
Your AV boot disk link is dead. :'(
-
Things are getting a little too technical for me now...think it's time to concede.....and leave it to the experts to sort out,,,,but it was fun trying.... ::)
Do not understand the partioning message.....as far as I know all was a standard setup with this pc..... :)
-
AV boot link is dead? can you please explain so I will know for future reference........thank you all for all your help...... :)
-
http://www.tucows.com/preview/345398.html... when the poor pc is died... some resuscitation is still possible! But is the extreme solution. ;D
-
Thank You....... :D
-
I'm too lazy for read all this topic :-[ and I don't know if you tried this: boot the pc --> F8 --> now the screen is black with white strings of charachters: using the arrow keys, you must select "use last valid configuration" (or similar 'cause i have italian language on my pc).
-
AV boot link is dead? can you please explain so I will know for future reference
Sorry:
The link in Whocares' signature in the posting immediately before mine.
It has expired, it has ceased to be, it has gone to meet its maker. It's kicked the bucket, it's shuffled off its mortal coil, run down the curtain and joined the choir invisibile! It is an ex-link.
(http://orangecow.org/pythonet/resting2.gif)
-
lol....basically....it's kerputt.......spoke to Elaine it's going to shop tomorrow.........nothing to play with now......... ;D
-
Well it's gone to the doctors now, whilst it's there it is having an upgrade, an extra 512 ram, cd rewriter, Avast and Zone Alarm put on (they usually install Panda) retrieve her documents and reinstall XP with SP2....£95
The techie seemed to think with all the spyware that was on there (113 hits) when I removed it, it may have taken some of the windows files out......apart from any virus that were lurking in there........thanks a lot to everyone who tried to help........ :)