Cleaning PC without internet connection

[elzar]

I have a friend who has a PC which I believe is infected with god knows how many instances of malware (viruses, trojans, spyware, etc).  I haven't had a chance to work on her PC yet but from her description of what is going on I know that has to be the problem(s).  I routinely help out friends, relatives, and neighbors with this kind of thing and am amazed at all the malware I see biting peoples' PCs.

This latest case though has a different wrinkle to it.  I will not be working on her PC in her house, and even if I did, I do not think she has a highspeed 'net connection, only dialup, which makes this much more difficult to work with.  She will be bringing her PC over to my house to drop it off so that I can spend the time on it here.

One of the things I plan on doing is to take the avast setup_eng.exe from my PC and run it on her's to install it via a USB thumbdrive - but I'd like to know how I can then get the updates over to her PC?  Is there a way for me to download those seperately onto my PC then put them on hers?  Also how can I "register" the program on her PC to use it for cleaning if it is not connected to the internet, or is that not an issue?   She already has Norton anti-vir on her PC and says that she is still within the license for that, so I don't plan on leaving Avast on her PC when I'm done, I just DON'T want to use Norton to scan/clean it for now since I don't trust the norton install that is already there (I will reinstall it later when I am all done if possible - otherwise I will set her up with Avast permanently).

Also if anyone has any hints for how to do the same thing for spyware (spybot, adaware, spyblaster, etc), even winxp updates, how to get the updates manually to my PC then copied over to hers with no 'net connection, that would be appreciated.  I may even reverse direction and try to get her PC setup with a 'net connection in my house if that is what it takes though. 

I also have a bunch of different anti-rootkit type programs that I will be using but no issues with those getting updates since they are all self-contained/as is.

Hope this question makes sense.  Any advice appreciated!

[Confused Computer User]

Hi Elzar,

Ok, I'll try to help as much as possible but I'm not all that sure.

1.For VPS update with out internet connection you can go to:
http://www.avast.com/eng/updates.html
and get the latest VPS from there. Install avast and then run the file you got from there.

2.The Norton anti-virus might pose a problem. When Un-installing make sure it's completly removed by using the Norton removal tool found at:
ftp://ftp.symantec.com/public/english_us_canada/removal_tools/Norton_Removal_Tool.exe

3.For Xp updates I am not Sure at all. I believe (don't take my word for it) that you can download the various Service Packs and install those one at a time since they should contain all the prior updates released for the system. Again this is beyond me and I make no guaranties.

Hope this helps.

[Alioth]

I believe (don't take my word for it) that you can download the various Service Packs and install those one at a time since they should contain all the prior updates released for the system.

Yes, the Service Pack 3 for Windows XP includes all previously released updates for that operating system (included SP1 and 2).

You can download the Service Pack 3 installation package from here:
http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=5b33b5a8-5e76-401f-be08-1e1555d4f3d4
Or if you want to download an ISO image:
http://www.microsoft.com/downloads/details.aspx?familyid=2FCDE6CE-B5FB-4488-8C50-FE22559D164E&displaylang=en

Also, if you want obtain updates released after SP3, you can use non-official programs, like WinUp (a pack that includes all official updates for Windows XP SP3 until 25 March [for now]). You can get WinUp from here:
http://www.winup.es/descargar.php?lang=

I hope this is enough.

[Pondus]

Download and save on USB device an move to infected pc

Norman Malware Cleaner  http://www.norman.com/Virus/Virus_removal_tools/24789/en

Dr.Web Cureit  http://www.freedrweb.com/

[Spiritsongs]

  Hi :

 I recommend starting by using Malwarebytes' Anti-Malware AND
 "SUPERAntiSpyware", NOT the other programs you mentioned .

[Pondus]

Jepp true spiritsongs, but you don`t have to move any updates, norman and Dr.web are fully updated when downloading

[Confused Computer User]

I believe (don't take my word for it) that you can download the various Service Packs and install those one at a time since they should contain all the prior updates released for the system.

Yes, the Service Pack 3 for Windows XP includes all previously released updates for that operating system (included SP1 and 2).

You can download the Service Pack 3 installation package from here:
http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=5b33b5a8-5e76-401f-be08-1e1555d4f3d4
Or if you want to download an ISO image:
http://www.microsoft.com/downloads/details.aspx?familyid=2FCDE6CE-B5FB-4488-8C50-FE22559D164E&displaylang=en

Also, if you want obtain updates released after SP3, you can use non-official programs, like WinUp (a pack that includes all official updates for Windows XP SP3 until 25 March [for now]). You can get WinUp from here:
http://www.winup.es/descargar.php?lang=

I hope this is enough.

Thanks Alioth for the confirmation. (I also have a similar issue so you've helped me out as well)

Download and save on USB device an move to infected pc

Norman Malware Cleaner  http://www.norman.com/Virus/Virus_removal_tools/24789/en

Dr.Web Cureit  http://www.freedrweb.com/

Solid gold... I never heard of Norman Malware Cleaner but Dr.Web Cureit is recommended by most on this forum.

[Confused Computer User]

Took me a wile to find this but here is a tried and, in my opinion, proven method of taking care of viruses. It could come in handy in the future.

I suggest:

1. Clean your temporary files.
2. Schedule a boot time scanning with avast with archive scanning turned on. If avast does not detect it, you can try DrWeb CureIT! instead.
3. Use SUPERantispyware, MBAM or Spyware Terminator to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete them.
4. Test your machine with anti-rootkit applications. I suggest avast! antirootkit or Trend Micro RootkitBuster.
5. Make a HijackThis log to post here or this analysis site. Or even submit the RunScanner log to to on-line analysis.
6. Disable System Restore and then reenable it again.
7. Immunize your system with SpywareBlaster.
8. Check if you have insecure applications with Secunia Software Inspector.

[elzar]

THANKS very much for all the suggestions!  I appreciate it very much.

I will start preparing some things on a thumbdrive tonight.   And I forgot, but I do already have the XP SP3 update downloaded on my PC so that's a start right there as far as getting her opsys somewhat updated using that.  Wouldn't surprise me if she was still virgin XP with no updates at all but I don't know yet.  Ooh, I have to check to make sure I can go direct from original XP straight to SP3 or if I need to incrementally apply SP2 first.  I'll check that on the MS website.

Thanks again.  Once I sink my teeth into this if I find any nasties or suspicious stuff that I'm not sure what to do with I will post questions in the appropriate subforum.

[Confused Computer User]

I forgot, but I do already have the XP SP3 update downloaded on my PC so that's a start right there as far as getting her opsys somewhat updated using that.  Wouldn't surprise me if she was still virgin XP with no updates at all but I don't know yet.  Ooh, I have to check to make sure I can go direct from original XP straight to SP3 or if I need to incrementally apply SP2 first. 

The answer was already given to that issue. You also have a download link posted. See quote below.

You can download the Service Pack 3 installation package from here:
http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=5b33b5a8-5e76-401f-be08-1e1555d4f3d4
Or if you want to download an ISO image:
http://www.microsoft.com/downloads/details.aspx?familyid=2FCDE6CE-B5FB-4488-8C50-FE22559D164E&displaylang=en

Also, if you want obtain updates released after SP3, you can use non-official programs, like WinUp (a pack that includes all official updates for Windows XP SP3 until 25 March [for now]). You can get WinUp from here:
http://www.winup.es/descargar.php?lang=

I hope this is enough.

For your other point:

Once I sink my teeth into this if I find any nasties or suspicious stuff that I'm not sure what to do with I will post questions in the appropriate subforum.

There will be somebody willing and able to help.

Cheers.

[elzar]

Took me a wile to find this but here is a tried and, in my opinion, proven method of taking care of viruses. It could come in handy in the future.

I suggest:

1. Clean your temporary files.
2. Schedule a boot time scanning with avast with archive scanning turned on. If avast does not detect it, you can try DrWeb CureIT! instead.
3. Use SUPERantispyware, MBAM or Spyware Terminator to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete them.
4. Test your machine with anti-rootkit applications. I suggest avast! antirootkit or Trend Micro RootkitBuster.
5. Make a HijackThis log to post here or this analysis site. Or even submit the RunScanner log to to on-line analysis.
6. Disable System Restore and then reenable it again.
7. Immunize your system with SpywareBlaster.
8. Check if you have insecure applications with Secunia Software Inspector.

I wanted to especially say thanks for these steps.  I usually run something like CCLEANER to cleanout the temp stuff when everything is done disinfecting but it makes more sense to clean that temp stuff out first b4 scanning/cleaning to save time.  And Step6 is a great idea!  No sense leaving behind any maleware hiding in an old sysrestore backup, good idea to clear all that out too.

[Confused Computer User]

The thanks go to Tech.

I take no credit for this list. That is why I used the quotes. Tech has more experience than me so i wanted you to have it from the source.

[YoKenny]

WinPatrol will warn you of things making changes to the system that could affect its performance:
http://www.winpatrol.com

I have the 1GB USB Wristband and a Scotty Sports Shirt that I wear on service calls. 

[Confused Computer User]

I have the 1GB USB Wristband and a Scotty Sports Shirt that I wear on service calls. 

I didn't get it until I went to the site 

[tripplec]

Hi :

 I recommend starting by using Malwarebytes' Anti-Malware AND
 "SUPERAntiSpyware", NOT the other programs you mentioned .

I agree having been down that road before. The updates are small and can be done via dialup as well.

NOTE: When pluging a USB key into a infected machine. Assume that infections are now on that key IE Autorun.ini threat as well as others. Plugging it back into your system could infect YOU!! Ha ha then you'll have two to work on. Been their as well having got the autorun.ini from a clients machine.

Also Microsofts Malicious software removal tool can be downloaded from their site and run but take a long time.

Run the recommended software in SAFE MODE the result are better although slower to complete. But this is not a race and many scans and reboots are usually required before their is confidence that the infections are gone. This is a process that take a lot of time. > than an hour unless you have nothing on the drive, few do and they wonder why virus removal takes so long.

PS: Boot in safe mode with networking. You can ensure the AV updates are their before scanning. I found once that even though I had updated Malware in Normal mode, it also need to be done again in Safe Mode. Odd other that different account status as this will save you some headaches.