UPDATE:System: Compaq Presario SR1817CL, XP Professional Edition SP2?, AMD Anthlon +3200 2.0 GHz, ATI XPRESS 200 Integrated, 512 MB RAM, 200 GB HDD. System as first inspected had ESET SMART Inspector v. 3.0.314.0 (expired).
Previous PC Tech apparently installed a lifetime license, but ESET discovered this was a hacked version, and disabled the license. Unfortunately, this disabled real-time a/v protection, and also disabled the firewall.
Remarkably, the system is relatively clean considering the operating environment it was run under.
I successfully installed and ran the following:
- Avast! Free
- Malwarebytes Free
- SUPERAntispyware Free
- Revo Uninstaller Free
ESET was successfully uninstalled, and Avast! was put in with todays vps for 9/18/2011.
After running a quick scan, boot scan (that was truncated by an unexpected restart), a full scan, and a final boot scan, Avast! quarantined a total of 27 malware files. Note these files were
quarantined, not deleted, as I deemed it might be necessary to restore one or more of these files at a later time.
Malwarebytes was installed, with the latest manual definitions available today, 8/31/2011, and it found three malware files in quick scan, and a Trojan [Fake] in iexplore.exe in the full scan. All files here were quarantined.
SUPERAntispyware was installed with data version 7705 (not the latest malware core version) and found 427 dirty cookies resident on the system.
All in all, it was a little bit like peeling an onion layer by layer.
The following P2P and Bitorrent programs were installed:
I have uninstalled Ares (removed the folder and shortcut icon on desktop, as no entry could be found for it in either Add/Remove or Revo Uninstaller) and Limewire. I have left BearShare alone as this client has more than 800 MB of downloaded music files scattered about the desktop, and in one folder also on the desktop.
The concern here is that these music files may not work in other .mp3 players. I would not know this until BearShare is uninstalled, and then it might be too late.
See below.
The fact that System Restore is not working and the fact I cannot find a tab for it in 'System Properties' is of concern.
I have looked in Task Manager and also in msconfig, and cannot find the process or service for it in either.
This fact may be germane to this issue: There is no logon screen available when the computer first boots. Windows loads with the blue rolling bar, then goes directly to the desktop, with a short stop at 'Windows is starting' page.
I also found java to be sorely out-of-date, with both jre's at version 20 and 21, Adobe Reader was still at version 7, and Flash at version 10 X. Java jre and Adobe Reader have been uninstalled.
I can easily get the logs that are pertinent to scans done so far, but as the system is still at my friend's house, it may be a day or so before I get back to you.
First reboot of the system yielded a boot startup time of over 16 minutes. Cleaning the system and disabling the three P2P/Bitorrent programs from msconfig as services and startup now has it booting in three minutes. COMODO firewall has not yet been installed.
I would expect COMODO to have an impact on system startup times, so this above is a baseline.
A few of the files Avast! deemed to be dirty were related to java. Some of these files were found under the heuristic scan portion of the final boot scan. Others were outright exploits and Trojans. All have been quarantined as of the moment.
This is as complete an update as I can now provide.
Saved by Avast!
mchain
XP Home Edition SP3 P4 2.8 2 GB RAM Avast! Free 6.0.1289