Neat blogs
Navigation
Editing
statcounter.com
clustrmaps.com
technorati.com
Tuesday November 18, 2008 My mother in law's computer is heavily infected. Why, why not?
I've been using BleepingComputer to figure out how to clean it up.
As it wouldn't boot as far as I was concerned, I took out the hard drive and put in a USB enclosure. I then attached it to a laptop I was willing to reformat if necessary. I then ran a virus scanner and Spybot - Search and Destroy on it. When I thought it was clean enough, I got the PC to boot again.
And now I'm going through online tools to scan it again and again. I'll get each tool to report nothing and start a new tool up. Right now I'm working down the list on Preparation Guide For Use Before Posting A Hijackthis Log, Instructions for receiving help in cleaning your computer and I'm doing Ad-Aware 2008 Free. And it is half done with 528 infections found. ;<.
So it finally finishes all of the way. A hint is to not start a browser up before running Ad-Aware. It will find offenses in that case.
http://www.securityabsurdity.com/archives/14
"[..]Ballmer spent almost two days trying to rid the PC of worms, viruses, spyware, malware and severe fragmentation without success.
He then took the computer to Microsoft’s headquarters and gave it to a team of engineers who spent several days on the machine[..]"
Posted by Andreas on November 18, 2008 at 01:31 PM CST #
Hey,
Just grab the important files from it onto a USB hard drive and install Kubuntu 8.10 on the box. The move the important files back over to /home/<user-name>/
Its got *so* easy these days.
Unless you use the system for things like AutoCAD where you really need windows there is not point in messing about like this.
For simple computer usage, Kubuntu or Ubuntu is just fine.
Regards,
Edward.
Posted by EdwardOCallaghan on November 19, 2008 at 12:36 AM CST #
Yeah these days one a machine has become compromised it's not nearly trustworthy again. Rootkits for Windows are proliferating and are a pain to even find, to say nothing of get rid of.
Copy out the user data files to external storage, disconnect from any networks, wipe the computer with recovery disks or whatnot, make sure it is hardware firewalled off the Internet before it is reconnected the first time so one can go to Windows Update and get all patches, then immediately go to Firefox.com and get Firefox for browsing and there is a fighting chance to keep it uncompromised. First startup of Firefox should be to go get an antivirus solution, AVG Free for instance, and installing that and quite possible a better firewall than the built-in one. Comodo is good, or Zonealarm.
An average clean unprotected Windows install has an average of 20 minutes lifetime on an unprotected network before it is successfully compromised by automated tools... it may be less than 20 minutes now. See http://www.gcn.com/online/vol1_no1/26967-1.html?topic=daily-updates# for instance.
So yeah, maintaining a clean Windows install is not easy or without its pitfalls.
Posted by cr0ft on November 19, 2008 at 08:50 AM CST #
It probably went quite a while before it got compromised. My best bet is that it got infected via LimeWire.
So, I'm pushing a little bit of user education out as well. BTW - It wasn't my mother in law.
And as much as I'm okay with using alternate OSes, I'm against supporting it for family members.
Posted by Tom Haynes on November 20, 2008 at 01:56 PM CST #