Question
-
Topic
-
Spyware/Trojan/Virus?
LockedI have just been handed a computer, by a client, that displays the following symptons:
1. extremely slow – has had this problem a week ago – did a reg clean and compact and HDD defrag, thought it was fixed;
2. has recuring security/virus/trojan warning pop-up dialog boxes (3). No matter what I do these pop-ups keep recouring. Behaviour: all have the usual “go”, “cancel” and righthand top corner “x” (shut down) buttons, however irrespective of which one is clicked Internet Explorer opens at a specific site ie
pcsecuresystem dot com and
virusprotectionproonline dot com.Closing down IE does not help as the pop-ups return several minutes later.
3. cannot do restore even in safe-mode. Restore points are there but unable to use them;
4. has 3 icons on the desktop that client does not know how they got there, they are iNet shortcuts to
safewebnavigate dot com;
5. there is also a continous popup from what appears to from the Windows Security Centre that the computer is under threat of an imminent internet attack – even tho the computer is not connected to the internet nor to a phone line;
6. also found the file csrss.exe active on the computer – did a search for the file using windows search but came up empty handed, the same result for a registry search;
Remedies tried so far:
installed the following – Norton Security Suite, Ad-Aware, and Javasoft antivirus (?). Have run all three in normal mode and safe mode and removed everything that they found. Pop-ups still continue.
After discussing the problems with a friend (who also knows the client) found out that the client has a habit of installing programs and then uninstalling them after he has had a look.
Questions:
1. are the three sites above genuine sites or are they rogue sites? If they are genuine do they have a habit of installing their software/malware by stealth (at the moment i am not prepared to open the sites on my computer for obvious reasons)?
2. how do i resolve the issues in (2) above short of deleting everything on the HDD and re-installing WindowsXP? Have already suggested this to my client but he seems to be hesitant because of some of the programs that he wants to keep (obviously he has not saved the installation files).
I would welcome any suggestions/help etc as at the moment i feel like handing the computer back to the client with the comment: “Sorry, mate, nothing i can do but you WERE TOLD what NOT to do …….. etc, etc”.