Malware

Question

Gravatar
0 Votes
Locked

Working on an infected box

By Snuffy09 ·
I recently received my brother-in-law?s virus infested computer. I normally don?t charge family to work on their computers but after this last porn surfing binge he went on I think I will start making exceptions.

He?s running XP Home

Whatever he?s got it will not let me install any antivirus software (naturally) I receive an error message that says that the Microsoft installer is not running and that I may be in safemode. I am able to install other apps.

I shared out his HD and mapped it on my computer and scanned his HD with my AV software. I found about 30 infections but was not able to remove them due to permission/authentication issues.

I was able to install threat fire (cant update DB tho) I was also able to run smitfraud fix, but it didn?t fix anthing. I ran a recent copy of Stingger on it and it cleaned up 20 items.

My most recent attempt was installing Spybot S&amp from my machine to his mapped drive. I started the scan this morning so I will have to see what it found when I get home from work.

I need a IDE/SATA to USB adapter

Anybody have any more ideas before I give up and FDISK?

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

gravatar
Collapse -

**** it all away....

by ---TK--- In reply to Working on an infected bo ...

when I get a pc, thats infected from surfing porn... I just **** it all away...

gravatar
Collapse -

Try...

by cmiller5400 In reply to Working on an infected bo ...

try booting to the ultimate boot cd for Win --> http://www.ubcd4win.com

Update the Spybot and all AV scanners that come with it, then boot with that CD and run the scans. I was able to clean one infection that way.

On the other hand, it sometimes is better to wipe and reload.

gravatar
Collapse -

DO you have the WIN CD?

by mjd420nova In reply to Working on an infected bo ...

If you have the CD for the install, it would be easier to just wipe it and reinstall the OS. Also it would be good to reset the BIOS to eliminate the possiblity of it being infested too. It would create more hair pulling to go through a complete reinstall only to find it is still infected. Too easy to reset first.

gravatar
Collapse -

Try using this

by jimmy-jam In reply to Working on an infected bo ...
gravatar
Collapse -

Ultimate Boot is good, but before you wipe the HD

by DadsPad In reply to Working on an infected bo ...

Can you restore it to an earlier date? If he has put off having help with viruses/spyware for a long time, then better to wipe and format with XP newly installed.

Install a Virtual Memory program and show him how to run. That way he can terminate the VM after being on the internet and kill any infections; or, at least, show him how to restore. Then tell him how much you charge customers to do this and he will be considered a customer next time.

gravatar
Collapse -

Thanks for all the Ideas

by Snuffy09 In reply to Working on an infected bo ...

I have tried my UbootCD I was able to clean up a few things but still no luck.

He doesnt seem to have much on his PC so im going to check with him tonight to make sure. If its ok im going to **** it away and reinstall.

gravatar
Collapse -

The problem is...

by dixon In reply to Working on an infected bo ...

...the way you're accessing the drive, shared and mapped with windows (and who knows what else) running. You need to access it differently (slaved or IDE-to-USB adapter or ubcd4win) so you can beat up on it without anything running.

gravatar
Collapse -

I know, BUT!

by Snuffy09 In reply to The problem is...

The only Test Computer i have is my own. I dont want that HD in my computer. If i was getting paid for this job i might think about it. Your right I do need a USB Harddrive adapter... its on my list.

gravatar
Collapse -

So...

by dixon In reply to I know, BUT!

...you don't have an old throw-away box lying around for such purposes? If not, you really need one. And by the way, connecting that drive to your machine with a USB adapter wouldn't be any less risky than slaving it. If you're not comfortable with one, I wouldn't recommend doing the other.

gravatar
Collapse -

Or...

by dixon In reply to So...

...there's still the option of ubcd4win, to keep your main machine out of the mix.

Back to Malware Forum

Start or search

Related Discussions

Related Forums