Format it. Its quicker and easier - and a lot more effective!
Is there stuff on the PC that cannot afford to be lost?
Hi... I am about to undertake the most thankless task of all. A relative has called me up in a panic asking me to look at her computer, which has apparently "picked up 31 viruses" and is pretty much non-functioning.
Now I'm no expert... I know some things but I'm not a tech by any stretch of the imagination and the only reason she called me is that I am probably the only person in the family with any knwpledge at all. I'm really not sure where to start with this... Do you think it would be a good idea to download something like AVG onto a CDROM and load it into her machine and try from there? Or is there a program that I can buy on a CD or DVD that just loads in and sorts everything out?
I know that the ideal thing would be to get some sort of mobile computer expert in to sort it out but she is retired and on a limited income so I would rather try my (limited) bit first. Any help/advice greatly appreciated.
Rob
Format it. Its quicker and easier - and a lot more effective!
Is there stuff on the PC that cannot afford to be lost?
Assuming formatting is not an option (there will of course be backups of everything!). I'd download a rescue disc ISO, burn to DVD and start from there:
https://www.raymond.cc/blog/13-antiv...t-rescue-disk/
DS
It's less likely to be viruses and more likely to be malware/spyware etc. Where did "31" come from? You could give "Malwarebytes" a go; scan it, reboot it, repeat until clean. There can be unwanted side-effects when malware is removed though, applications may stop working correctly etc. If nothing needs saving then like Cirrus said, format it.
I used this guide to successfully get rid of all the crap off the daughters computer.
https://www.techsupportalert.com/con...Actually_Clean
Last edited by mijyou; 22nd January 2015 at 15:41.
I swa the title and was going to suggest that you refrain from telling a female work colleague to run along and make a nice cup of tea while slapping her on the arse.
I can see now I got the wrong end of the stick.
It has just occurred to me to check what version of Windows she is running.....
Rob
Its Windows Vista. She has also had a demand for 500 dollars so there's ransomware involved. I don't know how easy it is to get rid of that...
I would prefer to format and install Win 7 but there are a lot of irreplaceable photos plus her entire MP3 collection on the HD and predictably enough no backups.....
Any advice welcomed.
Rob
Well, Vista is ok. (It's not as terrible as most people think imho).
For simplicity, my preference in this scenario would be to manually back up everything that is important (photos, MP3s, any other documents, emails, whatever) to an external disk and then vape everything and reinstall the OS and install programs. Make sure you have licence keys for everything first. :-) If she has a Vista licence then my view would be to stick with that. Make sure that everything is properly secured and then replace backed up data.
Then make her begin a backup regime to one or more external hard disks (or an external hard disk and a cloud service[1]). There are a million and one ways to do this but I prefer SyncBackPro: It can be automated and is very highly configurable.
Footnote:-
1: Both local backup disk and cloud, not just one or the other.
Step 1: Get everything important backed up. Preferrably before you even get there as this could take hours.
Step 2: Download Malwarebytes free version. Remove any crap that it finds. Make sure you run the rootkit scanner too, it's off by default.*
Step 3: Run some other antivirus scanner, such as AVG. Leave it installed when finished (I'm assuming they have no AV currently; don't install two at once, they'll fight).
Step 4: Check if PC is still functioning after a reboot and whether or not performance has improved.
Step 5: If not, clean reinstall everything.
(step 4(b) for experts is to run process explorer, poke around in the registry and check all the startup files for unusual stuff, but you need to know what you're doing for that).
You don't really want to get to step 5. Reinstalling Windows can be an absolute nightmare depending on the machine and what software you have for it. Most manufacturers nowadays don't supply any media, so if you're lucky there might be a recovery partition, but how that works will vary. Some will just have some secret method for booting up in recovery mode and reinstalling everything. Others require that you write to a bunch of blank discs (or if you're lucky, a USB drive) from Windows first, then boot off those. If Windows isn't working well enough by the time you reach this stage to actually burn the discs, you may be out of luck. Likewise if you don't have a big enough USB stick. Likewise if the recovery partition has become corrupted (possibly by malware).
If you end up trying to install a different version of Windows than the factory installed one, you're probably going to run into a lot of problems with drivers. Usually you can find the right drivers for a different model of PC, but manufacturers tend to be really lazy about keeping their directories up to date, and sometimes they even lock the installer so it won't install on a non-approved model (even if it's the right driver). It's always a good idea to download all the really important drivers first and put them on a USB drive, especially the video driver, as in some cases having the wrong video driver installed can make everything else unusable. This can also be true of motherboard chipset drivers and sound drivers, in some cases. You'll also want to make sure you have the necessary networking drivers so you can get back on the Internet to download any drivers you missed, or which didn't work for some inexplicable random reason.
As has already been pointed out, if someone who is not a computer expert complains that they have "31 viruses" then that's probably some stupid thing they clicked on that's either malware itself, or is at best trying to scam them into buying some "computer speedup" software that may or may not be legit. That'll probably end up being one of the things Malwarebytes removes. It might be the only thing. Such programs have been known to deliberately hobble PCs so that the owners notice that it's not running as fast as it should, and attribute that to the "viruses".
As far as I know, if it's actually one of the various derivatives of CryptoLocker, you can't recover any files it has encrypted, although you may be able to get rid of the malware. If there's anything really serious on the machine like that, I'd probably go for a clean reformat and ensure that only data files are retained. You never know to what extent the machine might have been compromised and there is no guarantee that anti-malware software will remove everything. If it has something like that on it, the chances are that it's running as part of a botnet, and could have things like keyloggers on there too.
https://forums.malwarebytes.org/inde...-cryptolocker/
Download Hiren boot cd and burn it to dvd.
http://www.hirensbootcd.org/download/
Boot from the disk and load Mini XP
This will run windows in the ram, which will enable you to explore the hard drive and save the photos to a external drive.
Reinstall windows.
Cheers
Jim
It is intriguing that your advice is almost exactly opposite to mine. :-)
I too usually prefer to repair rather than reinstall. I think it's the proper way to do it. But there are times when vaping and reinstalling is just simpler and safer.
I agree that reinstalling Windows can be a hassle but if you've got suitable installation media and access to drivers then it need not be like that. It all depends on what is available and what the problem is.
In the scenario described I still think I'd want to go for a data backup and complete vape and reinstall (assuming install media and product keys, etc. were available).
I think we actually said almost exactly the same thing, but I disagree with this conclusion.
My advice in general is, for run-of-the-mill crapware (toolbars etc) that is serving ads and slowing things down but not overly malicious, something like Malwarebytes should get rid of it quickly and easily. In this scenario you don't have too much to worry about, but really you want to look at the MB report and check the online documentation for any malware found, in case it is linked to any second-stage attacks.
If the machine is compromised in any significant way, nuking it from orbit is the only way to be sure ;)
Scanning for malware is unfortunately only about 95% effective so cannot be relied upon. If a machine has been seriously compromised (with ransomware, a botnet worm, etc.) then there is a very high probability it is compromised in other ways you don't know about and that some hacker has "got root" either through an existing compromised account, or through some backdoor that isn't necessarily related to malware. For instance, maybe they've installed an "innocent" FTP service that no AV software would flag (and you'd be unlikely to notice in a manual audit either), but completely compromises the system.
An interesting example of that 5% is the one and only time that I myself have stupidly opened a misnamed file (.zip.exe or something) I got infested with literally the most obvious virus you've ever seen. I tried several AV scanners including MB and none of them detected it, let alone removed it. Fortunately I was able to see it with process explorer (on top of it making literally no attempt to hide itself as any competent malware would), remove it from the registry (and a couple other places it had hooked into IIRC) to quarantine it manually. However, the only reason that machine hasn't been wiped is that I don't use it for e.g., banking and the stuff I do use it for requires a load of specialised software that takes hours to reinstall. I'm taking a calculated risk, but most people don't have a good enough reason not to reinstall. Even my excuse is tenuous at best and I'd never leave a system in that state on a corporate network.
In and enterprise environment especially, it's a good idea to have disk images so you can do quick reinstalls without even thinking about it. In the case of compromised servers, it's well-established best practise that you never try to repair, always quarantine (for later analysis of the attack to prevent recurrence) and rebuild. One of the nice things about cloud servers is that you can literally do this with a few mouse clicks.
On AVG's web site there is a Section on there Pc Rescue tool (it's free and good), you put it on either a bootable CD or as I do a USB stick, When you boot it of the cd/usb it will load a version of linux, mount the windows partitions then run a virus/malware check. There's also a very good memory checker in the package as well.
if you know how to download a torrent, and can burn a DVD, I have the Geeks Squad utility disc here, its a one click 4 hour operation, and will sort it out.