How would you fix a badly infected PC?

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Please note: I am not asking about prevention.

Let's suppose somebody gives you a PC that is loaded with malware, and
it's your job to fix it.

What is the fastest, easiest, way to go about it?

Is there any way to clean the machine without loading any new software
on it?

Would it be best way to clean the machine without booting the machine
from the infected drive? For example should the hdd be removed, and
connected to another PC as a second drive? Or, should you boot from a
CD, then have a networked computer actually clean the drive? And what
software woud you use to clean the infected drive? Can the process be
automated?

Thanks, in advance.


Re: How would you fix a badly infected PC?


| Please note: I am not asking about prevention.
|
| Let's suppose somebody gives you a PC that is loaded with malware, and
| it's your job to fix it.
|
| What is the fastest, easiest, way to go about it?
|
| Is there any way to clean the machine without loading any new software
| on it?
|
| Would it be best way to clean the machine without booting the machine
| from the infected drive? For example should the hdd be removed, and
| connected to another PC as a second drive? Or, should you boot from a
| CD, then have a networked computer actually clean the drive? And what
| software woud you use to clean the infected drive? Can the process be
| automated?
|
| Thanks, in advance.

There is no Fatest and Easiest way.

It takes time, effort and work.  Either you are up to the challenge or you
backup the PC and
wipe the PC then reinstall the OS from scratch.



If you are using any version of Sun Java that is prior to JRE Version 5.0 update
9,
then you are strongly urged to remove any/all versions.
There are vulnerabilities in them and they are actively being exploited.

It is highly suggested that you update to the latest version which is Sun Java
JRE/JSE
Version 5.0 Update 9

Simple check, look under...
C:\Program Files\Java

The only folder under that folder should be the latest version.

Such as...
C:\Program Files\Java\jre1.5.0_09

http://java.sun.com/javase/downloads/index.jsp

FYI:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102557-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1


For non-viral malware...

Please download, install and update the following software...

* Ad-aware SE v1.06
  http://www.lavasoft.de /
  http://www.lavasoftusa.com /
  http://www.lavasoft.de/ms/index.htm

* SpyBot Search and Destroy v1.4
  http://security.kolla.de /
  http://www.safer-networking.org/microsoft.en.html

* SuperAntiSpyware
  http://www.superantispyware.com/superantispywarefreevspro.html

After the software is updated, I suggest scanning the system in Safe Mode.

I also suggest downloading, installing and updating BHODemon for any Browser
Helper Objects
that may be on the PC.

* BHODemon

http://www.majorgeeks.com/downloadget.php?id=3550&file=11&evp=245a87539eea8ed6904332b4b8b8442d

For viral malware...

* Download MULTI_AV.EXE from the URL --
  http://www.ik-cs.com/programs/virtools/Multi_AV.exe

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go
through your
FireWall to allow it to download the needed AV vendor related files.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal
Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the
PC.

You can choose to go to each menu item and just download the needed files or you
can
download the files and perform a scan in Normal Mode. Once you have downloaded
the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode
[F8 key
during boot] and re-run the menu again and choose which scanner you want to run
in Safe
Mode.  It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive
PDF help
file.  http://www.ik-cs.com/multi-av.htm

Additional Instructions:
http://pcdid.com/Multi_AV.htm


* * *   Please report back your results  * * *


--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Re: How would you fix a badly infected PC?


Quoted text here. Click to load it

http://www.microsoft.com/technet/community/columns/secmgmt/sm0504.mspx

Duane :)



Re: How would you fix a badly infected PC?

On Thu, 26 Oct 2006 23:25:11 GMT, "Duane Arnold"

Quoted text here. Click to load it

That article fails to mention the best solution of all. Reclone your
dirve from your bootable cloned backup drive which you keep sitting on
shelf, or in a removeable drive tray unpowered until you need it.
There's no possiblily of malware interference when you boot up from
the backup drive.

Art
http://home.epix.net/~artnpeg

Re: How would you fix a badly infected PC?


Quoted text here. Click to load it

Insert original read-only media, fdisk, format, reinstall.   Also the
same answer for a PC moderated loaded with malware.  

Quoted text here. Click to load it

Not reliably, no.   Not even with adding new software.

Quoted text here. Click to load it

That would help if only it was reliable and worked.

Quoted text here. Click to load it

There are knoppix cd's set up for this, but you're at the mercy of a
virus or malware cleaner that is signature based, can't invent the
creativity of the latest polymorphic malware authors, and by
definition are quite likely to miss something.

So while you are reduced to the rubble of a screwed up pc, may as well
flatten it and reinstall everything.  

A bootable CD however can be useful to shuttle your data off to a
removable drive.

--
Todd H.
http://www.toddh.net /

Re: How would you fix a badly infected PC?

In article <1161895492.873750.139350
@m73g2000cwd.googlegroups.com>, walterbyrd@iname.com says...
Quoted text here. Click to load it
You could try installing a new copy of Windows - leaving the
original untouched, then running your av scanner in the new
Windows. Some scanners would need to be re-installed as the new
Windows' regsitry wouldn't know about them, others will just
run OK.
Or, the UltimateBootCDforWindows gives you a nice clean
environment to scan in
Or, you take the disk out and access it as a data drive on some
other machine, and scan it there.
All these methods _may_ not find _everything_, but can be worth
a try
If it looks like being a long job, just get the data files off,
wipe the thing, re-install.
--
"He just said it had an 'x'."
"It isn't their necks I mind," said Piglet earnestly.
"It's their teeth."

Re: How would you fix a badly infected PC?


Quoted text here. Click to load it
If the PC is very badly infected, then I would wipe it and reload from
scratch, after backing up any data files - these will need AV and malware
scanning before use.

Bob



Re: How would you fix a badly infected PC?


Quoted text here. Click to load it
I would say put it on a good PC as a slave drive and them run anti-virus
stuff on it. Seems an easy option if  you have another PC.



Site Timeline