• Some users have recently had their accounts hijacked. It seems that the now defunct EVGA forums might have compromised your password there and seems many are using the same PW here. We would suggest you UPDATE YOUR PASSWORD and TURN ON 2FA for your account here to further secure it. None of the compromised accounts had 2FA turned on.
    Once you have enabled 2FA, your account will be updated soon to show a badge, letting other members know that you use 2FA to protect your account. This should be beneficial for everyone that uses FSFT.

Malware hell

S

steakman1971

2[H]4U
Joined
Nov 22, 2005
Messages
2,433
So, my wife volunteered me to fix her friends laptop. It's running Windows 7 and it was a total mess.
I started off with Malwarebyte's Anti-Malware - it removed several items. Next, hit is with Super Antispyware. It found a removed a few more.
Got Microsoft Security Essentials running - it removed a PUP (goddamn was this annoying).

I put Chrome on the system (because they were rocking IE and it was all jacked up). I have seen some "ads" that shouldn't be there. The system was also trying to get me to update Flash - but the download URL did not look legit so I stopped it.

I currently have a trial version of Norton Security. MaximumPC give this and Bitdefender high ratings back in November. I ran a scan with it, nothing reported.

I'm going to have this person buy an antivirus package. Any recommendations?

What other software can I run to clean this system? I freaking HATE fixing other people's computers. I want to recommend they by an iPad and stop using computers - they would be happier and I wouldn't have to deal with their crap.

Not too mention, they have a freakish background image of an alien looking baby on their desktop. This damn thing is staring at me everytime I look at the screen. I might remove it and say the virus got it :)
 
Forgot to mention, Norton's installer detects a proxy. I did some scouting in network settings, and it looks normal. It is saying 127.0.0.1 and port 10529. I ran netstat - nothing suspicious looking to me.
 
Get them to buy malwarebytes pro with the real time protection.
 
Grentz said:
Get them to buy malwarebytes pro with the real time protection.
Click to expand...

It's too late for this. I would suggest this step after a completely fresh install. Does it still have the COA OP? Backup important things and start fresh with Chrome and ABP.
 
I don't have anything - just their laptop. I'd agree this should be re-imaged and a fresh install of everything they have. No telling what I'm missing.
I have Norton running now - it's found a few other problems (although some might not be a big deal).

I might find an ISO of Win 7 and reinstall that way. They have no backup at all.
I don't want their files on any of my stuff. If I back this up, they will assume I'm safe guarding their stuff. I'm going to see if they can use One Drive or something - there isn't much on this computer except some documents and a few pictures.
 
Yes, the COA tag is there. It's a Samsung computer - so might be software to reload from a partition. I did not want to go down this road (I'm not getting paid for this, just grief).
 
ADWCleaner and rougekiller are also good tools to clean malware.
 
Its not a software problem, its a hardware issue. They seem to be missing the required Benjamin franklin. Whenever my "wife's friends" have a PC issue and I let them know what the problem is, the issues seem to just disappear!
 
Open the Control Panel and find Internet Options.
Click the Connections tab and click LAN Settings
Make sure that the Proxy Server thing is un-checked (and use auto config script is un-checked too).

Next, download and run these from bleepingcomputer.com:
adwcleaner
rkill
combofix

maybe download and run Norton Power Eraser too.

Once that's all done and clean... if they want to pay for protection get something like NOD32 or Kaspersky AV or maybe Bitdefender. Stay away from symantec, mcafee, and other questionable sounding products.
 
It's too late! You did it for free and they will now expect that in the future. Charge a flat $100 for any future cleanings and tell them that is what you charge after the first free cleaning. Print up a quick 1-page notice that states you will do everything in your power to protect their data but the responsibility is ultimately theirs to back it up and that you will not be held liable if their stuff is lost due to unforeseen consequences. Recommend something like idrive or some other online backup service.

Do not use Norton or Mcafee. If they refuse to pay for an antivirus, install Avast free and make sure you leave the defaults so they are prompted all the time to buy the full version.

For cleaning, I recommend you run Combofix on top of what you've run so far and also run Vipre Rescue which scans every single file on the system and it a fairly large download but running it and telling them the scans take a very long time. Inconvenience those that think they deserve free $200 cleanup service. They will never learn unless they have to pay in time if not money. They need to know your time is money. Talk to your wife or whoever that you are NOT free tech support. Unless the end-user is paying in some way, they will never learn and will continue to be dumb on the computer and expect you to fix it for free everytime they download free emoji, games, poker games, etc etc etc.
 
Last edited:
I will add that if all they do is use the browser to check email and watch videos, etc, and do not do anything Windows specific (special windows apps, etc) then take a look at elementaryOS linux distro. I've found it to be the most user friendly Linux distro I've ever used. Getting the stupid off of Windows is the best thing you can do for society whether it be a Mac or a Linux version. You can always set up a fully updated Windows VM for them and create a snapshot for WHEN they screw it up. Easy $25 dollar snapshot restore. There is a version of Teamviewer that works on Linux which I use on elementaryOS (based on Ubuntu). I also configure the systems to auto update.
 
My wife pushed this one - she owes me now :)

Thanks for the feedback - the system seems clean now. I've ran a lot of the cleaners suggested in the article - it removed a bunch of PUP's, I found something modified /etc/hosts and added an IP for google.com, lots of registry crap.

The person is definitely someone who doesn't understand computers and I think they should not use them. I'm tempted to revoke her admin rights so she can't install any software without a password (although then they are going to bug me again). I like the VM ideas - but I'm sick of staring at the weird-ass baby on the desktop.
 
Something I purchased that has come in super handy is HDClone by Miray Software. The pro version is around $80 USD but it's been worth it for me. I can image pretty much any computer to VHD file. Then install elementaryOS and turn that old Windows installation into a VM that I also have backed up. Grab a snapshot and if they screw it up, you restore.

Of course you have to show them how to use it but that's minor time wise versus cleaning up someone's computer that your wife dumped on you.
 
if you dont want grief... i just ask them what do you need back up cause i'm just gonna reformat back to factory settings.

imaging is nice... but if your doing this for free all that time your spending just to get a image and copy stuff back n forth isn't worth it... i would just back up their pictures, my docs, desktop and reformat and call it a day.
 
steakman1971 said:
My wife pushed this one - she owes me now :)

Thanks for the feedback - the system seems clean now. I've ran a lot of the cleaners suggested in the article - it removed a bunch of PUP's, I found something modified /etc/hosts and added an IP for google.com, lots of registry crap.

The person is definitely someone who doesn't understand computers and I think they should not use them. I'm tempted to revoke her admin rights so she can't install any software without a password (although then they are going to bug me again). I like the VM ideas - but I'm sick of staring at the weird-ass baby on the desktop.
Click to expand...

Yes, your wife owes you. Long time ago, I told my wife to stop "volunteering" me. this is thankless, if you do a good job. Screw up, and tons of crap comes your way.

Which artical?
 
We do support for a bunch of SMB-esque companies. Malwarebytes and HitManPro are our go to for cleanups.
 
I use these 4 when cleaning malware off of machines:

Malwarebytes

Super Anti-Spyware

Spybot Search and Destroy (the immunization feature is very nice - it sets up blocks for thousands of known bad sites/addresses)

Dr. Web CureIT - this one is especially good for when you have something that like to kill malware/anti-virus software because they release an updated free version every day. The executable name is randomized, and the service name is randomized each time it runs.
 
Never do stuff like that for free, it never goes well and never ends. You are now free tech support for life.
 
Have we said to use Kaspersky yet?

I know I love to trust the Russians with my computer security
 
canna said:
Its not a software problem, its a hardware issue. They seem to be missing the required Benjamin franklin. Whenever my "wife's friends" have a PC issue and I let them know what the problem is, the issues seem to just disappear!
Click to expand...

+1
Time is money.
 
I swear by Kapersky Internet Security Suite built in badass firewall and overall killer of malware,spyware and viruses. I usually get mine free after mail in rebate's every year. Never had a issue with it and comes with a back up recovery cd iso in case you cant get into windows so its bootable :) Good Luck
 
You must log in or register to reply here.
Back
Top