Tried to clean co-workers PC of Viruses. Hectic stuff

Hi all. What a day and a steep learning curve for me. This is a long post folks....you may laugh either at me or with me

Got this guy at work with an oldish PC that he uses at home. It never had an Internet connection but he has kids who use the thing with flashsticks from school mates etc. And never any AV protection.

He does not have any Windows disks because he bought it from a pal of a pal years ago. Get the drift.

So I decide to go on a mission today and try and clean the PC from infections without re-installing Windows XP. (His CD drive does not work anymore anyway as well.)

After multiple attempts to get Avast, Avira or AVG to load from or run from a flashstick (my own safe saved install exe. loaded from my comp with USB Vaccine).....I realised by comparing my original files I put on the flashstick were being altered by around 200KB a piece once plugged into the infected PC.

Avira up by 200KB, Avast about the same....but AVG spot on still.

So I start the AVG installation. It looks like all is well and AVG is installing. Great I think....at least I have one AV installing properly.....until AVG began uninstalling itself and telling me that "installation failed".

Reboot needed. That was it. Upon reboot still no joy with install.

So, I think, stuff this.....I am tired of buggering around.

I re- format the corrupted flash stick on my lappie and then load SAS and change the name to GGHGHGG.

Push it into the infected PC and SAS runs and installs. Yay!!!
It does a thorough scan and finds around 20 infected files. I reboot...and everything is still not cosher.

Then, a light goes on in my brain, and I think "what about M$ Worm Tool V2.0
which I saved months back".

I take the once again corrupted flash stick, re-format it on my lappie and load the M$ Worm tool. Plug the flash stick into the infected PC, double click on the cabinet file(windows-kb890830-v2.0)

It installs and finds 520 infected files. Cleans/repairs them and I reboot windows.

I can now also install Avast at last. I schedule a boot scan.

Computer restarts and Avast boot scan begins.

It finds...and I am not joking... 1359 infected files


Virut
Mabezat
Sality
Sohanad
Auto IT

They were everywhere multiple times..........

All the work does not help though. Something happened to the login password with this messed up PC :cry:

Lesson learn't for me though. At least I know next time before I attempt the impossible ressurection of a rotten, worm and trojan eaten PC

Rotten to the core and more.

Cheers

 

All that and never having touched the web. Beautiful.

Shows why, although it's an extra expense, it is often worth buying the children a computer of their own.

 

Actually, it is not suitable to clean a "super infected for years" PC.
My friend have AVG free installed to its laptop for 1 year and he found his PC was very poisonous(viruses, trojans, spywares). Everytime, he brings his flash drives or stuffs go to college or injected to other friend's laptops. Everyone would scream.
So, he decided to have a better AV. I suggest him AVIRA.
OK. He sucessfully installed AVIRA. AVIRA kills a lot(thousands) viruses until his laptop also got killed.
He checked his laptop and found the viruses, spywares and trojans are all living in his softwares .exe files(almost all .exe files). AVIRA kills the .exe files which is infected and together this could kill the software. Every software inside the laptop got killed and its laptop was sent to format. LOL.

Lesson learnt, do not attempt to clean a SUPER INFECTED PC. It is useless.

 

Any computer infected by man can be cleaned by man.

Since it is all water under the bridge, it seems pointless to go into some questions, but I wonder (for one) if the USB files were really growing or you simply thought they were since a USB is formatted with a fat32 file system instead of your laptop which is formatted with ntfs. The cluster size of fat32 file system might account for that.

The hoarked up password and log in was likely a result of a rewritten userinit file or a file attached to the userinit.exe process...probably repairable.

Now, I do agree with the argument that when a system is obscenely infected, it is sometimes FASTER to wipe and rebuild then to repair, but there are some cases where a rebuild is the only unfortuate option. In such cases, there are ways to facilitate the repair (for example, drop the drive in a different system as a slave to remove much of the crap manually along with all the temp files and through a scan from the second system).

But, whatver...probably get a nicer system with a clean install

 

My Acer uses fat32 as well. Outdated....but true I promise you.

Avira went up 200KB and so did Avast. Tis true.

Anyways, thanks for the reply and cheers