wow, you guys have gotta see this machine!

I just got a machine from a friend of a friend to fix as he is having some issues with it.

well I get it, takes 5min's to boot, every 5 second it flashes up "spyware etc. detected


Spybot search and destroy reports >500infections + 20 high security threats. this machine has every form of virus, trogans, adware, sypware, worms, dialers, key recorders everything.

every scan shows more and more infections.


I tried to install 3 diffrent virus scans(avira, avg, win defender) but none of them work/they all return 0 results(avira allways has 1 or 2). any Ideas? I'm not sure how to fix this, with out putting Ubuntu on it of course.

anyone know of good free anti spyware software? or have any ideas what to do with this thing?

 

Here's my most recent update of my Somewhat-Automated Anti-Malware toolkit.
http://www.megaupload.com/?d=CHH8RD7W
Actually it's been slightly updated but not enough to be worth uploading all over again.

Included, but not limited to:
Combofix: http://www.bleepingcomputer.com/combofix/how-to-use-combofix
SmitFraudFix: http://siri.geekstogo.com/SmitfraudFix.php
Spybot Search and Destroy: http://www.safer-networking.org/en/spybotsd/index.html
SUPER AntiSpyware: http://www.superantispyware.com/superantispywarefreevspro.html
MalwareBytes Anti Malware: http://www.malwarebytes.org/mbam.php
Trojan Remover: http://www.simplysup.com/tremover/download.html - I usually start with this, does a good job of softening up the computer so it's more workable.
SpywareBlaster: http://www.javacoolsoftware.com/spywareblaster.html
BitDefender Antivirus 2009 Trial: http://www.bitdefender.com/site/Downloads/ NOTE THAT EXISTING AV MUST FIRST BE REMOVED
Windows Malicious Software Removal Tool: http://www.microsoft.com/downloads/...E0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

Some additional tools that may help:
HiJack This!: http://www.download.com/Trend-Micro-HijackThis/3000-8022_4-10227353.html
CCleaner: http://www.ccleaner.com/download
Unlocker: http://ccollomb.free.fr/unlocker/

(I clean this crap for a living)

 

I suggest you do a clean install of the operating system.
Format the drive and start fresh.
After that your friend should use anti-virus software to keep from getting them.

 

I second this idea.

 

I third it but who are those girls in your avatar!

 

Take off and nuke it from orbit. It's the only way to be sure

 

Does anyone actually clean computers anymore?
Sometimes (PROBABLY NOT IN THIS CASE) cleaning is more cost effective than reloading. Like when the client has tons of custom software configurations and re-setting up will take hours.
That kid probably does not have anything of value though, and likely got all this crap from using Limewire or Bittorrent, or some other P2P which he does not understand.

 

+1 for clean install.

From your description, it seems the PC is beyond hope.

 

wow thanks guys I want to wipe out windows but he doesn't want to do that..

Oh and he has anti virus, but he let it expire lol.
I looked through his start menu and he has all kinds of stuff like limewire etc.(at this point I don't want to know whats on here... 40year old single mechanic... I just don't want to know.

and he also uses this for banking... I recommend a dual boot with Ubuntu for this guy do bank and 'unknown' activities on linux use windows for compatability.

Avira is starting to find virus's now. going to download that links above and give them a try.

trying to get rid of nortan lol he has a password on it lol.
try and open taskmanager = disabled by admin? wow, this guy really messed this thing up. I think I am going to tray and get rid of this crap from safe mode.

 

You will probably never get it completely clean. I'm sure he doesn't want you to nuke and pave, but you should tell him that if he doesn't, there's no way you can guarantee you cleaned everything off, and he may already have his banking details all over the place as it is due to those viruses.

 

After a year of use with out a anti-virus or firewall my wife's first laptop had 746,891 malware applications and 1362 individual virus. (i memorized the numbers because i actually called people over to the house to see it... i couldn't believe it)

I took it out the the back yard and shot it...

Went to best buy the next day and got her a new one. Now i put nod32 on everything she touches and my hardware firewall has a 32 digit code that only i know. Hopefully that will never happen again.

+1 for wipe the thing and start from scratch

 

I all read told him to check all his credit card and bank account daily and even transferring to new one might not be that bad of an idea.

 

LOL "I took it out the the back yard and shot it... "

 

Even if he has done things with his bank and CC on it what does that have to do with anything? These activities are done online.

 

I know there is no way to completely clean this thing, really, but if I can get it to work for anything but banking I think that's good enough for now.

 

The simple fact that you cannot know whether it's clean should be reason enough for your friend NOT to use it for banking.
Only if you partition the HD and install a linux distro on it also, it will be safe to use (if you can't do a clean Win OS install).

@erwallie; Online banking still involves keyboard input, all these strokes can be monitored (in real-time) by malware as well as the url visited.

 

Sweet. Shotgun?

Set avast or what every antivirus software you're using to scan at bootup. But I agree with everyone else. Either do a clean wipe and install or shoot it. It aint worth the hassle.

 

You need to start over fresh and either be proactive with programs to prevent spyware or use linux so it isn't possible to get the junk.

 

12 gauge with bird shot. IMO the only way to murder a laptop effectively

 

update, something is now trying to unistall Norton for me(thank god).

It has already unistalled spybot... I'd almost thing that this is a hack but I'm not connected!

 

Not as cool as some thermite!

 

Boot in safemode... remove all active scanning devices/real time protection.
Install Trojan-Remover, and run it.
Let it do it's thing. When it's done, go back to safe mode and run Combofix and SmitfraudFix.

 

I have tried cleaning a comp like that , once you think iy's clean something new pops up or it freezes in the next cleaning stage .
best to copy the things he wants saved and wipe it . nor cost effective to clean

 

i would also go with complete rebuild. it is generally not worth trying to remove that much crap. when i build a comp, c: is operating sys, d: is personal (my docs and emails etc), e: is backups (also recommend external) i load clean os and their progs then use acronis true image with safe zone. if they have any probs they just have to press F11 and reload as i left it. time taken to reload their new programs even if they have not kept the backup up to date is minimal and easy. good luck anyway. my 2c