Removing Persistant Viruses

[Crazed Rabbit]

So my parent's computer has become severely infected after my brother disabled virus protection like AntiVir and Ad-Aware, in an effort to speed the several years old computer up.

Now, you can't go anywhere on the internet but virus sites, applications like task manager won't run, etc.

I installed spybot S&D on a flash drive and attempted to run it, but I got an error saying the .exe was infected and wouldn't run. I suspect this is the work of the virus (no **** Sherlock, huh?).

Anyways, I need some way to wipe a computer that can get past that executable block.

Any possibilities?

Thanks,
CR

[LeftEyeNine]

I wonder if Safe Mode could change a thing or two.

[drone]

I wonder if Safe Mode could change a thing or two.

IIRC, you probably won't be able to run from a flash drive in Safe Mode, but you can try it. If you can get your anti-malware installed, definitely run your scans in safe mode. In this age of rootkits and considering the likely state of the machine, you are probably going to have to boot off a CD and scan the drive from there.

[Ironside]

I've seen it mentioned that simply renaming the exe file for spybot S&D might do the trick for it to run (fooling the malware). Never been needing to try it out myself though.

[Crazed Rabbit]

IIRC, you probably won't be able to run from a flash drive in Safe Mode, but you can try it. If you can get your anti-malware installed, definitely run your scans in safe mode. In this age of rootkits and considering the likely state of the machine, you are probably going to have to boot off a CD and scan the drive from there.

There may be some anti-virus software still on (just not running on startup). I had forgotten about safemode.

Do you have a link to more explanation about booting from a CD?

I'll try renaming the exe too.

CR

[Whacker]

If it's as infected as you say, it may be a lost cause. First question is, can it boot from a USB key? There are some linux distributions you can slot onto those and boot from them, leaving your cd/dvd burner free to use as a back up mechanism. This would allow you to mount the HDD and save whatever you wanted to off of it, like bookmarks, documents, etc. Once you've done that and burned them to optical media, you can proceed to blow away the HDD and start from scratch.

[Crazed Rabbit]

Safe mode doesn't work. Renaming the Spybot exe didn't work. Looks like drastic measures may be necessary.

I'm not sure if it can boot from a USB.

EDIT: Still not sure about the USB thing, but it does have two CD/DVD drives, so I figure that should allow for copying of files.

CR

[Xiahou]

So my parent's computer has become severely infected after my brother disabled virus protection like AntiVir and Ad-Aware, in an effort to speed the several years old computer up.

You've probably realized this by now, but that's a pretty horrible idea. If you want to try to speed up a well-used PC, start with a defrag.

You could clean it up some, but really, you'd never know if you got everything or if there was still some malicious software left lurking. If you're going to fly without antivirus software, you should at least have NoScript and AdBlockPlus to protect your browsing a little. I use those plus AVG, and never seem to pick up any malware on my PC. Also, from people I've talked to, AdAware has fallen out of favor somewhat. My friend raves about SuperAntiSpyware.

So anyway, I'm with Whacker. Backup any files that you can't live without, and then format everything and reinstall.

[CrossLOPER]

Get a program to bombard the hard drive with random characters for about ten passes and then reinstall Windows.

[Crazed Rabbit]

Had some luck removing parts of the virus. Task manager will run now, but not spybot.

We got the needed info off, though, so I'll recommend a wipe.

CR

[Sevis]

Get a program to bombard the hard drive with random characters for about ten passes and then reinstall Windows.

Absolutely useless. A reinstall of Windows will remove any active viruses - thus, they will not autorecover themselves - and if anything new creeps up, it'll have an easier time downloading more than it would trying to dig up something you previously formatted away.

[CrossLOPER]

It's general procedure for me.

[Sevis]

It can take hours on a decent-size drive, if not days.

[Major Robert Dump]

I recently had a similar problem on my other PC. I run 3 browsers on that one: explorer for work, mozilla for surfing and flock for downloads. After the infection I ended up buying and installing a new AV (mine was outdated anywyay) but firfox and explorer still cathc an occasional popup or redirect, despite constant scans from multiple AVs.

Funny thing is, flock works fine.

Havent had time to dig around for the cause, but the mere fact that one browser of three works without a hitch means I may be able to narrow down the root of the problem. I want to think the bugger is hiding in a location common to firefox and explorer.

This problem is also affecting my ability to load into MP games, it is sending my CPU and memory usage through the roof. I will get 95% loaded and then just stop.

[miotas]

I find malwarebytes to be a very good virus scanner, and if you are looking to free a bit of space on your computer I would recommend CCleaner.

[Major Robert Dump]

By the way, thanks LEN for the tuneup link, that program kicks butt.

I shut everything down on PC, unplug netwrok and try to run a defrag, don't think I have done one in the 2 yrs I had the other PC. 9 hours later, its still only half way.....I tried shutting down all my unecessary processes to speed it up, but maybe its just taking so long because its the first frag

[LeftEyeNine]