Nightmare

[Lil' Dave]

Yesterday, an acquaintance called asking for help on her PC with XP home
edition installed. She said the screen would flicker sometimes, AND about 4
hours into the XP session, a buttload of windows applications would open.
During this time period, she had no control of the mouse. Then, after a
minute or so she had control again, and could close all these applications.

After about an hour of evaluation by sight and usability found that McAfee's
firewall (free version) was installed, she was using AOL 9.0. There were
many shortcuts on the desktop to online virus scanners and trojan finders.
None of which I've heard of. XP SP2 was not installed. AOL 9.0s online had
McAfee's AV available. Upon downloading and attempting install, found it
would not install because it thought McAfee's AV was already installed (it
was seeing McAfee's firewall software). Furthermose, McAfee's firewall
popup blocker was inadequate as it failed to block many popups. In
experimentation, I opened Internet Explorer. The popup blocker worked very
well with IE. But, cause problems when attempting link to webpages even
there was no evidence of a popup and prevented going to said webpage.
Temporarily allowing popups allowed usage. The children had changed the
Administrator's username. She was unfamiliar with the Administrator's
capacity to assign user ability to delete, remove, or access things in XP.
She was familiar with assigning usernames and passwords.

Went to Pandasoftware.com for its online virus scanner. It found well over
200 virus infected files. Most appeared to reside in the personal internet
cache. Upon approval from my acquaintance, I downloaded the Titanium
version of Panda's AV and went offline. Found I had to disable the McAfee
firewall in able for Panda to complete its installation, AND to not select
the Panda firewall option. Prior to actual installation, I opted for the
installation to scan the entire memory, and hard drives for viruses before
actual installation. It found one more virus and deleted it.

Upon installation of Panda Titanium AV, and reboot, the AV continued to find
and provide either a deletion option, or other for each virus or trojan
find. During the initial reboot, a trojan was found in resident memory. In
many cases, it offered to reboot, which we opted for. This went on for many
hours, and elected that my son take over the process. This morning, I'm
typing this from my home.

My conclusions from the affair, don't used AOL 9.0 and the recent free
McAfee firewall and count on the popup blocker to be effective. Or, to
expect the free McAfee AV to install if that same firewall is installed.
Use the XP SP2 firewall which is already free and widely available. Don't
use a online virus scanner, bug finders etc.unless the company has a
reputation to protect and is generally known by the public. And for
Christ's sake people, install an good AV program.

Later today, I will be moving her personal files to removable media. We
will wipe the hard drive, install XP from scratch, install SP2, install the
Panda Titatium AV, install any further windows critical updates. I've
recommended a more effective popup blocker, and she conceded to its use.
The reason for such drastic measures as we were both unsure of three things:
the possible of existence of any further virus or trojan, the registry
contents that may still enable outside interference from the internet, the
children's as users all needed much work from scratch from the
administrators' viewpoint and we didn't know for sure how badly this was at
this point. The LCD monitor screen flickering was determined to be the
monitor itself. It resolved after ten minutes of warmup.

 

[Steve N.]

Yesterday, an acquaintance called asking for help on her PC with XP home
edition installed. She said the screen would flicker sometimes, AND about 4
hours into the XP session, a buttload of windows applications would open.
During this time period, she had no control of the mouse. Then, after a
minute or so she had control again, and could close all these applications.

After about an hour of evaluation by sight and usability found that McAfee's
firewall (free version) was installed, she was using AOL 9.0. There were
many shortcuts on the desktop to online virus scanners and trojan finders.
None of which I've heard of. XP SP2 was not installed. AOL 9.0s online had
McAfee's AV available. Upon downloading and attempting install, found it
would not install because it thought McAfee's AV was already installed (it
was seeing McAfee's firewall software). Furthermose, McAfee's firewall
popup blocker was inadequate as it failed to block many popups. In
experimentation, I opened Internet Explorer. The popup blocker worked very
well with IE. But, cause problems when attempting link to webpages even
there was no evidence of a popup and prevented going to said webpage.
Temporarily allowing popups allowed usage. The children had changed the
Administrator's username. She was unfamiliar with the Administrator's
capacity to assign user ability to delete, remove, or access things in XP.
She was familiar with assigning usernames and passwords.

Went to Pandasoftware.com for its online virus scanner. It found well over
200 virus infected files. Most appeared to reside in the personal internet
cache. Upon approval from my acquaintance, I downloaded the Titanium
version of Panda's AV and went offline. Found I had to disable the McAfee
firewall in able for Panda to complete its installation, AND to not select
the Panda firewall option. Prior to actual installation, I opted for the
installation to scan the entire memory, and hard drives for viruses before
actual installation. It found one more virus and deleted it.

Upon installation of Panda Titanium AV, and reboot, the AV continued to find
and provide either a deletion option, or other for each virus or trojan
find. During the initial reboot, a trojan was found in resident memory. In
many cases, it offered to reboot, which we opted for. This went on for many
hours, and elected that my son take over the process. This morning, I'm
typing this from my home.

My conclusions from the affair, don't used AOL 9.0 and the recent free
McAfee firewall and count on the popup blocker to be effective. Or, to
expect the free McAfee AV to install if that same firewall is installed.
Use the XP SP2 firewall which is already free and widely available. Don't
use a online virus scanner, bug finders etc.unless the company has a
reputation to protect and is generally known by the public. And for
Christ's sake people, install an good AV program.

Later today, I will be moving her personal files to removable media. We
will wipe the hard drive, install XP from scratch, install SP2, install the
Panda Titatium AV, install any further windows critical updates. I've
recommended a more effective popup blocker, and she conceded to its use.
The reason for such drastic measures as we were both unsure of three things:
the possible of existence of any further virus or trojan, the registry
contents that may still enable outside interference from the internet, the
children's as users all needed much work from scratch from the
administrators' viewpoint and we didn't know for sure how badly this was at
this point. The LCD monitor screen flickering was determined to be the
monitor itself. It resolved after ten minutes of warmup.

Reformatting and reinstalling the OS is rearely needed to clean a system.

Delete Temproary Internet files (including offline content) and cookies.
Start in Safe Mode and run the a/v scan. Also use Spybot Search &
Destroy and Ad-Aware, latest versions and updated, of course. Use the
Immunize feature of Spybot S&D, too.

Getting infected has a lot more to do with on-line habits than what
protection is used.

Steve

 

[Richard Urban]

Suggest dual boot, good boot manager, each O/S on primary DOS partition,
password to choose O/S (she knows kids password - kids do NOT know hers). I
have been setting computers as such since 1993.

Whatever happens on the kids side of the computer will NOT affect her side
of computer. The kids can be dead in the water and Mom can still use her
side.

--
Regards,

Richard Urban

aka Crusty (-: Old B@stard

If you knew as much as you think you know,
You would realize that you don't know what you thought you knew!

 

[Airman Thunderbird]

Or separate even more by getting the kids their own machine.

 

[Miss Perspicacia Tick]

Reformatting and reinstalling the OS is rearely needed to clean a
system.

It is to remove all traces of AOHELL.

 

[Lil' Dave]

It is to remove all traces of AOHELL.

Could not have summarized it better.

Anyhoo, we deleted the entire single partition. Made two partitions, one
for the OS/apps and one for data this time both in NTFS format. Installed
XP, XP SP2, created users and password and desginated only owner as
administrator, installed Panda Titanium AV, then AOL 9.0. Updated Panda's
AV defintions. Rebooted and Panda scanned. It found an AOL file that was
suspect and renamed. AOL does updates at the end of the AOL session which
is believed to be the source. AOL showed no signs of any operability
problems after reboot after file renaming. Found XP Home very lacking of
user control. Since this is the case, and it appeared that the viruses and
trojans were from the internet, I suggested she create a AOL guest logon for
her grandkids. Then use parental controls as part of AOL assets for this
guest. I removed windows messenger from the OS. XP SP2's SecurityCenter is
showing all working But, am not confident in this PC's security at all. My
recomendation was to acquire XP Pro for more control of the users of her PC.
She has 4 adults and 3 grandchildren who use it.

 

[Steve N.]

It is to remove all traces of AOHELL.

Ok. Point taken. Never having dealt with AOHELL I didn't know this.
Thanks Miss PT.

Steve

 

[Kelly]

One point for you, Sarah!

--

All in Fun,
Kelly (MS-MVP)

Troubleshooting Windows XP
http://www.kellys-korner-xp.com