virus infested machine

[Leereemi]

I am pretty good with Windows, but I visited a friend who asked me to try
and clean the virus and worms he has in his system. His machine was so
infested that even if I tried safe mode, I could not get to his desktop.
There were no virus rescue CD's and no way to connect to the Internet to do
a remote scan from Trend Micro House Call.

What does one do when a computer is so infected that you cannot enter the
system to try and remove them.
He also had an out-of-date anti-virus and grandchildren who had a good time
that week downloading everything under the sun.

My normal procedure with a computer that is dirty is to backup whatever data
files I can, then simply reformat and reinstall everything. But what if you
can't access Windows to backup the .doc's, ,jpg's, etc.?

Is there a special CD one can make with the ability to run a virus scan and
spyware scan to get enough of the bugs out of the system to access the
desktop and use the Internet to find specific solutions to stubborn worms,
malware, spyware and viruses?

Thank you.

 

[Malke]

I am pretty good with Windows, but I visited a friend who asked me to try
and clean the virus and worms he has in his system. His machine was so
infested that even if I tried safe mode, I could not get to his desktop.
There were no virus rescue CD's and no way to connect to the Internet to do
a remote scan from Trend Micro House Call.

What does one do when a computer is so infected that you cannot enter the
system to try and remove them.
He also had an out-of-date anti-virus and grandchildren who had a good time
that week downloading everything under the sun.

My normal procedure with a computer that is dirty is to backup whatever data
files I can, then simply reformat and reinstall everything. But what if you
can't access Windows to backup the .doc's, ,jpg's, etc.?

Is there a special CD one can make with the ability to run a virus scan and
spyware scan to get enough of the bugs out of the system to access the
desktop and use the Internet to find specific solutions to stubborn worms,
malware, spyware and viruses?

You can create a Bart's PE with antivirus plugins to do a scan, but
honestly I wouldn't bother. If the machine is as infected as you say,
the probability is very high that 1) the OS is too damaged to ever work
right; 2) the malware may not be cleanable.

I would back up the data by using either a Bart's PE or Knoppix and then
flatten the system. Make sure you scan the backed up data with a current
version AV using updated virus definitions before you put it back onto
the clean system.

Here's how to use Knoppix to retrieve the data:

You will need a computer with two cd drives, one of which is a cd/dvd-rw
OR a usb thumb drive with enough capacity to hold your data OR an
external usb/firewire hard drive formatted FAT32 (not NTFS). To get
Knoppix, you need a computer with a fast Internet connection and
third-party burning software. Download the Knoppix .iso and create your
bootable cd. Then boot with it and it will be able to see the Windows
files. If you are using the usb thumb drive or the external hard drive,
right-click on its icon (on the Desktop) to get its properties and
uncheck the box that says "Read Only". Then click on it to open it. Note
that the default mouse action in the window manager used by Knoppix
(KDE) is a single click to open instead of the traditional MS Windows'
double-click. Otherwise, use the K3b burning program to burn the files
to cd/dvd-r's.

http://www.knoppix.net
http://www.nu2.nu/pebuilder/ - Bart's PE Builder

http://michaelstevenstech.com/cleanxpinstall.html - Clean Install How-To
http://www.elephantboycomputers.com/page2.html#Reinstalling_Windows -
What you will need on-hand


Malke

 

[Detlev Dreyer]

What does one do when a computer is so infected that you cannot enter the
system to try and remove them.

"Cleaning a Compromised System"
http://www.microsoft.com/technet/community/columns/secmgmt/sm0504.mspx

 

[Leereemi]

Thank you both for your help. This confirms my resolve to reformat and
reinstall his operating system, and fortunately, he has no important data
saved on the other computer.

Much appreciated guys!



I am pretty good with Windows, but I visited a friend who asked me to try
and clean the virus and worms he has in his system. His machine was so
infested that even if I tried safe mode, I could not get to his desktop.
There were no virus rescue CD's and no way to connect to the Internet to do
a remote scan from Trend Micro House Call.

What does one do when a computer is so infected that you cannot enter the
system to try and remove them.
He also had an out-of-date anti-virus and grandchildren who had a good time
that week downloading everything under the sun.

My normal procedure with a computer that is dirty is to backup whatever data
files I can, then simply reformat and reinstall everything. But what if you
can't access Windows to backup the .doc's, ,jpg's, etc.?

Is there a special CD one can make with the ability to run a virus scan and
spyware scan to get enough of the bugs out of the system to access the
desktop and use the Internet to find specific solutions to stubborn worms,
malware, spyware and viruses?

Thank you.

 

[Leythos]

Is there a special CD one can make with the ability to run a virus scan and
spyware scan to get enough of the bugs out of the system to access the
desktop and use the Internet to find specific solutions to stubborn worms,
malware, spyware and viruses?

Dave Lipman's tools:
Download MULTI_AV.EXE from the URL --
http://www.pctipp.ch/ds/28400/28470/Multi_AV.exe

When I clean a machine for a residential user I always use David's
Multi_AV since we can download it, updated all 4 scanners, burn then to
CD and run it in safe mode on the infected computer.

Now, my personal belief is that you can NOT ensure a clean machine, only
the appearance of a clean machine - wipe/reinstall in a clean
environment is the ONLY solution that I personally Certify as clean.

--

Leythos
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
(e-mail address removed) (remove 999 for proper email address)

 

[Leereemi]

You all have confirmed the way I do things with my clients as well. I just
wanted to make sure that I have not missed anything "amazingly cutting edge"
in our lightning fast technology.

I always delete the partition, create a new one, then format using fdisk.
Best remedy in the world and the person is off to a new start on a new hard
drive surface.

www.tctu.com

the Orbster aka Lee

Is there a special CD one can make with the ability to run a virus scan
and
spyware scan to get enough of the bugs out of the system to access the
desktop and use the Internet to find specific solutions to stubborn worms,
malware, spyware and viruses?

Dave Lipman's tools:
Download MULTI_AV.EXE from the URL --
http://www.pctipp.ch/ds/28400/28470/Multi_AV.exe

When I clean a machine for a residential user I always use David's
Multi_AV since we can download it, updated all 4 scanners, burn then to
CD and run it in safe mode on the infected computer.

Now, my personal belief is that you can NOT ensure a clean machine, only
the appearance of a clean machine - wipe/reinstall in a clean
environment is the ONLY solution that I personally Certify as clean.

--

Leythos
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
(e-mail address removed) (remove 999 for proper email address)