Virus/spyware

[Sam05]

Hello.
My computer has been infected with a virus that changed all my configuration
settings, removed all programs from the start menu, makes the C:/ partition
invisible, and does not allow me to access virus removal software, or system
restore. I keep receiving messages "from a self installed program" that my
computer is infected and needs to be scanned by various programs eg., Privacy
protector, spyware protection, error cleaner, all of which have been
self-installed on my computer and keep connecting to the internet to bring me
more ads about virus protection.
Can anybody help me, please.
Thanks, Sam.
P.S. I tried a windows recovery disk that contains many antivirus and
antispyware programs but they did not detect anything.

 

[Carey Frisch [MVP]]

Once your PC is infected with a computer virus or worm, your
computer becomes compromised and nothing less than a reinstallation
of the operating system is going to work. Yes, you can try
to scan and eliminate the initial virus, but you generally
cannot undo the damage caused by the virus to the system
files. You'll need to reformat your hard drive and then
reinstall your Windows operating system.

Clean Install Windows XP
http://www.michaelstevenstech.com/cleanxpinstall.html


After restoring your system, consider installing a good
antivirus program, such as Windows OneCare. You can
try it absolutely FREE for 90 days.
http://onecare.live.com/standard/en-us/default.htm


--
Carey Frisch
Microsoft MVP
Windows Desktop Experience -
Windows Vista Enthusiast

---------------------------------------------------------------

Hello.
My computer has been infected with a virus that changed all my configuration
settings, removed all programs from the start menu, makes the C:/ partition
invisible, and does not allow me to access virus removal software, or system
restore. I keep receiving messages "from a self installed program" that my
computer is infected and needs to be scanned by various programs eg., Privacy
protector, spyware protection, error cleaner, all of which have been
self-installed on my computer and keep connecting to the internet to bring me
more ads about virus protection.
Can anybody help me, please.
Thanks, Sam.
P.S. I tried a windows recovery disk that contains many antivirus and
antispyware programs but they did not detect anything.

 

[Malke]

Hello.
My computer has been infected with a virus that changed all my
configuration settings, removed all programs from the start menu, makes
the C:/ partition invisible, and does not allow me to access virus removal
software, or system restore. I keep receiving messages "from a self
installed program" that my computer is infected and needs to be scanned by
various programs eg., Privacy protector, spyware protection, error
cleaner, all of which have been self-installed on my computer and keep
connecting to the internet to bring me more ads about virus protection.
Can anybody help me, please.
Thanks, Sam.
P.S. I tried a windows recovery disk that contains many antivirus and
antispyware programs but they did not detect anything.

I don't usually agree with Carey Frisch on this issue because I don't think
the first thing you do on an infected machine is flatten it, but in this
case he and I are in complete agreement. Your machine is too badly
compromised to save. If you haven't backed up your data, you can do it from
a Linux Live CD or a Bart's PE. Make sure you scan anything you save with a
current version antivirus using updated definitions before you put it back
onto a clean system.

After your data is safe, do a clean install of Windows.

http://michaelstevenstech.com/cleanxpinstall.html - Clean Install How-To
http://www.elephantboycomputers.com/page2.html#Reinstalling_Windows - What
you will need on-hand

Malke

 

[Kayman]

On Thu, 19 Jun 2008 16:31:36 -0700, Malke wrote:

... I don't think the first thing you do on an infected machine is
flatten it, but in this case he and I are in complete agreement.
Your machine is too badly compromised to save.

<snip>

When should one flatten and when should one use AV scanner(s)? What is your
criteria, please?

 

[Malke]

On Thu, 19 Jun 2008 16:31:36 -0700, Malke wrote:


<snip>

When should one flatten and when should one use AV scanner(s)? What is
your criteria, please?

Sorry but can't give you a definitive answer. It depends on what the
computer is infected with. You also reference "AV scanner(s)" and AV is
only part of the story. Non-viral malware can be just as invasive and
destructive as viruses.

Malke

 

[Kayman]

While this is no a popular answer, the answer is really simple, at least
based on the question:

When should one flatten?

Any time a computer is compromised it's been compromised because the
user doesn't know enough about security, about keeping safe. With that
in mind it means that they are also not going to know enough about
cleaning it or if it was actually cleaned.

We can all accept the fact that no single tool cleans all malware.

We can all accept that 0-day exploits are not detected nearly as well as
we would like.

We can all accept that there is no way for a "typical" user to be sure
their system is 100.0% clean of malware.

So, the proper answer to the question is, one should always flatten
their compromised system, rebuild in a clean environment from clean
media, and while doing so, they should learn about safety.

To prove the point, having seen many residential systems that are
compromised, I can assure you that after the second or third time they
have to rebuild their computer that they get tired of the down-time and
learn about keeping safe, at least the ones capable of learning do.

So, yes, it's not popular, but, there is no single tool that can provide
a 100.0% guarantee that a system is clean.

Alright then. Taking into consideration that nothing is 100% or perfect on
this planet; If I understand you correctly than there is really no room for
virus removal procedures such as recommended by Malke (page2), Bleeping
Computer and/or David's Multi-AV.
Is it *really* that cut and dry?
If so, I am rather surprised that (IMO) procedures to rebuild the OS are
not very well communicated to the average homeuser. And, for the average
homeuser, rebuilding OS is probably too technical to comprehend/implement.
It seems, if somebody could come up with a (relative) simple procedure to
flatten/rebuild an OS (like: click, click, click - done ), AV scanners
could be rendered obsolete and superfluous. BTW, I am not suggesting that
flattening/rebuilding OS is complicated for the experienced user).