Infested Computer...

Rubber Bullets · Jul 22, 2006

Hi,

I'm on holiday staying with my sister in Scotland (driving carefully of course).

She has a Dell PC, about a year old that neither She nor her children (all in early 20s) know much about. They do all use it however and it was infested with spyware and other undesireable shite.

It has taken me the best part of 5 hours to rid it of all the crap, but I think it is done now.

AdAware that I use at home was my first call and that found 104 critical objects but removing these didn't actually help at all and so I moved on to SPybot search and destroy and lastly Prevx1 which was required to remove the last nasty. On teh way I went via something called SmitfraudFix, which did a good job on 1 problem.

Mostly it was popups and false positive security warnings that were the problem.

The computer is running McAfee security including firewall antivirus etc, but this has clearly not helped with these things.

I am considering installing Firefox along with adblock etc, will this help? The only other thing they have a tendancy to use is MSmessenger. I hate this and always remove it from my own machines, but I guess if they're careful it should be OK.

What is the most likely route of all this crap on their PC? I never get any of it so it was all new to me. I get odd bits of spyware that AdAware deals with of course but not all the really nasty stuff.

None of them are particularly big e-mail users so this seems a less likely route.

Thanks

RB

Trem · Jul 22, 2006

Get Mozilla on asap, IE is the most likely route for spyware.

Check in the ad/remove programs bit as well luv, remove anything that says its an assistant etc, you know the things I mean.

People clicking yes to stuff causes most problems.

So so important to get Mozilla on her pc, I even change the Mozilla icon on works pc's to the IE icon so it doesn't upset people too much using a different browser.

Please give 2 fingers to any coppers while you are up there will ya Tim?

That must of been a fair old drive.

Kryten · Jul 22, 2006

I've done this countless times and use pretty much the same routes of repair. I do often have to do some registry diving and manually killing anything out of sorts, googling for anything I'm unsure of.

The worst cause of this is easily humans themselves : particularly women and children. Banners, ads at the bottom of emails sent by their friends for smileys/emoticons, free videos etc are the worst culprits - and these are the folks likely to click them thinking "oooh, cute". Check the email usage without being to nosey if they are there and see if those are installed.

Also the kids are likely to have installed p2p softwares and the likes, themselves likely to be riddled with malware.

The worst things are popups on websites "Your computer is infected" or funnily "Your computer is broadcasting an IP address which means you can get hacked!" A very large proportion of unwise/untutored users will happily think "Shit" and click away - infesting themselves with stuff the ads claim to fix.

Mozilla/firefox will be the most basic start as Trem said. It may be worth trying to get Thunderbird on too if they can get on with it, although in many cases such folks are using AOL, Yahoo or the likes for their email.

TdC · Jul 22, 2006

*PLEASE* don't let them run their accounts as administrator or power users

sure, it's a pain at first, but flash and java (shudders), divx codecs and quicktime (if it's not in a codec pack) can both be installed before active use and that's about all you need to have done. after that it's happy surfing with a non-privileged account.

Rubber Bullets · Jul 22, 2006

Thanks for the info guys, pretty much as I thought, but it's nice to have confirmation.

I'll load up Firefox asap, the change of icon shouldn't faze them.

The kids are only home occasionally from uni etc, but it's enough to do the damage.

Would quite like to use Thunderbird too, again it's not too difficult, but they really don't use e-mail much.

Trem said:
Please give 2 fingers to any coppers while you are up there will ya Tim?

If I find myself behind any of their backs I will

Trem said:
That must of been a fair old drive.

We took the sensible option and flew this time. From us to here is over 13 hours driving and so is pretty much a 2 day thing.

B&B with a 5 year old is not something to be undertaken lightly and so we flew Bristol to Inverness.

Less than a days travel saves us 2 whole days of holiday, brilliant

See you soon

RB

Rubber Bullets · Jul 22, 2006

TdC said:
*PLEASE* don't let them run their accounts as administrator or power users

sure, it's a pain at first, but flash and java (shudders), divx codecs and quicktime (if it's not in a codec pack) can both be installed before active use and that's about all you need to have done. after that it's happy surfing with a non-privileged account.

Someones gotta have one

, I'm 13 hours away, (or quick flight see previous post

) I can't be an administrator. Will certainly take those privelidges away from my nephews though, they probably won't even notice.

RB

Lazarus · Jul 22, 2006

where in scotland are you RB?

Rubber Bullets · Jul 22, 2006

Lazarus said:
where in scotland are you RB?

Banff.

nath · Jul 22, 2006

Also, get Windows Defender. It's alright and runs in the background to actively stop spyware.

Plus, download HijackThis and run it in safe mode - it'll show you a list of services and BHO's (browser help objects) and let you remove them. You'll often find that spyware installs itself as a BHO and HijackThis is a very handy tool to remove the fuckers.

SAS · Jul 23, 2006

Also ensure the latest windows patches are installed. Is service pack 2 installed? Had a similar problem with my gf's friends laptop full of spyware and most of it appeared to take advantage of one of many windows / IE holes.

nath · Jul 23, 2006

Unless you're behind a NAT firewall, SP2 is an absolute must.

I once installed XP with only SP1, went online with a shitty USB ADSL modem and tried to download the updates - before I had a chance the thing was infested with spyware that simply placed itself there due to exploits (I logged on to the net with a fresh XP install then went to update.microsoft.com and that's it). The spyware that was installed was actually stuff that refused to be removed - infuriating shite.

In the end I had to format/reinstall - get SP2 on a cd and install that before I went online then it was safe. Ngh.

Tom · Aug 6, 2006

Spyware Doctor is about the best removal tool I've found. Of course you have to pay for it, but where theres a will theres a way.

WPKenny · Aug 7, 2006

Rubber Bullets said:
Banff.

OMG! IT'S NIGHTCRAWLER TO THE RESUCE!!

I've recently installed AVG Free and Ewido anti-spyware (free edition) and they seem to be doing a good job. AVG found stuff that NOD32 had missed after I clicked on a link I shouldn't have (It was late, I was tired, I would never usually yada yada).

http://free.grisoft.com/

Trem · Aug 7, 2006

WPKenny said:
OMG! IT'S NIGHTCRAWLER TO THE RESUCE!!

I've recently installed AVG Free and Ewido anti-spyware (free edition) and they seem to be doing a good job. AVG found stuff that NOD32 had missed after I clicked on a link I shouldn't have (It was late, I was tired, I would never usually yada yada).

http://free.grisoft.com/

Ewido is a great piece of software. I am rapidly going off Nod32.

Infested Computer...

Rubber Bullets

FH is my second home

Trem

Not as old as he claims to be!

Kryten

Old Cow.

TdC

Trem's hunky sex love muffin

Rubber Bullets

FH is my second home

Rubber Bullets

FH is my second home

Lazarus

Part of the furniture

Rubber Bullets

FH is my second home

nath

Fledgling Freddie

SAS

Can't get enough of FH

nath

Fledgling Freddie

Tom

I am a FH squatter

WPKenny

Resident Freddy

Trem

Not as old as he claims to be!

Users who are viewing this thread