what should I bring with me
hey looking for some ideas on what ot bring with me on a support call for the gf's cousin.
he downlaoded some trojan off of msn and can't get back online
so far I'll bring
ERD commander 2005
avg
spy bot
hijackthis
what else would be a good resources for this... I'm pretty sure that the trojan jsut messed up IE not TCP/IP but with out know trojan I have no way to tell
I think I might even bring firefox 2.0 an see if I can get online with it
he downlaoded some trojan off of msn and can't get back online
so far I'll bring
ERD commander 2005
avg
spy bot
hijackthis
what else would be a good resources for this... I'm pretty sure that the trojan jsut messed up IE not TCP/IP but with out know trojan I have no way to tell
I think I might even bring firefox 2.0 an see if I can get online with it
Comments
-
royal Member Posts: 3,352 ■■■■□□□□□□ad-aware
trend micro free online virus scan - just google for free online virus scan.“For success, attitude is equally as important as ability.” - Harry F. Banks -
seuss_ssues Member Posts: 629I clean several a week.
Be sure and turn system restore off.
Adaware
pest patrol
spybot s&d
hijackthis
avg
and trend micro of panda scan
that will clean 99% of the malware problems out there.
And be sure and update all those programs before scanning, and update windows too. -
JDMurray Admin Posts: 13,101 AdminHas anyone tried installing all of the usual free A/V and Spyware scanners on a Windows XP bootable USB drive so you can clean the infected hard drive without actually booting off of it? I've always wanted to try this, but have never gotten around to doing it.
-
keatron Member Posts: 1,213 ■■■■■■□□□□I've wanted to try it as well, but usually when a family member calls me to do this (if I can find the time), I usually take their hard drive, slave it to another machine, then run the scan from there on the drive with it running as a slave.
-
Smallguy Member Posts: 597I ended up formatting the machine after a a few hours of running tools and found 7 viruses and wasstill not able to browse by FQDN
so I bit the bullet and formatted -
JDMurray Admin Posts: 13,101 Adminkeatron wrote:I usually take their hard drive, slave it to another machine, then run the scan from there on the drive with it running as a slave.
Hmmm...maybe it's better just to an external EIDE/USB drive for cleaning rather than just a USB thumb drive. I should give that a try first. -
keatron Member Posts: 1,213 ■■■■■■□□□□jdmurray wrote:keatron wrote:I usually take their hard drive, slave it to another machine, then run the scan from there on the drive with it running as a slave.
Hmmm...maybe it's better just to an external EIDE/USB drive for cleaning rather than just a USB thumb drive. I should give that a try first.
JD I think we should write something to solve this problem. -
jescab Inactive Imported Users Posts: 1,321I just cleaned a computer that had 27 viruses, it had been hijacked so many times that the hijacking sites were fighting each other and thousands of spyware/malware. NO JOKE - this was the wrose I have ever seen a computer infected.GO STEELERS GO - STEELERS RULE
-
RussS Member Posts: 2,068 ■■■□□□□□□□jdmurray wrote:Has anyone tried installing all of the usual free A/V and Spyware scanners on a Windows XP bootable USB drive so you can clean the infected hard drive without actually booting off of it? I've always wanted to try this, but have never gotten around to doing it.
I did have a subscription for the Avast bootable CD and thought that it was an awesome tool. However now that I am not so much involved in virus/spyware cleansing of clients PCs I discontinued as it is rather expensive.
Currently I am using the UBCD for Win and follow a particular methodology.
Boot to CD and empty Temp and Temp Internet folders in the user profiles - empty Temp and Prefetch folders in the Windows directory - remove unknowns out of Downloaded Program Files folder.
Start up remote registry editor and check
HKCU/Software/Microsoft/Windows/CurrentVersion/Run and
HKLM/Software/Microsoft/Windows/CurrentVersion/Run (plus the other run entries) and look for and delete any entries that should not be there. Use the browser on the CD to Google for anything youu are unsure of.
Next I run an online scan from Trend Micro (have a business partnership there) and then an online scan from ewido.
Reboot machine and run Disk Cleanup, then run Windoctor.
After that I run an online scan from SYmantec.
Always finish with ScanDisk and Defrag before returning to client.www.supercross.com
FIM website of the year 2007 -
seuss_ssues Member Posts: 629You should check out Bart PE. It is a bootable windows environment and its free.
I have been meaning to make a Bart PE disk with all of the utilities that i frequently use.
You would have to load the machines registry files into the environment or else your cleaners wouldnt be able to access it to clean them.
Other than that should work great.
Anyone tried it? -
sprkymrk Member Posts: 4,884 ■■■□□□□□□□Smallguy wrote:hey looking for some ideas on what ot bring with me on a support call for the gf's cousin.
he downlaoded some trojan off of msn and can't get back online
Format, fdisk, WXP CD.
I honestly don't usually waste my time, especially with business customers. If a machine has been compromised by a trojan/virus/spyware, I'll back up whatever data is most important and blow the rest away. Format/reinstall is the only way to go on a compromised computer because you just never can be entirely susre it's clean. Even with someone's home computer it's the best bet (IMHO). I have found that it takes almost as long to really clean and repair a spyware/virus infested computer as it does to just reinstall.
My 2 cents.All things are possible, only believe. -
JDMurray Admin Posts: 13,101 Adminkeatron wrote:JD I think we should write something to solve this problem.
Another wrinkle is every time Windows booted and saw new hardware, it would increment its "hardware has changed" counters and eventually require reactivation. I know the trick to backup and restore the wpa.dbl file to undo the counters, but I'd rather not hack Windows to the point of violating the EULA.
And yes, I know a great bootable OS alternative is Knoppix, but I've never researched what are the best scanning/cleaning/repairing/defragging/backup tools available for Linux, and how they compare in effectiveness to the same tools available for Windows. It would seem that the same tools would be either more expensive or non-existent. I'll have to search to see if anyone has already put together a Linux distro to make a bootable, updatable cleaning drive.