Help me fix a friend's computer
January 29, 2009 10:32 AM   Subscribe

Can you help me clean up my friend's computer?

Just talked on the phone with her so far, but it seems her computer is so filled with adware and/or viruses that FireFox won't connect, and system restore will open but not operate--even from safe mode. Do I take her a CD with NOD32, Ad-Aware, and Hijack This, then run them from the CD drive? What's the best way to proceed? She's running XP.
posted by weapons-grade pandemonium to Computers & Internet (17 answers total)
 
Nuke it from orbit. It's the only way. Once stuff like that gets into the registry there's no way to ensure that you've rooted them all out.

I love my XP laptop but ALWAYS keep important files (and a "restore list" of things I like to have installed) at another location because sooner or later it always horks on adware.
posted by Aquaman at 10:37 AM on January 29, 2009


I agree. It's a fruitless pursuit to try and remove all the spyware. Rebuild the machine to a new hard drive, connect the old one, move over all necessary files, run over old HD with a steamroller.
posted by orville sash at 10:46 AM on January 29, 2009


I'd wipe it IF you have a valid XP product key to use on it. If you don't or you're not sure, use a two-pronged attack of Ad-Aware (free) and Tune-Up Utilities 2009 (free trial). Those two have worked on pretty much everything I've used them on.
posted by JuiceBoxHero at 10:50 AM on January 29, 2009


If you decide not to nuke the thing, you can likely fix a lot of it but it'll take some work. Starting up in safe mode is a good idea to (hopefully) minimize the number of problems. I worked on a machine a few weeks ago loaded with spyware and after doing some research found Malwarebytes to be pretty much the only thing to get rid of some of the applications (http://www.malwarebytes.org/mbam.php). The free version is very effective and managed to catch things that Ad-Aware didn't; it came highly recommended to me for what it's worth.

If you can, try researching the individual virus/spyware symptoms on another system. Googling them will generally result in manual removal methods which may at least allow for a temporary reprieve to run some scans. It's a pain in the ass to go hunting for files, though. Be careful when editing the registry, too. You may need to unregister specific .DLL files, which isn't difficult provided you still have access to the dos prompt.

If you're having problems running or installing some anti-virus or anti-spyware programs, you may have to use some strange workarounds like renaming the install file, the installation folder, or even the program itself. When I was getting rid of one particular virus, I had to rename the anti-malware .exe to a .bat to get it to run.

Hope that helps.
posted by HonorShadow at 11:03 AM on January 29, 2009


Unless you're trying to woo this girl, you've just signed on for hours of drudgery.

My advice: don't be a sucker. You don't know how to do this, she doesn't know how to take care of a computer.

There are dozens and dozens of identical askme's on this very topic. Read through all those, and realize that this is a futile quest.
posted by unixrat at 11:22 AM on January 29, 2009 [2 favorites]


When I was cleaning up a similar mess on my mom's computer a few weeks back, a bootable UBCD4Win disc was the only thing which enabled me to clean things up well enough that I could run Malwarebytes and other anti-spyware problems to finish off the problem. (Even then I had to run multiple scans with each program until they found everything.)
posted by tdismukes at 11:52 AM on January 29, 2009


Best answer: Yeah, just be prepared to run these programs again and again for weeks. I used a combination of about 3 or 4 of them suggested on previous askme's when I got the heebie jeebies from a flash drive and my system restore was wiped out.

I tire of all the nuke from orbit suggestions. That's nice and all, but kind of like a bunch of mechanics just telling someone to buy a new car when their car breaks down and won't run. The only abundance of currency a lot of us have is time, not money. I think anybody who goes to do this stuff understands that the computer is not going to come out all spic and span with a sparkly shine. If it doesn't get fixed, then the option is obvious. But until then, try all the programs suggested in previous askmes that seem like they'll help correct the behavior you've witnessed.

Just do it in stages. Clean, scan, delete, reboot, rinse, repeat. It will take a long time and you'll see a lot of error messages and it'll be a pain, and you'll probably need 2 or 3 programs to do it, but good luck.

That said, there are some cool new processors on the horizon, so if you do have to tell her to drop it off a building, check into the newest stuff, and as someone alluded to earlier, get her to change her browsing/download/cleanup habits. At least she was using Firefox.
posted by cashman at 1:43 PM on January 29, 2009


I run sessions sometimes where we make students clean spyware off their laptops. 2 hour sessions regularly run into 3 or even 4 nightmarish hours. Maybe help your friend but if you don't get anywhere soon, tell them to get all their files off the computer, get disks with the applications they're using, and Windows XP. Then help out reinstalling, format the drive during the normal install, put stuff back on (drivers in case of laptops - use original Windows install CD that came with laptop or download), and install the NoScript addon for Firefox. Or use your time for something more productive...
posted by yoHighness at 2:34 PM on January 29, 2009


Best answer: I second what cashman had to say, particularly about the tired old "nuke it from orbit" suggestions.

If you do decide to rebuild, though, partition her hard drive (depending on how large it is, of course) - one section for the O/S only, another for program files, another for data. I've done this for a lot of friends/family who constantly jack up their PCs, and it makes fixing them a lot easier.
posted by HopperFan at 2:51 PM on January 29, 2009


You can also try PE Builder (with plugins) or a Linux live CD with built-in tools to clean off the drives without booting the original OS, since many viruses and trojans start from there anyway. (Maybe that's what you were suggesting in the OP anyway.)

HopperFan's partitioning suggestion is one I also try to do for people whenever possible... although installing a second completely separate HDD is actually best for OS+programs and then data. Small HDDs are pretty cheap these days, particularly for old systems.

Also, on XP, it's possible that she may have early Restore Points from which you can start with the cleanup, assuming she didn't actually try to install anything important in the interim.

And once you do get everything running, be sure to lock down as many things as you can so it doesn't get messed up again: Firefox protections, Windows freezing apps, AV, other anti-malware, firewall, a separate XP user account without installation rights, etc.
posted by Ky at 3:36 PM on January 29, 2009


I've been where you are several times... get ready for this to suck.

I've also tried both approaches... I've "nuked it from orbit", and I've run a million and one apps (over a period of weeks) to clean & repair the machine.

I will tell you that starting over... pulling all personal files off the old drive and re-installing the OS... will take about 1/3rd of the time and will save you much stress. I have spent hours & hours working to fix an infected machine, only to have to eventually nuke it... and then wished like hell I'd just done that to begin with.

If her "System Restore" is disabled... that means that this is a baddie. Unless you have some experience with these things or find it challenging & fun, you may not wanna tangle with a Supervillian virus right off the bat.
posted by BobFrapples at 3:52 PM on January 29, 2009


Jeez, if you don't like the "nuke it from orbit" phrase, come up with a better one. What do you have against Sigourney Weaver, anyway? Fucking classic movie.

I didn't mean toss the drive, just wipe it down to zeros and reinstall. Doesn't cost any more than fruitlessly flailing at it for hours with stacks of spyware removal software.

I too have spent nightmarish stretches of time trying to avoid the inevitable, but each and every time, I wished I had just wiped it and reinstalled at the start, cuz that's what I ended up doing anyway.
posted by Aquaman at 4:44 PM on January 29, 2009


OK, I can do that - "nuke it for morbid," cunningly suggested by our very own scarabic.
posted by HopperFan at 5:43 PM on January 29, 2009


I tire of all the nuke from orbit suggestions. That's nice and all, but kind of like a bunch of mechanics just telling someone to buy a new car when their car breaks down and won't run.

A false analogy. When a car has a busted block, a trashed transmission, four flat tires, and was burned to a crisp, then yes, it is time to buy a new car. If you've never formatted a hard drive before, then it's a useful thing to learn. And, heck, it's easy. All you have to really worry about is saving important files off the computer now onto an external drive, or even an online service like Dropbox.

From your favorited answers, it seems you like the idea of cleaning the thing bit by bit (literally), but I would suggest against this, and would say, yes, nuke it from orbit. Because you can scrub and scrub and scrub but never be sure you've got all the dirt out.
posted by zardoz at 7:21 PM on January 29, 2009


Because you can scrub and scrub and scrub but never be sure you've got all the dirt out.

Is this true? Can potentially harmful malware survive a full zero write and clean install?
posted by Aquaman at 10:33 PM on January 29, 2009


Aquaman, it's possible - if there's a virus hiding in the boot sector - but not likely. In over 15 years, I've only seen this once.

Zardoz, doing all the spyware cleaning is also a useful learning process. Most people end up just wiping the drive, true, but it makes them feel better to try - and sometimes it works.

In addition, I think the over the top "nuke it from orbit" solution that was compared to just getting a new car was "run over old HD with a steamroller."
posted by HopperFan at 6:45 AM on January 30, 2009


I just went through this with a friend's computer. It took three people two weeks to see that it was useless to try to scan and re-scan. We kept getting errors, no matter what combination of anti-virus and spyware/maleware detection programs we were using. In the end, it was a lot faster (and less frustrating) to back up their files and re-install the OS from the restore disk. It bites to have to reinstall all the support packs, but at least you get nice, fresh drivers for your system and everything feels a bit faster.
posted by parilous at 3:47 PM on January 30, 2009


« Older Who was the artist who learned to draw hands...   |   Should I bring the engagement ring? Newer »
This thread is closed to new comments.