Well that shouldn't happen...
November 17, 2011 11:09 PM   Subscribe

Help me fix an infected PC and prevent it from getting reinfected?

I'll be heading home for Thanksgiving next week and as usual I'm the "computer guy" there to fix everything. After talking to my mom and hearing about the problems she's had (not seeing her computer at all, of course) it sounds like she's got something nasty on her Vista machine and I want to do what I can to help fix it while I'm back. From everything she's told me, I'm thinking the best course of action is just formatting and starting from scratch, which I'm happy to do, but the only issue is her few files that she doesn't want to lose (mostly Word docs, etc.; not a lot of data, but she's never kept a clean backup of anything). She wants to transfer those files to an external so we can copy them back, but I'm worried about the potential risk of reinfecting her computer by transferring anything over. Is this a serious concern or should I just be worried about system files? I'll admit that I mostly work with Macs these days and haven't been very familiar with Windows in a decade, but I've just heard enough horror stories that I don't want to expose her to any unnecessary risk if I can help it. Any advice is appreciated.
posted by fishmasta to Computers & Internet (5 answers total) 3 users marked this as a favorite
 
Best answer: Check out deezil's profile. He keeps it up to date, too. Good stuff.
posted by iconomy at 11:15 PM on November 17, 2011 [2 favorites]


Use Combofix. Viruses on Vista are super annoying and incredibly time intensive to fix on your own. Just make sure you follow Combofix's instructions to the t unless you want some sort of computer implosion.


Another option: Do you have a Mac handy with you? Assuming your mom doesn't have a lot of data, you could pop out the hard drive/transfer files over to the Mac and use that to scan for viruses.
posted by astapasta24 at 11:20 PM on November 17, 2011


the only issue is her few files that she doesn't want to lose (mostly Word docs, etc.; not a lot of data, but she's never kept a clean backup of anything). She wants to transfer those files to an external so we can copy them back, but I'm worried about the potential risk of reinfecting her computer by transferring anything over. Is this a serious concern or should I just be worried about system files?

There are some dangers with connecting a USB flash drive or an external HDD to an infected PC, depending on what sort of malware you're dealing with, so it would be best to avoid it if possible. As you say, you don't want the virus to hitch a ride onto the new installation.

To avoid moving anything apart from the files you want, you could upload them to an online storage space (since you say there isn't a lot of data) like Dropbox. Another option would be to boot the machine from a live Linux CD distribution and copy the files onto the external storage from there. Both of those approaches should result in you having only the files you want.

That only leaves you with the danger that those files themselves are infected. Word documents are, afaik, not a major vector these days, except possibly in terms of spear phishing attacks and I'm assuming your mum isn't a Tibetan exile. However, if you want to be really safe, you could save them all in rtf format and transfer them like that. Personally, I wouldn't bother, I'd just ensure that the new installation was thoroughly patched and had the latest virus/malware signatures.
posted by Busy Old Fool at 2:52 AM on November 18, 2011


Best answer: Step 1: Create a bootable USB drive or CD (preferrably CD). Ubuntu will do, or UBCD, Knoppix, Bart etc.

Step 2: Boot the infected computer off of the Live CD or USB drive. Transfer documents to the portable drive. It is important that if using USB, also check for autorun.inf in the root of the boot and target drives (show hidden). This will be one of only two ways you would risk re-infection.

Step 3: Once the factory restore of the PC is complete, download and install Security Essentials prior to copying the documents back over. (remove any factory Anti-virus beforehand, especially if Mcafee or Norton...very ineffective products). This should help in small chance the documents themselves have macro viruses. However the chances are very slim.

You also might want to check my profile for tips on how to secure her computer so the chances of accidently installing another malware program that requires a wipe/reload is greatly reduced.

Other things that could help:

- If you cannot create a bootable CD, you can instead boot off the Windows installation CD and press Shift+F10 once it is in the gui. This will give you a command prompt where you could copy files or dig around and delete the infected ones.

- GMER and TDSSKiller are two very good rootkit finders (in TDSSKiller go under the advanced options and have it scan for tdlfs as well as unsigned device drivers). Usually once the rootkit is removed, Hijackthis and Malwarebytes can effectively help remove any trojan dropper or fakealert from there. Just something to consider if redoing from scratch becomes daunting. Use Combofix as a last resort....it works well...but is like a heavy shot of anti-biotics and can sometimes go bad.

- If Deezil doesn't see this thread and you'd like to try innoculating, send him a memail. He's got a great reputation for helping out lots of mefites with malware infections. I'm available to help too if you'd like, as I do this many times a day in a university setting...
posted by samsara at 6:28 AM on November 18, 2011


Response by poster: Wow, you guys are amazing. Thanks for the detailed information. I'll definitely be referencing this while I work.
posted by fishmasta at 1:40 PM on November 18, 2011


« Older Who owes me a box of cookies?   |   What to do in North Carolina?? Newer »
This thread is closed to new comments.