I hate you computer. No. Really.
August 16, 2008 12:56 PM Subscribe
Now I'm just mad. Before I drag my stupid, crap laptop over to the Geek Squad, help me figure out some solutions for what's like a malware/adware problem.
Alright. Apparently, in the last two days, I've managed to contract some malware/adware baloney. (Five years with no viruses or adwares.... sigh...)
When I run internet explorer, my system resources are 100% used and the whole thing gets bogged down. Task Manager says there's a second instance of explorer running in the background. If I end the second instance, it just pops back up.
I've run Spybot S&D & Avast with no fix.
What else can I run to figure out what the hell is running on my computer. I'm hoping for free resources.
Alright. Apparently, in the last two days, I've managed to contract some malware/adware baloney. (Five years with no viruses or adwares.... sigh...)
When I run internet explorer, my system resources are 100% used and the whole thing gets bogged down. Task Manager says there's a second instance of explorer running in the background. If I end the second instance, it just pops back up.
I've run Spybot S&D & Avast with no fix.
What else can I run to figure out what the hell is running on my computer. I'm hoping for free resources.
Sigh. Yes, you should reinstall Windows - but that's not what you're asking, right? People always suggest that.
We just had another virus removal thread, I personally recommended Malwarebytes, but there were other good tips. If you do manage to get it removed, try to back up your data as soon as possible, and then do a reinstall. I know it's not always convenient to do a reinstall when you need your laptop for personal/work stuff - but it really is the safest thing in the long run.
posted by Liosliath at 1:17 PM on August 16, 2008
We just had another virus removal thread, I personally recommended Malwarebytes, but there were other good tips. If you do manage to get it removed, try to back up your data as soon as possible, and then do a reinstall. I know it's not always convenient to do a reinstall when you need your laptop for personal/work stuff - but it really is the safest thing in the long run.
posted by Liosliath at 1:17 PM on August 16, 2008
Spyware is a PAIN in the ass, and it is hard to sometimes say what is spyware; and what is legit software. I would be VERY careful before you dive in too far without help. As lia says, I would invest in a cheap external harddrive and copy all of your pictures/documents to it, and then wipe it (probably cheaper and you'll learn more than the DweebSquad).
posted by SirStan at 1:17 PM on August 16, 2008
posted by SirStan at 1:17 PM on August 16, 2008
Yes, you can muck around all day long trying this fix or that. You can even get down there and start messing around with your registry trying to kill this spyware. You may even make some progress, but at the end of the day a compromised system will never be 100% reliable again. Even if you clean it and then never connect to the internet ever again you're going to always have a nagging suspicion that the system isn't running right.
Nuke it from orbit. It's the only way to be sure.
Indeed, the time you spend chasing down fixes an reading up on solutions would be better spent familiarizing yourself with the backup and re-install process.
posted by wfrgms at 1:24 PM on August 16, 2008
Nuke it from orbit. It's the only way to be sure.
Indeed, the time you spend chasing down fixes an reading up on solutions would be better spent familiarizing yourself with the backup and re-install process.
posted by wfrgms at 1:24 PM on August 16, 2008
Wipe and reinstall, yes, and then don't use IE anymore. Get Firefox.
posted by nitsuj at 1:30 PM on August 16, 2008
posted by nitsuj at 1:30 PM on August 16, 2008
Do an AskMe search for Hijack This or HijackThis. Afterwards, install Firefox and SpywareBlaster.
posted by iconomy at 1:32 PM on August 16, 2008
posted by iconomy at 1:32 PM on August 16, 2008
REINSTALL WINDOWS. I am a software writer and say this with conviction. You cannot trust a machine once it's been compromised because the odds are iffy that you're going to get all the spyware/malware off, regardless of what cleanser you use.
posted by crapmatic at 1:43 PM on August 16, 2008
posted by crapmatic at 1:43 PM on August 16, 2008
Nuke it from orbit, it's the only way to be sure. Nuke and p_a_v_e
Last week a buddy of mine got a trojan off of BitTorrent, looking for a heist of Dark Night. Instead, he got a 700MB malware payload that hosed his boot drive.
posted by porn in the woods at 1:53 PM on August 16, 2008
Last week a buddy of mine got a trojan off of BitTorrent, looking for a heist of Dark Night. Instead, he got a 700MB malware payload that hosed his boot drive.
posted by porn in the woods at 1:53 PM on August 16, 2008
Wipe and reinstall Windows. It's the only way to be certain.
posted by Blazecock Pileon at 2:10 PM on August 16, 2008
posted by Blazecock Pileon at 2:10 PM on August 16, 2008
Have you checked msconfig to see what other applications are running? As others have said, "hijack this" is good.
Personally I only reinstall as a last resort if all other alternatives have failed.
posted by conrad101 at 2:21 PM on August 16, 2008
Personally I only reinstall as a last resort if all other alternatives have failed.
posted by conrad101 at 2:21 PM on August 16, 2008
Best answer: Why would it not work to go back to an earlier restore point? Is that just a load of baloney?
posted by girlbowler at 2:48 PM on August 16, 2008
posted by girlbowler at 2:48 PM on August 16, 2008
I have always found softwares like SpyHunter and AdBlowUpThingie or whatever to be totally useless. They just can't keep up with all the new malware being created.
Can you find out the specific name of the malicious software? The one I had a few years back actually let me know, I forget if it was in the stupid webpages it loaded or on the task manager, but it told me. I then googled and found a specific solution that worked perfectly.
For the future, Firefox is not the perfect uber-browser some people would like it to be, but it is much more secure than IE.
posted by drjimmy11 at 2:56 PM on August 16, 2008
Can you find out the specific name of the malicious software? The one I had a few years back actually let me know, I forget if it was in the stupid webpages it loaded or on the task manager, but it told me. I then googled and found a specific solution that worked perfectly.
For the future, Firefox is not the perfect uber-browser some people would like it to be, but it is much more secure than IE.
posted by drjimmy11 at 2:56 PM on August 16, 2008
You can try a scan with malwarebytes scanner before wiping. I've had tremendous success with this scanner to clean recent infestations of AntiVirus XP 2008/9. Try it once in safe mode(google if you don't know what this is) and once in regular windows mode, if it doesn't clean it, wipe & reinstall.
posted by ijoyner at 3:28 PM on August 16, 2008
posted by ijoyner at 3:28 PM on August 16, 2008
Coming from an IT background, I don't necessarily think you need a reinstall. To be completely sure you should do so, and there's no way I'd let you back on my network without a reinstall, but for a home user, what you've got sounds minor compared to some stuff I've dealt with.
I would highly recommend this malware removal guide. Follow the steps all the way through exactly as they say, and you should be in business. It will take a little bit of time, but if you've got a complex setup that you'd rather not hose for this, this guide is awesome. Also, try the Anti-Malware Toolkit. I haven't personally used it yet, but I've heard wonderful things about it, and it was already on my list to try on my next big malware removal project.
posted by joshrholloway at 3:57 PM on August 16, 2008
I would highly recommend this malware removal guide. Follow the steps all the way through exactly as they say, and you should be in business. It will take a little bit of time, but if you've got a complex setup that you'd rather not hose for this, this guide is awesome. Also, try the Anti-Malware Toolkit. I haven't personally used it yet, but I've heard wonderful things about it, and it was already on my list to try on my next big malware removal project.
posted by joshrholloway at 3:57 PM on August 16, 2008
Oh, and I don't think anyone has said this yet, but DON'T take it to the Geek Squad. They will run their LASER tool, which is great, but basically just an automated version of the guide or the Anti-Malware Toolkit, and they will charge you a pretty penny for it. After all, it does stand for Ludicrously Automated Spyware Eradication Resource.
(And if you really want to, you can find LASER on the Internet if you have halfway-decent Google-fu.)
posted by joshrholloway at 4:11 PM on August 16, 2008
(And if you really want to, you can find LASER on the Internet if you have halfway-decent Google-fu.)
posted by joshrholloway at 4:11 PM on August 16, 2008
FWIW, I (not me, the SO, actually, who is not to be trusted) got something a couple of weeks ago that ate all the previous restore points completely. (To piggyback, anybody else get something like this lately?)
I've had pretty good luck in the past with restore, although I usually have to "restore last good config" first in stubborn cases, then go to the restore point in Windows.
Disclaimer: I'm really good with DOS, my Windows is pretty much "monkey see, monkey do".
Last time I got into trouble this wouldn't fix, I reinstalled Win XP.
posted by unrepentanthippie at 4:14 PM on August 16, 2008
I've had pretty good luck in the past with restore, although I usually have to "restore last good config" first in stubborn cases, then go to the restore point in Windows.
Disclaimer: I'm really good with DOS, my Windows is pretty much "monkey see, monkey do".
Last time I got into trouble this wouldn't fix, I reinstalled Win XP.
posted by unrepentanthippie at 4:14 PM on August 16, 2008
Best answer: There are several useful free tools to clear out stuff like this that can be downloaded from the web. First, you can use Process Explorer to see what's actually running on your computer. Much nicer utility than the built-in task manager. It has a lot of userful information and features to determine what's actually running on your computer. It stands an excellent chance of showing you your first information on the culprit.
You can use ShellExView to see what extensions have hooked into your computer and the files associated with them. Most modern infestations show up here because they like to hook into logon or explorer processes. Makes 'em hard to get rid of, but not inherently more dangerous.
In addition, you can try AutoRuns for Windows. It shows all sorts of ways that a nasty can hook into your computer on startup. Take note of any questionable executable or DLLs. Googling names can help a lot here.
Regmon can also be useful for detecting when something keeps writing back into the registry if you remove an entry.
With tools like these, and possibly a freely downloadable boot ISO/disk image for your CD/DVD/flash drive (which will allow you delete files protected from deletion in XP safe mode), and some patience, you can clear out most non-custom infestations you're likely to encounter. If you can't figure out how to use them properly for this instance, post again for further detail. Or drop a MeMail.
It's unfortunate, but I don't think many of the automated programs have kept up well with clearing out the latest array of spyware. Fortunately, the manual removal process is usually a rule-driven one tha anyone used to following modest instructions and logical steps should be able to handle.
Looking your array of answer, I see the ever-popular "nuke from orbit". "Nuke from orbit" is a really cool sounding motto, but like many cool mottoes, it's often complete bullshit. You certainly can clear and keep a computer of spyware and viruses with reasonable expectations that it is clear and you are safe. Unfortunately, the urge to repeat cool mottos, paranoia, and Windows-hate have pushed this frequent "nuke it" or the worse "get a different OS" non-answer to a top response on AskMe lately. As a consequence, people lose time, money, data and personal customizations they needn't lose.
Your problem sounds like small potatoes infestation. But, balance your time to fix it against what you would lose to get back to where you were during a reinstall or restore. If you think a reinstall or restore would be relatively painless to your situation, do it. If you think a reinstall or restore would be painful, but not as painful as downlaoding, understanding, and stepping through several logical maneuvers using tools like the ones I listed, then do the wipe. You'll save time and be free of the mostly irrational fears about the evil overlooked virus lurking in your computer, ready to leap out at night and stab you in your sleep. But if the balance isn't so clear, and you're willing to take some time to avoid the kneejerk "nuke it" response, you stand a very good chance of walking away with a clean system.
(I noticed that flabdablet just posted a link to a thread which ended up with me getting an very nice hand-written thank-you card last month, more than cancelling out another fatuous individual's participation. (I did have to do some follow-up work on the person's computer since they experienced other problems.) And so I'd like to publicly share and extend that thank-you to flabdablet, since he offered wise advice for the cleanup process.
posted by mdevore at 5:58 PM on August 16, 2008 [2 favorites]
You can use ShellExView to see what extensions have hooked into your computer and the files associated with them. Most modern infestations show up here because they like to hook into logon or explorer processes. Makes 'em hard to get rid of, but not inherently more dangerous.
In addition, you can try AutoRuns for Windows. It shows all sorts of ways that a nasty can hook into your computer on startup. Take note of any questionable executable or DLLs. Googling names can help a lot here.
Regmon can also be useful for detecting when something keeps writing back into the registry if you remove an entry.
With tools like these, and possibly a freely downloadable boot ISO/disk image for your CD/DVD/flash drive (which will allow you delete files protected from deletion in XP safe mode), and some patience, you can clear out most non-custom infestations you're likely to encounter. If you can't figure out how to use them properly for this instance, post again for further detail. Or drop a MeMail.
It's unfortunate, but I don't think many of the automated programs have kept up well with clearing out the latest array of spyware. Fortunately, the manual removal process is usually a rule-driven one tha anyone used to following modest instructions and logical steps should be able to handle.
Looking your array of answer, I see the ever-popular "nuke from orbit". "Nuke from orbit" is a really cool sounding motto, but like many cool mottoes, it's often complete bullshit. You certainly can clear and keep a computer of spyware and viruses with reasonable expectations that it is clear and you are safe. Unfortunately, the urge to repeat cool mottos, paranoia, and Windows-hate have pushed this frequent "nuke it" or the worse "get a different OS" non-answer to a top response on AskMe lately. As a consequence, people lose time, money, data and personal customizations they needn't lose.
Your problem sounds like small potatoes infestation. But, balance your time to fix it against what you would lose to get back to where you were during a reinstall or restore. If you think a reinstall or restore would be relatively painless to your situation, do it. If you think a reinstall or restore would be painful, but not as painful as downlaoding, understanding, and stepping through several logical maneuvers using tools like the ones I listed, then do the wipe. You'll save time and be free of the mostly irrational fears about the evil overlooked virus lurking in your computer, ready to leap out at night and stab you in your sleep. But if the balance isn't so clear, and you're willing to take some time to avoid the kneejerk "nuke it" response, you stand a very good chance of walking away with a clean system.
(I noticed that flabdablet just posted a link to a thread which ended up with me getting an very nice hand-written thank-you card last month, more than cancelling out another fatuous individual's participation. (I did have to do some follow-up work on the person's computer since they experienced other problems.) And so I'd like to publicly share and extend that thank-you to flabdablet, since he offered wise advice for the cleanup process.
posted by mdevore at 5:58 PM on August 16, 2008 [2 favorites]
I'll immediately burn all the social capital contained in that thank-you by repeating my opinion that "get a different OS" is not always a non-answer. For some people - even many people - it's an option that's well worth evaluating, especially given that it's actually not so hard to run several alternative environments side-by-side or even virtualized in one another.
Since cutting my own main computing environment over from Windows to Gnome, I have experienced occasional puzzlement and occasional frustration. But I can honestly say that I have never experienced the kind of black "I hate you, you complete prick of a computer" rage that periodically crops up for me when attempting to get work done on a vandalized and/or over-protected Windows box. For the most part, my Ubuntu boxes do what I want them to, flexibly, without fuss and very very cheaply; when they don't, the process of persuading them to do so is far more often educational and enjoyable than annoying.
That aside, I'll repeat the gist of what I said in the other thread: From the point of view of most people who fix broken Winboxen for a living, nuke and pave is often the most economically rational option. It is rarely so for their customers, because getting a computing environment Just Right is such a painstaking and lengthy process, and most people don't have the technical skill to set their computers up for convenient re-imaging of system and software without loss of user data.
If your Windows is broken and you're lucky enough to catch a competent and generous tech like mdevore on a day when he's not flat out fixing stuff for other people, nuke and pave is probably not the best you can do.
posted by flabdablet at 8:18 PM on August 16, 2008
Since cutting my own main computing environment over from Windows to Gnome, I have experienced occasional puzzlement and occasional frustration. But I can honestly say that I have never experienced the kind of black "I hate you, you complete prick of a computer" rage that periodically crops up for me when attempting to get work done on a vandalized and/or over-protected Windows box. For the most part, my Ubuntu boxes do what I want them to, flexibly, without fuss and very very cheaply; when they don't, the process of persuading them to do so is far more often educational and enjoyable than annoying.
That aside, I'll repeat the gist of what I said in the other thread: From the point of view of most people who fix broken Winboxen for a living, nuke and pave is often the most economically rational option. It is rarely so for their customers, because getting a computing environment Just Right is such a painstaking and lengthy process, and most people don't have the technical skill to set their computers up for convenient re-imaging of system and software without loss of user data.
If your Windows is broken and you're lucky enough to catch a competent and generous tech like mdevore on a day when he's not flat out fixing stuff for other people, nuke and pave is probably not the best you can do.
posted by flabdablet at 8:18 PM on August 16, 2008
Another point about nuke and pave: if you install a vanilla XP CD, and you have a direct internet connection with no hardware router / firewall, you're screwed. You can't connect to the internet long enough to get the XP updates and service packs without getting infected, or more likely knocked down, by something hitting the RPC buffer overflow exploit, which usually kills the RPC process, prompting XP to reboot.
Another option for safe browsing: install virtual machine software and browse from the vm.
posted by and for no one at 9:45 PM on August 16, 2008
Another option for safe browsing: install virtual machine software and browse from the vm.
posted by and for no one at 9:45 PM on August 16, 2008
FWIW, the Kaspersky product was a helpful part of my "why have I just gotten a malware infection after years of clean living" incident. It found stuff when four other products did not. I still had to use some elbow grease in the final cleanup, but Kaspersky got me 90% of the way there.
(On different OSes, I've found that Zenwalk Linux--a smaller, stripped-down Linux distro--is a great way to keep an older machine in productive use that you might have otherwise hauled out to the slag heap. There are several others to play with, too, including an Xubuntu.)
posted by gimonca at 8:14 AM on August 17, 2008
(On different OSes, I've found that Zenwalk Linux--a smaller, stripped-down Linux distro--is a great way to keep an older machine in productive use that you might have otherwise hauled out to the slag heap. There are several others to play with, too, including an Xubuntu.)
posted by gimonca at 8:14 AM on August 17, 2008
I work in IT and get at least one spyware/trojan laden laptop a month to clean. My favorite tools are Superantispyware Pro (get the demo, it's fully functional) and Trojan Remover (demo also fully functional). These two have cleaned about 90% of the machines that have come to me.
posted by starscream at 5:09 PM on August 17, 2008
posted by starscream at 5:09 PM on August 17, 2008
I should add though, that if these tools fail I'll inevitably back up their pst's, My Documents and favorites and then format/re-image.
posted by starscream at 5:12 PM on August 17, 2008
posted by starscream at 5:12 PM on August 17, 2008
This thread is closed to new comments.
posted by lia at 1:10 PM on August 16, 2008