Help me load up an anti-malware tookit
January 2, 2009 12:13 PM Subscribe
I'm heading out tomorrow to work on my Mom's computer, which has been infected by Antivirus2009. Help me load up my flash drive with everything I need.
Mom lives over 3 hours away and the infection on her computer (Windows XP) is keeping her from being able to download any anti-malware. Therefore I want to make sure I take everything I need with me.
I'll have a Windows disc in case I end up needing to completely re-install Windows, but I'd like to avoid having to do that if possible. What anti-malware tools can I take with me on a flash drive to give me the best chance of success?
Thanks in advance for any and all suggestions.
Mom lives over 3 hours away and the infection on her computer (Windows XP) is keeping her from being able to download any anti-malware. Therefore I want to make sure I take everything I need with me.
I'll have a Windows disc in case I end up needing to completely re-install Windows, but I'd like to avoid having to do that if possible. What anti-malware tools can I take with me on a flash drive to give me the best chance of success?
Thanks in advance for any and all suggestions.
Don't forget to download the absolute latest definitions file from malwarebyte's website as well as the program installer has month old definitions which won't help much.
First start the PC in safe mode (if she is on Ethernet at home you could do "safe mode with networking" and download/install/update in safe mode) , install MWB and the definitions and run a full scan. Restart to regular mode, disable system restore, run another full scan.
posted by ijoyner at 12:33 PM on January 2, 2009
First start the PC in safe mode (if she is on Ethernet at home you could do "safe mode with networking" and download/install/update in safe mode) , install MWB and the definitions and run a full scan. Restart to regular mode, disable system restore, run another full scan.
posted by ijoyner at 12:33 PM on January 2, 2009
Oh, and if she has Norton or some other bloated, broken AntiVirus program, ditch that and put on AVG Free or Avast Home edition.
And install XP Service Pack 3 or Vista Service Pack 1 and all updates since to make sure this doesn't happen again.
posted by ijoyner at 12:35 PM on January 2, 2009
And install XP Service Pack 3 or Vista Service Pack 1 and all updates since to make sure this doesn't happen again.
posted by ijoyner at 12:35 PM on January 2, 2009
The December release of MS's Malicious Software Removal Tool will effectively remove AV2009. It was one of the most prevalent threats this month, and is the primary infection targeted by this version of the MSRT.
I'd run it first, and then something that looks a little deeper (like Malwarebytes as mentioned above).
posted by toxic at 12:43 PM on January 2, 2009
I'd run it first, and then something that looks a little deeper (like Malwarebytes as mentioned above).
posted by toxic at 12:43 PM on January 2, 2009
Is she able to run windows update? The latest version of the malicious software removal tool claims to remove Antivirus2009. Win32/FakeXPA and Win32/Yektel are the technical names for Antivirus2009.
posted by phil at 12:44 PM on January 2, 2009
posted by phil at 12:44 PM on January 2, 2009
In the shop at which I work, we regularly use Malwarebytes' to get rid of Antivirus2008/2009. It works quite well.
posted by The Great Big Mulp at 12:48 PM on January 2, 2009
posted by The Great Big Mulp at 12:48 PM on January 2, 2009
Also, it probably wouldn't hurt to bring a copy of Spybot - Search and Destroy, but just because it's just generally a good idea to have Spybot around.
posted by The Great Big Mulp at 12:55 PM on January 2, 2009
posted by The Great Big Mulp at 12:55 PM on January 2, 2009
You could install Logmein so you could do spot checks/ updates without having to make the drive.
posted by sharkfu at 12:56 PM on January 2, 2009
posted by sharkfu at 12:56 PM on January 2, 2009
Response by poster: She isn't able to run Windows Update. I guess the malware must be blocking it.
I previously had Avast installed for her when she was using dial-up. She just got started with high-speed internet through Verizon a few weeks ago and they replaced Avast with their own security suite. Now, somehow, the Verizon security suite is gone, while Avast is turned off and not able to be re-started. She says that Verizon tech support spent about an hour working on the problem before giving up and telling her there was nothing they could do.
So far on my flash drive I've got Malwarebytes Anti-Malware and the latest version of Avast. I was thinking I might also take the installer for an alternate browser (Firefox or Opera), since I don't know whether it's just IE that's borked up. Anything else?
posted by tdismukes at 1:04 PM on January 2, 2009
I previously had Avast installed for her when she was using dial-up. She just got started with high-speed internet through Verizon a few weeks ago and they replaced Avast with their own security suite. Now, somehow, the Verizon security suite is gone, while Avast is turned off and not able to be re-started. She says that Verizon tech support spent about an hour working on the problem before giving up and telling her there was nothing they could do.
So far on my flash drive I've got Malwarebytes Anti-Malware and the latest version of Avast. I was thinking I might also take the installer for an alternate browser (Firefox or Opera), since I don't know whether it's just IE that's borked up. Anything else?
posted by tdismukes at 1:04 PM on January 2, 2009
Mom lives over 3 hours away
For that much effort, I'd stay with the NIFO strategy to make sure that I didn't have to do it again next week. Consider adding tightVNC or one of the many other remote access options to save you the gas next time.
posted by a robot made out of meat at 1:05 PM on January 2, 2009 [1 favorite]
For that much effort, I'd stay with the NIFO strategy to make sure that I didn't have to do it again next week. Consider adding tightVNC or one of the many other remote access options to save you the gas next time.
posted by a robot made out of meat at 1:05 PM on January 2, 2009 [1 favorite]
Oh, definitely add on the fox and change all her application links / shortcuts to point to it.
posted by a robot made out of meat at 1:06 PM on January 2, 2009
posted by a robot made out of meat at 1:06 PM on January 2, 2009
Malwarebytes' Anti-Malware has been extremely successful for me in removing AntiVirus(XP/2008/2009) infections.
Seconded - worked fine for me on a friends infected PC. Run in safe mode, natch.
posted by the_very_hungry_caterpillar at 1:21 PM on January 2, 2009
Seconded - worked fine for me on a friends infected PC. Run in safe mode, natch.
posted by the_very_hungry_caterpillar at 1:21 PM on January 2, 2009
the link toxic provided is a direct link to the malicious software removal tool. you should be able to download it, regardless of the state of window update.
posted by phil at 1:23 PM on January 2, 2009
posted by phil at 1:23 PM on January 2, 2009
This thread on my hi-jacked pc has a lot of great links. I couldn't search for them myself, but was able to click on the links provided to access the sites.
I spent 2 days trying to get rid of my virus, finally reset to an earlier starting point. Does she know about the time she was infected?
Best of luck to you.
posted by JujuB at 2:23 PM on January 2, 2009
I spent 2 days trying to get rid of my virus, finally reset to an earlier starting point. Does she know about the time she was infected?
Best of luck to you.
posted by JujuB at 2:23 PM on January 2, 2009
Once you fix her machine, please for the love of all that's holy set her up as a non-admin account.
posted by me & my monkey at 2:23 PM on January 2, 2009
posted by me & my monkey at 2:23 PM on January 2, 2009
Spybot + Adaware - install as admin, get updates, then reboot, login as admin in safe mode, run full scans with both. Check msconfig for startup entries and services that are suspect. That oughta do it.
posted by stenseng at 2:25 PM on January 2, 2009
posted by stenseng at 2:25 PM on January 2, 2009
Get SuperAntiSpyware, install/update it on your machine, then copy the program's folder from Program Files to the thumb drive. Rename the .exe to anything you'd like (I usually use SAS). Then run it, a "complete scan" is preferable. MalwareBytes/Spybot will do a great job, too. Remember to log into safe mode (with networking) first.
This virus is really nasty. As I've dealt with it a lot of it at my helpdesk. Good luck!
posted by ThirstyEar2 at 2:43 PM on January 2, 2009
This virus is really nasty. As I've dealt with it a lot of it at my helpdesk. Good luck!
posted by ThirstyEar2 at 2:43 PM on January 2, 2009
Best answer: If you have difficulty running any Anti-Malware utilities, you may want to boot from a CD. There is an excellent generic Windows boot CD, with anti-malware apps included, at http://www.ubcd4win.com/ The software is free to download and has copies of all the drivers and disk utilities that you are likely to need (you can download the latest sigs for the anti-malware utilities before you burn the project -- see the CD creation instructions). Its originator can be trusted (i.e. it is free from malware) -- he has been running this project for about 5 years (he has the cease-and-desist letters from Microsoft to prove it!). The CD takes about 20 minutes to make up and you'll need a Windows XP install CD to compile it. But this CD has saved my bacon more than once: I now have a burned copy filed for future use ...
posted by Susurration at 3:03 PM on January 2, 2009 [2 favorites]
posted by Susurration at 3:03 PM on January 2, 2009 [2 favorites]
Response by poster: Thanks everybody! After I get home tomorrow night I'll update this thread to verify what worked.
posted by tdismukes at 4:35 PM on January 2, 2009
posted by tdismukes at 4:35 PM on January 2, 2009
In the past I have used ask metafilter for my computer problems and had great results. Recently though I needed help real fast and while I was pulling my hair out I thought there has to be a better way. I googled for online computer help and found a company called Support Space. I have used them three times now for various problems. They charged me around fifty bucks each time. I have no connection with the company. So if you don't want to drive 3hrs each way.....
posted by snowjoe at 4:42 PM on January 2, 2009
posted by snowjoe at 4:42 PM on January 2, 2009
Malwarebytes' Anti-Malware also worked for me. I will note that this was after a freshly downloaded MSRT failed to find a thing. (It may have been defeated, not faulty, but just a data point.) Search and Destroy was possibly also defeated, as it could not download updates, although I did get it to begin a scan once. The main point is that you may need to try a combination of tools.
I did have to re-run Malwarebytes, though. Something hung around. It wasn't until the third scan that it didn't find anything. I also did some manual clean-up at some point at the DOS prompt (refresh your knowledge of DEL and ATTRIB slash codes, just in case). It was literally respawning as it was being
When you install Firefox, install AdBlock and NoScript as well.
posted by dhartung at 10:42 PM on January 2, 2009
I did have to re-run Malwarebytes, though. Something hung around. It wasn't until the third scan that it didn't find anything. I also did some manual clean-up at some point at the DOS prompt (refresh your knowledge of DEL and ATTRIB slash codes, just in case). It was literally respawning as it was being
When you install Firefox, install AdBlock and NoScript as well.
posted by dhartung at 10:42 PM on January 2, 2009
Response by poster: Susurration's suggestion of UBCD4Win saved the day. The computer was so borked up that it wouldn't let me install or run any of the suggested anti-malware programs. I had to boot from the UBCD4Win disk and make a few passes with various anti-malware & anti-virus programs from the disk before I could get things cleared up enough to actually install Malwarebytes Anti-Malware & the rest. At that point, it took just about a full day of running repeated scans with various programs before I could get things fully cleared up.
posted by tdismukes at 12:44 PM on January 5, 2009
posted by tdismukes at 12:44 PM on January 5, 2009
« Older Can I use htaccess to deny certain non-existent... | Suggestions for getting started with Dot Net... Newer »
This thread is closed to new comments.
posted by ODiV at 12:19 PM on January 2, 2009 [1 favorite]