How to withhold virus infections (of the computer variety) from the ones you love?
July 30, 2009 9:39 PM Subscribe
Suggestions for cleaning a virus-infected Windows machine appearing in a non-administrator account without resort to (1) the administrator account or (2) a nuke and re-install?
So my friend has a user account on her brother's Windows XP SP2 machine, with her brother set up as the password-protected administrator. She has picked up some viruses and/or spyware on her account.
I have booted the machine into safe mode and run some of the programs (such as ComboFix) recommended from prior MeFi posts. With access through safe mode, should I be able to get rid of all the nasties or do I need to run programs from the administrator account? Any other ideas?
She hopes to fix the problem without alerting her brother. So the best solution, a nuke and re-install, is currently off the table.
Thanks!
So my friend has a user account on her brother's Windows XP SP2 machine, with her brother set up as the password-protected administrator. She has picked up some viruses and/or spyware on her account.
I have booted the machine into safe mode and run some of the programs (such as ComboFix) recommended from prior MeFi posts. With access through safe mode, should I be able to get rid of all the nasties or do I need to run programs from the administrator account? Any other ideas?
She hopes to fix the problem without alerting her brother. So the best solution, a nuke and re-install, is currently off the table.
Thanks!
Safe mode doesn't bestow admin privilege, and without admin privilege some kinds of viruses can't be removed.
posted by Chocolate Pickle at 10:07 PM on July 30, 2009
posted by Chocolate Pickle at 10:07 PM on July 30, 2009
You know very well that this isn't cool, not one bit. So she doesn't confess, because you guys get a couple of suggestions here and think you have it cleared up - there's still no real way to know that. You're compromising all of the brother's activity on that pc - passwords, accounts, you name it.
posted by HopperFan at 10:08 PM on July 30, 2009
posted by HopperFan at 10:08 PM on July 30, 2009
It doesn't matter if she can get admin access, she still screwed up and it should be the brother's call whether he wants to nuke Windows from orbit or not.
Hiding this from him is a way shitty move.
posted by dunkadunc at 10:18 PM on July 30, 2009
Hiding this from him is a way shitty move.
posted by dunkadunc at 10:18 PM on July 30, 2009
I'm with dunkadunc. Firstly, you won't be able to fix it (where 'fix it' is defined to include 'being confident of malware removal'), secondly, the damage may already have been done to the computer-owner's privacy and info-security.
Own up, nuke and reinstall.
posted by pompomtom at 10:49 PM on July 30, 2009
Own up, nuke and reinstall.
posted by pompomtom at 10:49 PM on July 30, 2009
Well in theory (if windows was all up to date) all the spy-ware shouldn't have been anything really damaging if she didn't have admin access. So she might be able to nuke her own account and have her brother create another one, or even remove the spyware herself. But that's assuming that the none of the stuff she downloaded succeed in doing a privilege escalation to install itself deep in the system.
But you really should tell her bro so he can decide what to do.
posted by delmoi at 1:21 AM on July 31, 2009
But you really should tell her bro so he can decide what to do.
posted by delmoi at 1:21 AM on July 31, 2009
Best answer: I posted how to do this fix last week.
Download BitDefender live rescue disc and/or Kaspersky live rescue disc. Burn. Put in CD drive, set bios to boot from CD, plug in network cable, and run.
Update, scan, (I always select "advanced options" "prompt when finished" because the scan might take hours and I don't feel like sitting there.)
Then scan w/ the other one.
Then download UBCD and burn to disc. Basically, follow this tutorial to re-access your admin account, or (what I usually do instead) create a new admin account.
I use that tool when I get an infected client computer and they don't give me passwords OR the virus has gotten in the way.
Then UNPLUG THE NETWORK CABLE, and reboot w/ no CD.
From there, I generally run revo uninstaller/malwarebytes/spybot/ccleaner/ in that order. Revo because its boot-time manager will make sure everything is removed from startup...you have to do this manually but it's no big deal. Then the others on deep scan, wiping anything they find.
Lastly, I install Panda Cloud AV, and do a full scan of the live system.
I've salvaged about 8 totally destroyed systems with this exact routine just this month.
posted by TomMelee at 4:42 AM on July 31, 2009 [9 favorites]
Download BitDefender live rescue disc and/or Kaspersky live rescue disc. Burn. Put in CD drive, set bios to boot from CD, plug in network cable, and run.
Update, scan, (I always select "advanced options" "prompt when finished" because the scan might take hours and I don't feel like sitting there.)
Then scan w/ the other one.
Then download UBCD and burn to disc. Basically, follow this tutorial to re-access your admin account, or (what I usually do instead) create a new admin account.
I use that tool when I get an infected client computer and they don't give me passwords OR the virus has gotten in the way.
Then UNPLUG THE NETWORK CABLE, and reboot w/ no CD.
From there, I generally run revo uninstaller/malwarebytes/spybot/ccleaner/ in that order. Revo because its boot-time manager will make sure everything is removed from startup...you have to do this manually but it's no big deal. Then the others on deep scan, wiping anything they find.
Lastly, I install Panda Cloud AV, and do a full scan of the live system.
I've salvaged about 8 totally destroyed systems with this exact routine just this month.
posted by TomMelee at 4:42 AM on July 31, 2009 [9 favorites]
Response by poster: Thanks to all. I will do my best to get my friend to tell her brother and do a nuke and re-install----the brother does not use the computer, so he may have not lost any personal data because of the infection. Not that that makes the situation any better . . .
posted by Napoleonic Terrier at 2:40 PM on July 31, 2009
posted by Napoleonic Terrier at 2:40 PM on July 31, 2009
This thread is closed to new comments.
If you guys don't properly get rid of the viruses then the brother will also (unbeknownst to him) be adversely affected- including having his personal data stolen and used.
Let the brother know.
posted by dunkadunc at 10:05 PM on July 30, 2009 [1 favorite]