Can this be fixed?
March 6, 2011 11:31 AM Subscribe
Help with malware, please?
My Dell Windows XP desktop seems to be a little sick right now. My husband may or may not have infected it while browsing...certain sites. ;) Now when we start it, it boots up in safe mode, with no desktop icons/wallpaper. The icon tray and Windows start menu are gone. We've encountered malware problems before, and they're always (relatively) easily fixed by a visit to mybleepingcomputer, a download of Rkill and then a run through the malwarebytes software. But booting it in safe mode, safe mode without networking and normal mode all result in that same black screen. I wouldn't even know how to get Rkill onto the computer to run it.
Also, a dialog box pops up that says "Disk Diagnostics" and "Check disk options," with two check boxes: "Check hard drive sectors" and "Check file system integrity." Hitting ctrl+alt+del results in a pop-up box that says the administrator disabled that function (or something similar to that). Thanks for any advice you can give--I can't seem to find anything on mybleepingcomputer right now and I didn't really know where else to look.
My Dell Windows XP desktop seems to be a little sick right now. My husband may or may not have infected it while browsing...certain sites. ;) Now when we start it, it boots up in safe mode, with no desktop icons/wallpaper. The icon tray and Windows start menu are gone. We've encountered malware problems before, and they're always (relatively) easily fixed by a visit to mybleepingcomputer, a download of Rkill and then a run through the malwarebytes software. But booting it in safe mode, safe mode without networking and normal mode all result in that same black screen. I wouldn't even know how to get Rkill onto the computer to run it.
Also, a dialog box pops up that says "Disk Diagnostics" and "Check disk options," with two check boxes: "Check hard drive sectors" and "Check file system integrity." Hitting ctrl+alt+del results in a pop-up box that says the administrator disabled that function (or something similar to that). Thanks for any advice you can give--I can't seem to find anything on mybleepingcomputer right now and I didn't really know where else to look.
Oh, and tell your husband if he's going to look at the kind of porn sites that hand out malware, then he should really be doing it in Firefox, with Adblock and Flashblock, and really preferably inside a Sandbox or Virtual Machine.
There's just as much liklihood that this came from insecurities in facebook flash, PDF javascript, or something someone opened in an email.
posted by TomMelee at 11:42 AM on March 6, 2011
There's just as much liklihood that this came from insecurities in facebook flash, PDF javascript, or something someone opened in an email.
posted by TomMelee at 11:42 AM on March 6, 2011
Usually I'd chime in with my profile, but TomMelee has it right this time. Nuke and Pave.
posted by deezil at 11:43 AM on March 6, 2011 [1 favorite]
posted by deezil at 11:43 AM on March 6, 2011 [1 favorite]
Response by poster: Ruh-roh. Yeah, we both thought we use safe browsing habits, not matter what sites we use, but I suppose not. Luckily most of our files are available elsewhere too. I'll start the password changing now. Thanks so much for your help!
posted by lagreen at 11:54 AM on March 6, 2011
posted by lagreen at 11:54 AM on March 6, 2011
Okay just to clarify, it doesn't matter what sites you vist, you are either secure against 'drive by' malware installs or your not. I actually had a site try to install some B.S. on my machine through an ad or something. It was just the web page for some random local news site and I had found the link on a popular blog.
That said, you should really upgrade to Windows 7. Vista and Win 7 have an extra layer of security that prevents software you randomly download from installing itself with administrative rights. You have to explicitly 'authorize' applications if they are going to do anything that actually damages your machine. It's not perfect, and you can still get programs that slow down your machine, but they'll be easier to remove. Windows XP, though, is just not a good idea.
If you want to try using a virtual machine Virtual Box is free and open source, and works well. It's a very safe system. You can download whatever you want onto a virtual box and it can't damage the computer it's hosted on.
posted by delmoi at 4:15 PM on March 6, 2011
That said, you should really upgrade to Windows 7. Vista and Win 7 have an extra layer of security that prevents software you randomly download from installing itself with administrative rights. You have to explicitly 'authorize' applications if they are going to do anything that actually damages your machine. It's not perfect, and you can still get programs that slow down your machine, but they'll be easier to remove. Windows XP, though, is just not a good idea.
If you want to try using a virtual machine Virtual Box is free and open source, and works well. It's a very safe system. You can download whatever you want onto a virtual box and it can't damage the computer it's hosted on.
posted by delmoi at 4:15 PM on March 6, 2011
There is nothing wrong with the security stuff built into XP. It's every bit as strong as what's available in Vista and 7, just a little less convenient to work around. The only trouble with it is that it's all turned off by default, and most people just leave it turned off to avoid app compatibility hassles.
That said: Windows is still the only desktop OS that suffers from random infections.
If you do end up going the nuke and pave, consider changing to a less susceptible OS. If that's too much of a familiarity stretch for you, at least make proper use of XP's inbuilt protection*.
*I no longer recommend the AVG free antivirus product I liked in 2008. My current favorite is Panda Cloud Antivirus.
posted by flabdablet at 6:39 PM on March 6, 2011
That said: Windows is still the only desktop OS that suffers from random infections.
If you do end up going the nuke and pave, consider changing to a less susceptible OS. If that's too much of a familiarity stretch for you, at least make proper use of XP's inbuilt protection*.
*I no longer recommend the AVG free antivirus product I liked in 2008. My current favorite is Panda Cloud Antivirus.
posted by flabdablet at 6:39 PM on March 6, 2011
Worry less about the OS, and more about the browser.
I am going to say this once:
Please, don't use Internet Explorer. Especially not the older versions. Anything below version 15 is horrible.
posted by Sphinx at 10:03 PM on March 6, 2011
I am going to say this once:
Please, don't use Internet Explorer. Especially not the older versions. Anything below version 15 is horrible.
posted by Sphinx at 10:03 PM on March 6, 2011
Response by poster: Thanks again. So I shouldn't be using Internet Explorer 6? No, I'm just kidding (although my federal gov't job does require us to use that)--we use Firefox with AdBlock Plus or Opera. And we did also upgrade to Windows 7, which was something we should have done awhile ago. I look at just as much pr0n as my husband does, but I use Windows 7 and have never had the problems he was getting on the XP machine. Also thanks for the Panda Cloud recommendation. My husband just installed AVG, Spybot and the Malwarebytes free version, but maybe we'll switch (add?) Panda Cloud too. Thank you all so much for your answers here and all the advice I've read from you in other threads, too!
posted by lagreen at 5:19 AM on March 7, 2011
posted by lagreen at 5:19 AM on March 7, 2011
Alright, firstly you're just as good (if not better off) with IE8. I've noticed lots of people over the years recommending Firefox, chrome, opera, etc over IE, promoting it as being safer from malware etc. The reality is that its just not true. There may have been a time when Firefox was new, but if you watch US-CERT (a government site responsible for reporting software vulnerabilities) Firefox, Chrome, and Opera have been seeing a lot more vulnerabilities than IE lately.
And besides that point, the browsers themselves are not even really the issue. The largest vulnerability you could have on your system is having an unpatched version of Adobe Flash or Reader less than version 10. In 2009, Adobe Reader alone was seen to be responsible for over 80% of all known malware exploits (with Foxit, Sumantra, etc sharing some of the same security holes). The reason for this is there's been a paradigm shift from malware developers. Instead of going after the browsers they're going after things that are on most PCs. Or the low hanging fruit so to speak.
This is why you should have Adobe Reader X installed. It may still have vulnerabilities, but its currently the safest PDF reader out there due to a new feature in X by default, sandboxing*. IE8 also has sandboxing technology (protected mode), which makes it one of the safest browsers at the moment. However, I highly recommend moving to Windows 7 to make the best of it.
Anyway, enough of that rant:
- You'll want to start off by trying a repair. You can initiate this from your original XP installation CD. Boot off of it, press Enter when at the initial setup screen, press F8 to accept the license agreement, and then press R to repair Windows.
- This will hopefully restore most of your core files and settings to factory. If not, you'll have to take the PC to a professional to have the CTRL-ALT-DEL policy removed from the registry. You can get a DOS prompt up during the GUI (graphical) stage of the repair by pressing SHIFT+F10. From there you should be able to launch regedit.exe and load the SOFTWARE hive in c:\windows\system32\config...you can name it anything when loading. (navigate to and delete \microsoft\windows
nt\currentversion\winlogon\disablecad)
If you finally get to a point where your system is running. Remove your virus scanner if it is Norton or Mcafee, and get the following installed:
- Microsoft Security Essentials
- Immunet Cloud AV (compliments MSE nicely)
- Secunia PSI (windows updates for everything non-microsoft...a must-have)
- Web of Trust (a community site advisor, to help you avoid bad sites in the future)
- Dial-a-fix (to help repair anything else that's left wonky. Namely, you'll first want to click on the hammer icon and kick off a 'permissions repair' asap, as that'll help close up any backdoors previous infections have left)
I would also consider creating an Administrator account...call it 'Trusted' or similar. Then drop the rights on your account and your husband's to only be Users. This will protect you from future system level malware infections. When you absolutely need to install something, just right-click and Run-As 'trusted' and you're good to go.
*Sandboxing, or application virtulization, is a way of running software in a memory space separate from the running operating system. It's a clever way of trapping malware into thinking its infecting the PC when in fact its infecting a temporary space that gets deleted once the program is closed.
posted by samsara at 6:30 AM on March 7, 2011 [1 favorite]
And besides that point, the browsers themselves are not even really the issue. The largest vulnerability you could have on your system is having an unpatched version of Adobe Flash or Reader less than version 10. In 2009, Adobe Reader alone was seen to be responsible for over 80% of all known malware exploits (with Foxit, Sumantra, etc sharing some of the same security holes). The reason for this is there's been a paradigm shift from malware developers. Instead of going after the browsers they're going after things that are on most PCs. Or the low hanging fruit so to speak.
This is why you should have Adobe Reader X installed. It may still have vulnerabilities, but its currently the safest PDF reader out there due to a new feature in X by default, sandboxing*. IE8 also has sandboxing technology (protected mode), which makes it one of the safest browsers at the moment. However, I highly recommend moving to Windows 7 to make the best of it.
Anyway, enough of that rant:
- You'll want to start off by trying a repair. You can initiate this from your original XP installation CD. Boot off of it, press Enter when at the initial setup screen, press F8 to accept the license agreement, and then press R to repair Windows.
- This will hopefully restore most of your core files and settings to factory. If not, you'll have to take the PC to a professional to have the CTRL-ALT-DEL policy removed from the registry. You can get a DOS prompt up during the GUI (graphical) stage of the repair by pressing SHIFT+F10. From there you should be able to launch regedit.exe and load the SOFTWARE hive in c:\windows\system32\config...you can name it anything when loading. (navigate to and delete \microsoft\windows
nt\currentversion\winlogon\disablecad)
If you finally get to a point where your system is running. Remove your virus scanner if it is Norton or Mcafee, and get the following installed:
- Microsoft Security Essentials
- Immunet Cloud AV (compliments MSE nicely)
- Secunia PSI (windows updates for everything non-microsoft...a must-have)
- Web of Trust (a community site advisor, to help you avoid bad sites in the future)
- Dial-a-fix (to help repair anything else that's left wonky. Namely, you'll first want to click on the hammer icon and kick off a 'permissions repair' asap, as that'll help close up any backdoors previous infections have left)
I would also consider creating an Administrator account...call it 'Trusted' or similar. Then drop the rights on your account and your husband's to only be Users. This will protect you from future system level malware infections. When you absolutely need to install something, just right-click and Run-As 'trusted' and you're good to go.
*Sandboxing, or application virtulization, is a way of running software in a memory space separate from the running operating system. It's a clever way of trapping malware into thinking its infecting the PC when in fact its infecting a temporary space that gets deleted once the program is closed.
posted by samsara at 6:30 AM on March 7, 2011 [1 favorite]
« Older I want to see the inside of my childhood home. Is... | As seen on tv... but where can she buy it? Newer »
This thread is closed to new comments.
To actually, truly get this kind of infection off your computer will take...days. No joke.
Make sure you then change your passwords, logons, etc., and assume that confidential information has been compromised.
Really, really, really, really it's not worth saving. I promise.
posted by TomMelee at 11:40 AM on March 6, 2011