Help my father troubleshoot a pesky virus.
August 15, 2008 6:37 PM   Subscribe

ParentTechSupportFilter: My father has a virus. *sigh* before I send him to Geek Squad, what else should I tell him to do that he hasn't done already?

I don't know how this virus arrived. A sibling suggested blame being cast in the direction of my mother, who probably downloaded something she shouldn't have. Note that my father uninstalled his virus software because he felt it slowed his machine down. *sigh again* He is running XP.

That said, my father has done pretty well: he booted up in safe mode, he removed the offending program. He tried to install the Yahoo (i guess there's Yahoo internet now? heck if i know) antivirus, but his computer tells him he already has virus software installed. He called Norton tech support and they talked him through various uninstall scenarios, and ultimately said what my first response was - it's in the registry.

My father went into the registry and 1) found the virus there and 2) couldn't see anything from Norton or McAfee.

Now it's in my hands.

I am not far from him but really don't want to waste a saturday on this, mostly because my father is extremely unpleasant in these situations. plus i don't know that i can actually help him any more. what else should i be looking for or asking? what else can i tell him to do - besides wipe the machine and start over, which he will absolutely NOT do?
posted by micawber to Computers & Internet (15 answers total) 2 users marked this as a favorite
Response by poster: Most important thing I forgot I need to know: I want to find out how I can get a virus checker on there and how I can remove whatever is still hanging out in his system making it think it already has one.

thanks in advance. every member of my family has been involved in this so far.
posted by micawber at 6:47 PM on August 15, 2008

It sounds like he needs anti-virus protection!

Norton is well-known to be (a) insanely slow and a hog on system resources, and (b) nearly impossible to uninstall. (My work on other peoples' systems with Norton has led me to wonder why Norton isn't, itself, considered a virus.) Thus Norton provides an uninstall tool, because, as you noticed, uninstalling Norton normally doesn't actually get rid of it. (?!)

When Norton is gone, I'm a big fan of NOD32, which has a 30-day trial (with full functionality). Note that it's fully-functional for those 30 days. It's also insanely light on system resources.

Oh, and keep your dad out of the registry.
posted by fogster at 6:50 PM on August 15, 2008

how I can remove whatever is still hanging out in his system making it think it already has one.

I wasn't terribly explicit in my post, which I started before your follow-up comment. While it probably seems like a virus is making the system 'think' it has anti-virus, the reality is that Norton is what's still lurking around. You apparently need that uninstaller tool to actually get rid of it.
posted by fogster at 6:52 PM on August 15, 2008

How does he know he has a virus if Norton is uninstalled?

Anyway, rather then trying to talk him through it, you could use fog creek copilot if his machine can still get online, it's free on the weekends.
posted by delmoi at 7:00 PM on August 15, 2008

As a temporary measure, you can use an online virus scanner like Trend's Housecall.
posted by winston at 7:06 PM on August 15, 2008

At least once a month I clean up problems like this for desperate friends & family. On my own system I've never had a problem, and I use the magic four programs, all free:

AntiVir for anti-virus (getting rid of anything else installed)
ZoneAlarm for firewall (turning off Windows firewall)
Ad-Aware and Spybot Search & Destroy for other junk

When I get hold of someone's system, I install and run these four programs (and also run any windows updates they've ignored), and that usually clears it up and gets the machine speedier. I keep the installs on DVD in case there are connection issues on the problem machine.

AntiVir doesn't really require a lot of maintenance from the user, if it is set up with auto updates and such. Zone-Alarm requires a bit of training for the user, but the warnings are pretty self-explanatory. I tell them to run Ad-Aware and Spybot once every couple weeks, or if they notice something funny.

I then install the mvps hosts file to block known nasty sites. There are a few google links in the hosts file I delete because it can cause problems if they happen to click on sponsored links. I've heard that a good alternative to this is to use OpenDNS, though I haven't tried it yet.

Also, I tell pretty much everyone to avoid lyrics sites, celeb photo sites, and cute-little-game sites.
posted by troybob at 7:13 PM on August 15, 2008 [4 favorites]

Best answer: There's been a rather insidious virus going around lately which bills itself as 'XP Antivirus 2009.' I don't know if that's what he picked up, but the only thing that truly removed it was a program called MalwareBytes. I don't want to link to it, since I've only used it for this specific instance, but it took care of it when the following failed:

- uninstalling
- running NAV
- running AVG
- removing entries from the registry

It was a simple install, too.

Note: I do not work for Malwarebytes!
posted by Liosliath at 7:17 PM on August 15, 2008 [1 favorite]

Just reinstall Windows from the System discs. Seriously.
posted by k8t at 5:09 AM on August 16, 2008

Yeah, installing Windows is the best option - but the OP specifically stated that his father WILL NOT do this. Sure, he could go over there and do it, but then he's got someone with an "unpleasant" attitude hovering over him, asking forty times if he's got all the pics of the grandkids backed up, wanting to know if his Bedazzled game will still be there, etc...

So, for the OP -

"Dad, here's some suggestions on removing the virus. They may or may not work, but even if they do, viruses are like cockroaches - difficult to get rid of, and there's always more than one. If the removal methods don't work, you'll have to take it somewhere to have the operating system reinstalled. Make sure you back up your pictures and files first. Good luck!"
posted by Liosliath at 9:49 AM on August 16, 2008

Response by poster: thank you everyone. this is a great thread. i threw the geek squad thing out there not because i would ever call them myself, but because i'm going to have to give him SOME solution if i am unwilling to come up there.

i wish my father's unpleasantness extended just to simple issues like that. unfortunately it is far more wideranging and insidious, which is why i keep my distance. however, he is still my father, and i am still his daughter who is a technical PM (not a guy, thanks though).

i'll be giving these a try tonight and let you know how it goes. i really appreciate everyone chiming in on yet another "help! virus!" thread.
posted by micawber at 10:44 AM on August 16, 2008

Mod note: a few comments removed -- GeekSquad derail really needs to go to metatalk at this point.
posted by jessamyn (staff) at 1:49 PM on August 16, 2008

I've got no problems with Geek Squad in general; as I'm taking networking courses these days, I was tempted to apply with them to get some hands-on, except their site requires you to have Windows in order to file an application, which is an unusual limitation.

I think that probably any large-scale operation that does this kind of work, especially at the major-retailer level, is destined to get this degree of criticism. Their customers are primarily people who don't understand the elegance and intuition involved in solving these kinds of problems (or they could do it themselves), and thus they are quick to throw out criticisms on issues they don't understand. Plus, in addition to having the skill to fix a problem, the technician has to be able to deal with people who are upset, who know little about computers (or worse, think they know more than they do), and who often bring on the problems themselves. Sometimes a system is going to crash, or something else is going to screw up, and the average technician is not at fault; but customers need a convenient target for their frustrations, and even when the technician deserves no blame they will tell anyone they know how Geek Squad messed up their system.

I think customers often have irrationally high expectations, which is understandable given how the industry has tended to over-sell the simplicity of using a system that has so many potentially problematic variables.

I do this kind of stuff for people I know--mainly to gain experience, but also there's a neat thrill in diagnosing and applying a fix that actually works--and even still they will complain or be disappointed if I can't get back lost data, or if I have to do a reinstall, or that I can't just run a program that will correct the issue in five minutes. And that's when I'm doing it for free!
posted by troybob at 1:56 PM on August 16, 2008

oops...sorry i didn't see that on preview
posted by troybob at 1:56 PM on August 16, 2008

Oops, sorry, micawber - I just assumed you were a guy because of your user name - I'll try to avoid that in the future. :) Hope you have some luck with helping your Dad - I'll be checking back to see how it goes.
posted by Liosliath at 6:55 PM on August 16, 2008

Response by poster: Wanted to close up the thread.

First, there were two issues at hand: one, my father had a virus. second, he couldn't update his virus protection because Norton (which is what Yahoo uses) insisted he still had a mcafee product installed.

He did have the XP Antivirus 2009 virus. I removed it successfully using MalwareBytes, and then ran Spybot S +D for good measure.

There is a known issue with Norton and a product called McAfee scrubber (or something like that). If you go to the McAfee forum there are posts and posts from people who are trying to install Norton and are told they can't until they install all their products. They've written TWO additional uninstaller tools and even then they are still advising people that they may just have to edit the registry. I curse the developers who thought they were making a fine product there. I did all of that and was still unsuccessful, so I just installed AntiVir which had no conflict. He won't use Zone Alarm so to a certain extent I'm not thrilled with the level of protection, but at least he's virus free for now.

Thanks again to everyone.
posted by micawber at 5:40 PM on August 17, 2008

« Older What to do with all these extra finger condoms?   |   It's big and it's standing at attention Newer »
This thread is closed to new comments.