Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Is Dell Solutions Premium Crap? Should I feel secure to proceed in using my computer in a very unusual situation?


  • Please log in to reply
2 replies to this topic

#1 psycmanhelpme

psycmanhelpme

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:15 AM

Posted 02 April 2010 - 06:22 PM

Hello,

This is my first time on bleepingcomputer after hearing rave reviews about how helpful the community is. I am in a somewhat strange situation and I want to just briefly go over what has happened and then hear your thoughts on what I should think now.

A few days ago I got a virus, a bad virus. I think I tried to watch some random video stream and all of a sudden my computer flipped out pretty badly despite having an up to date Norton 2010. I immediately feared the worst and freaked out like I always do, only this time it was justified. I ended up paying $140 for dell solutions to remotely connect to my computer to try to fix the issue. My first move was to Norton to try to fix it, but the virus made it impossible to visit a norton webpage and so it was impossible for them to remote connect. While I am a newbie to this forum I do already anticipate that people will scoff at me going to Norton and Dell for help and paying such money to boot. But I was desperate, and the money was not nearly as important for me as getting my computer fixed as soon as possible.

So 'luckily' dell was able to access their remote connect page so I went ahead and paid for their service. First I was given a technician who seemed horrible. She worked on my computer for like 4 hours (telling me midway she was done in 30 minutes and would definitely have it all cleaned) only to do nothing. I knew she was an idiot because she literally tried to do the same things over and over and over without changing anything. Likethere was a webpage she wanted to access that wouldn't work once I was infected and she literally tried to load 100 times. So I went to bed miserable at 7am feeling pretty hopeless.

Next day I get a new person who seems to have a much better clue. He spends all day trying stuff and at some points he is working with other technicians in their office. They are trying all sorts of stuff. It started with the obvious like malwarebytes, etc, then they tried a bunch of things I had never heard of (not saying much, but still). Basically two huge problems seemed to be becoming clear. Either the virus would somehow make the program they tried to use fail either at installation or somewhere along the way when it was working, or, as was the case with MWB, it would find infected files, remove them, and then when I restarted they would be back all over again. The guy then told me he would call back tomorrow after troubleshooting with their most senior person.

Next day he calls, they try a few things for a bit, and then tell me the computer is too far gone and that the only other things he could try at this point would seriously risk crashing the computer in a way that could ruin it. He then suggested I finally just get the Dell (I have an old Inspiron 9300) XP boot CDs and reinstall XP clean. But here is where the major trouble lies and why my situation is/was so miserable. I am in Sweden right now and will be for another month. I am an idiot and had at some point in the last year put those CDs in a closet at home so I didn't have them. I work on my computer and urgently need to have a working good laptop while I am here. So he basically tells me I am screwed since they can't mail a new CD to Sweden.

I realize many people must have such CDs lying around and I am able to find someone who can give me an old XP SP1 CD. The problem is, one it isn't MY dell CD, but worse it is a Swedish XP CD only which is just really damn annoying and the Dell guy seems bothered by this.

Anyway, here is what he decided was the best thing to do. In order to not totally wipe my files (and please excuse my lack of technical specificity here since I am clueless) he decided to do some sort of partition that reinstalled the windows XP SP1 CD freshly on my computer but did not delete all my files. It seemed like it went relatively smoothly even though it took forever and I was back on XP, this time with a normal number of processes running (34 instead of the 100 I had when I was infected) and things were running smoothly. I got one random blue screen error (it snap restarted so I couldn't write it down) but it did seem a one time thing and hasn't come back. He assured me (since prior Dell people assured me wrong things before I am not very trusting at this point) that I was definitely 100% safe to use my swedish windows XP and that I shouldn't feel afraid to log into sensitive things like bank accounts and email etc. It sounded reasonable and things were working well so we hung up.

Here is where the problem lies. He ran mwb after I called him back about the bluescreen and it showed infected files despite him claiming I was not at risk. He said this was not a risk and that the virus itself couldn't be in the system files since it was reinstalled and that those infected files were (again excuse my lack of specificity) some sort of corrupted files that the virus had caused since he didn't totally wipe out my harddrive and my personal files were still in tact, they could possibly be corrupted or 'infected' but not in a way that posed any risk to me right now (I don't even have access to those personal files and he was going to help me with dealing with them when I get home). Back to the scan, he ran it, cleaned everything it found, restarted and ran it again. Unlike when my computer was freaking out from the virus, the infections did not reappear, so that was reassuring and he left again.

He had installed Avira onto my XP and I decided to just run a full system scan for the heck of it to see if I was totally clean. It is still running now, but so far it has found 1576 infected files and obviously that has me terrified. Should I just let Avira delete everything it fines, restart and run it again and see if it finds 0?

Should I believe him and think my computer is safe enough to use for limiting but sensitive things while I am in Sweden?

I am a computer idiot when it gets on these deeper levels and am very busy and don't really have time now to learn a bunch or learn how to run a bunch of stuff right now.

Ideally, first off, I am really just hoping to hear peoples opinions about my experience and more importantly WHAT SHOULD I THINK NOW? Should I believe him that I can safely use my computer on this Swedish XP until I get home despite Avira and MWB detecting infected files or should I be the panicky paranoid person I am and assume someone is spying on my every move and will break into my bank account and steal the $50 check my Grandmother gave me for a birthday present 15 years ago. If you do think I am mostly safe, but have some simple things to do, please let me know. Again my plan right now is to let Avira finish the full system scan, wake up, check this forum and then decide how to proceed. Hopefully you guys are as amazing of a resource as I was told :thumbsup:


Update, my avira is done and I don't know what to do. I have never used it before and it gives me the options of: Repair, Move to Chest, Delete, and Do Nothing. Let me know what I should do!

Thanks sooooooooo much if you even read this far and for any advice. Sorry I was so long winded.

Psycman

Edited by psycmanhelpme, 02 April 2010 - 06:34 PM.


BC AdBot (Login to Remove)

 


#2 psycmanhelpme

psycmanhelpme
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:15 AM

Posted 03 April 2010 - 01:55 AM

I am really sorry to bump this so fast but I am freaking out a bit and could barely sleep. I came here as soon as I woke up but didn't get any feedback and didn't see the post on the page any more. Any thoughts on this issue?

I also wanted to do a bit of an update. The man who loaded the Swedish WinXP named it "WINXP" while my prior windows was named "Windows". When I go through the scan log from avira's full system scan, I notice all the infected files are from either C:WINDOWS (not winxp) or C:systemvolumeinformation, or C:programfiles, or C:delldrivers. I am pretty sure the C:windows and C:programfile infected files were all from the old XP. I don't know what to make of the systemvolumeinformation and delldrivers. They also could be from the old XP files but I have no clue.

I thought it important to add that since just blindly running a scan will search all the old system files as well as the new and the guy did tell me that my current system is totally secure. Again, I am very skeptical due to them being wrong before about being able to fix the virus directly, and so I wanted to get your opinions. Thanks again.

Edited by psycmanhelpme, 03 April 2010 - 02:20 AM.


#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,561 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:15 AM

Posted 03 April 2010 - 09:10 AM

Ok ,you ask a lot of questions, not bad tho,but I think we can starighten this out.
First the Path is C;\Windows .. not xp
The system vol we can eliminate last. That is the system resor file location..
The best process fir Avira is repair ,then move(quarantine, later we can delete.

let's do a scan and see another log.

Please run TFC by OT
Please download TFC by Old Timer and save it to your desktop.
alternate download link
Save any unsaved work. TFC will close ALL open programs including your browser!
Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.

Next run MBAM (MalwareBytes):

Please download Malwarebytes Anti-Malware (v1.45) and save it to your desktop.alternate download link 1
alternate download link 2
MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users