Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

How do I know when the previously infected computer is disinfected?


  • Please log in to reply
2 replies to this topic

#1 SafetySteve

SafetySteve

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Northern California.
  • Local time:07:58 AM

Posted 31 July 2015 - 10:50 AM

I am helping a friend with her Windows 8.1 computer.  This is a computer bought new in late 2014. She is not computer savvy.  She only has one computer and shares it with her 17 year old son who is into computer gaming, some hacking, and porn.  They use one Windows account which has administrator privileges.  She asked for my help because the computer is "Slow and not acting right.".  She said that web searches/browsing would get redirected, lots of ads would pop up, the computer would be slow/unresponsive, and black screens would flicker.  

 

When I loooked into the computer situation I found:

 

Shared Administrator Account.

Lots of downloads of executable files for cheat codes, hacking information and questionable executable files, and history of porn surfing.

Antivirus was disabled and no updates since middle of May 2015.

The OS was currently updated.

Applications were mostly current.  Java and Flash were current.  Firefox Browser was current.  

No evidence of anti-malware programs on the computer or the use of them.  

 

Search results were being re-directed, pop up ads even browser closed, computer very slow.  Attempts to go to common anti-malware sites like Spybot, Malware Bytes, etc were being interfered with.  Top search results would not be the authentic programs.  Attempts to download the real products would not work unless I was in safe mode.

 

I copied off the data that she is concerned with;  Photos and home finance documents, etc.  I burned them to a DVD.

 

Normally I would just do a wipe and reload of the OS.  But I am interested in learning how to use a scalpel and not a chainsaw approach.  I was also curious what I would possibly find with trojans, etc.

 

Unfortunately I lost my notes of my exact results.  From memory...

 

I used safe mode and ran (not necessarily in this order):  Rkill, Ccleaner,  Malware Bytes, Search and Destroy, Adaware, Super Antispyware, and honestly maybe a couple of others.  They located and removed a total of about 6 actual Trojans, several PUPs.  I ran a few different antivirus solutions and removed some "Minor" stuff.

 

Then all scans indicated no more threats detected.

 

I then switched gears and used Eset and DrWeb Linux based Antivirus /malware rescue tools. They located additional trojans.    They were able to remove the trojans.  And additional scans now show no more threats found.

 

The computer is acting almost normal.  No more ads, pop ups, re-directed searches and browsing.  The speed is good.  The Change PC Settings Screen does not work as it should.  When selected, it briefly appears and then disappears.  You have to enter the control panel through another means.  Other than that it seems to work.

 

So how can I tell with a reasonable degree of confidence that the infections have been removed?  As I said, I normally would just do a wipe and reload and then harden the system up.

 

I have already demonstrated to my friend how to have a trusted computing environment using Live Linux Boot DVD that do not auto mount the hard drive for things like banking, Amazon, Social Media, Email.  We have talked about safer computing practices.  We have talked about her son's computer activities.  

 

Thank you for your time.

 

 



BC AdBot (Login to Remove)

 


#2 jayarelawler

jayarelawler

  • Banned
  • 75 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:58 AM

Posted 31 July 2015 - 11:00 AM

Someone on this forum created a tool http://www.bleepingcomputer.com/download/windows-repair-all-in-one/ that would help you in this situation.  If it were me, I'd just use Process Explorer to see what network traffic is being generated.  Cheers.



#3 buddy215

buddy215

  • Moderator
  • 13,420 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:09:58 AM

Posted 31 July 2015 - 11:08 AM

From what you describe I think it best, since you do not want to reinstall OS, to get an expert's opinion.

 

You can get an expert opinion and help for removing malware by following the directions below. Once you have posted the new topic

DO NOT bump it....wait for a response which could be several days.

 

Please follow the instructions in the Malware Removal and Log Section Preparation Guide starting at Step 6.

  • If you cannot complete a step, then skip it and continue with the next.
  • In Step 6 there are instructions for downloading and running FRST which will create two logs.

When you have done that, post your logs in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team.

Start a new topic, give it a relevant title and post your log(s) along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. If you cannot produce any of the required logs...start the new topic anyway. Explain that you followed the Prep. Guide, were unable to create the logs, and describe what happened when you tried to create them. A member of the Malware Removal Team will walk you through, step by step, on how to clean your computer.

After doing this, please reply back in this thread with a link to the new topic so we can close this one.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users