I am helping a friend with her Windows 8.1 computer. This is a computer bought new in late 2014. She is not computer savvy. She only has one computer and shares it with her 17 year old son who is into computer gaming, some hacking, and porn. They use one Windows account which has administrator privileges. She asked for my help because the computer is "Slow and not acting right.". She said that web searches/browsing would get redirected, lots of ads would pop up, the computer would be slow/unresponsive, and black screens would flicker.
When I loooked into the computer situation I found:
Shared Administrator Account.
Lots of downloads of executable files for cheat codes, hacking information and questionable executable files, and history of porn surfing.
Antivirus was disabled and no updates since middle of May 2015.
The OS was currently updated.
Applications were mostly current. Java and Flash were current. Firefox Browser was current.
No evidence of anti-malware programs on the computer or the use of them.
Search results were being re-directed, pop up ads even browser closed, computer very slow. Attempts to go to common anti-malware sites like Spybot, Malware Bytes, etc were being interfered with. Top search results would not be the authentic programs. Attempts to download the real products would not work unless I was in safe mode.
I copied off the data that she is concerned with; Photos and home finance documents, etc. I burned them to a DVD.
Normally I would just do a wipe and reload of the OS. But I am interested in learning how to use a scalpel and not a chainsaw approach. I was also curious what I would possibly find with trojans, etc.
Unfortunately I lost my notes of my exact results. From memory...
I used safe mode and ran (not necessarily in this order): Rkill, Ccleaner, Malware Bytes, Search and Destroy, Adaware, Super Antispyware, and honestly maybe a couple of others. They located and removed a total of about 6 actual Trojans, several PUPs. I ran a few different antivirus solutions and removed some "Minor" stuff.
Then all scans indicated no more threats detected.
I then switched gears and used Eset and DrWeb Linux based Antivirus /malware rescue tools. They located additional trojans. They were able to remove the trojans. And additional scans now show no more threats found.
The computer is acting almost normal. No more ads, pop ups, re-directed searches and browsing. The speed is good. The Change PC Settings Screen does not work as it should. When selected, it briefly appears and then disappears. You have to enter the control panel through another means. Other than that it seems to work.
So how can I tell with a reasonable degree of confidence that the infections have been removed? As I said, I normally would just do a wipe and reload and then harden the system up.
I have already demonstrated to my friend how to have a trusted computing environment using Live Linux Boot DVD that do not auto mount the hard drive for things like banking, Amazon, Social Media, Email. We have talked about safer computing practices. We have talked about her son's computer activities.
Thank you for your time.