Overclock.net banner
1 - 19 of 19 Posts

·
Premium Member
Joined
·
9,000 Posts
Discussion Starter · #1 ·
I am at a client's house ATM with her laptop which is loaded to the roof with spyware it seems.

She had me come over yesterday to remove the "Antivirus 360" virus which i easily removed, and left after i felt her computer was running fine. Today, however, she had me come back over because she thought it was back.. but now her computer is loaded with something and rendering her C2D laptop useless. She is the only one who uses the laptop, and it was running fine yesterday, so i can only assume it has to do with me deleting the A360.

From trying in both normal and safe modes, i cannot get either spybot search and destroy or hijackthis to even START. Spybot's process flickers in task manager and hijackthis doesn't even show at all. AVG Pro was installed prior to my visit and is running a scan but only picking up tracking cookies.

I'm at a loss here. Is this something i can fix without a reformat or would that be the best option?
 

·
Premium Member
Joined
·
10,871 Posts
I personally think reformatting is always the best way to clean a computer up and sometimes almost absolutely necessary. Try launching the programs from the command prompt and see if that works.
 

·
User of the PC
Joined
·
2,124 Posts
Quote:


Originally Posted by Dopamin3
View Post

I personally think reformatting is always the best way to clean a computer up and sometimes almost absolutely necessary. Try launching the programs from the command prompt and see if that works.

Yeah I think so to. I allways reformat my pc when I get one.
 

·
Registered
Joined
·
2,872 Posts
Yeah reformatting is the easiest way. I always zero fill the drives just to make sure, apparently some of the nastier stuff stays on even after a reformat, or so says a friend that works in the field.
 

·
Premium Member
Joined
·
8,052 Posts
Use Clamwin Portable or Malwarebytes Anti-Malware, those should be the best bet for the laptop.

If any of the malware or virii change any registery information, you have to change it back yourself though.
 

·
Registered
Joined
·
1,470 Posts
Quote:


Originally Posted by Dopamin3
View Post

I personally think reformatting is always the best way to clean a computer up and sometimes almost absolutely necessary. Try launching the programs from the command prompt and see if that works.

Ditto, especially if it's one of those viruses/trojans that likes to cloak itself, that even using the malware software in safe mode can't remove (or on another PC [via remote] can't detect it).

Saves a lot more time, especially if a client's computer is mostly web browsing orientated.
 

·
Registered
Joined
·
1,170 Posts
Here is another free tool that you can try.... I have used it personally numerous times in my career as a computer technician to assist in removing spyware that prevents the useage of other tools.

http://siri.geekstogo.com/
 

·
Registered
Joined
·
2,444 Posts
I've had similar problems with viruses that deny anti-viral or anti-spyware to install or run. I ended up using a cheap usb (just in case) and ran portable software off that. It worked alright it was for random ad-ware; don't know if it would work for A360.
Clamwin portable and CCleaner can both run portable. I don't recall but I may have used Spybot on portable as well. After those three, I re-installed Windows Installer (weird I know but it was gone or corrupted) and used Ad-Aware and Antimalware. Got rid of all the obvious signs and hasn't had a hiccup yet (between a working antivirus, Ad-watch, and Spybot's immunize).
 

·
Premium Member
Joined
·
2,794 Posts
the antivirus 360/2009/2008/2010 etc is rampant right now. i have found malwarebyte is able to clean it fine, however you have to fix registry changes the virus changed. Most i have been able to do without any issue by hooking their hard drive onto my home PC through usb adapter and then after cleaning the virus booting up and taking care of settings. However the last version i ran into had hijacked the system so bad, it was easier to just reformat.
 

·
Registered
Joined
·
1,384 Posts
I bought a copy of winterals ERD and it is the greastest thing since slice bread. I think a boot cd is the best way to go. You can go into the system directory and get rid of anything since it doesnt have system privilides. I move the files into a another directory and change the extention to make sure nothing vital is removed. You can do so much with it, edit registry, system restore, autoruns, etc...
 

·
Registered
Joined
·
628 Posts
Sometimes those programs tend to erase system files as they erase viruses as well. (Superantispyware, A2, Antivir). I always ask the customer for a copy of the system cd that came with the computer, if they don't have one I try to use a copy of my own if it's compatible.

Also, I make a virtual clone of the customers hard drive, even if it's infected with crap, I almost ruined a computer at first due to aggressive scanning and the deleting of system files.

My rule of thumb is

1. backup
2. investigate
3. backup
4. delete
5. backup
 

·
Fettered Firewall
Joined
·
2,491 Posts
I had to remove a few instances of 2008 Antivirus with Kaspersky.

I downloaded the install on USB and installed it in a trial mode, since the user had virus software already but was rendered useless.

This cleaned it up after a few reboots but everything else listed here would NOT run or would never find anything. Would re-direct web traffic away from those sites and luckily I had my laptop with me to clean his.

After about 2 hours we had it cleaned up and didn't have to reformat. The ONLY thing that didn't work was his VPN but a quick re-install of that fixed it as well.

I know people here like the free tools and some hate Kaspersky but honestly I've used it for years and never had one issue and it's blocked and cleaned everything; including this case.
 

·
Registered
Joined
·
824 Posts
You have to stop the process from starting when windows loads. Then you can deal with it appropriately. Run MSINFO32 and find the process in the startup page. Use task manager to kill it and then edit it out of the registry. then scan with your software of choice to clean up.

You could use winpatrol to do this as well.
 
1 - 19 of 19 Posts
Top