Big Time PC Infested With Nasties

Help and Discussion

Moderator: The Mod Squad

Big Time PC Infested With Nasties

Postby Spark » Mon May 16, 2011 7:12 am

PC in question:

Sager Laptop, XP Pro SP3, Windows Firewall, AVG, Spyware Blaster, Super Anti Spyware, Spybot S&D, Mozilla Firefox, and all were up to date. File sharing was disabled, Windows was password protected as is the router.

Problem:

Was in a hotel and using their allowed wi fi network. While on a website browsing with out warning the PC shut down but there was no power loss. When it rebooted a dialog box came up on the screen saying MS Warning and proceeded to list some 38 nasties, including Trojans, Key loggers, virus of every kind one can probably think of. Then it said to click to remove or something like that which I did but after I did it I figured I made another mistake thinking MS was Microsoft which I now think it wasn't. It went on to say that if I was connected to a network every PC would be infected ??

Although I was still able to get into Windows plus Safe Mode it seems that almost every program I had installed was no longer. It said many .exe files were contaminated bla bla bla.

I went into safe mode and found my way to program files. I clicked on AVG and opened the scanex file and did a complete system scan. It returned a lot of files that were locked and was not able to scan them. It attempted to repair some but still the nasty resides.

Now what do I do ???

Yeah I know reload the OS, but first a few questions.

1) What type of nasty was this?

2) Can it be repaired with out a reload of the OS ?? Why take the chance, right?

3) What is the chance of the BIOS being infected with this nasty?

4) What is the chance of a Key-logger now being on this lappy?

5) What is the best way to check for a key logger? I thought I remember reading a few years ago that some key-loggers can reside in the BIOS and are not removed with an OS re load ?

6) I know there is F Secure Black Light checker, plus Kaspersky on line checker. But I am concerned that after I reload the OS and run this lappy on my home wireless DSL network I that I will possibly infect my desktop PC.

I know this is kind of long but it seems serious, and I need to go about this the right way. So if some of the experts here would kindly comment and make a few suggestions I would appreciate it.

Note:

I normally run Zone Alarm (free) but I noticed a minor problem with updating some utilities, so I deleted it temporally and was using the Windows firewall, if that makes any difference??

Thanks.........
Spark
Anti-Static Strap
Anti-Static Strap
 
Posts: 485
Joined: Thu Jan 11, 2007 10:36 pm

Postby Karlsweldt » Mon May 16, 2011 7:25 am

A lot of those 'public' sites are rife with hackers.. and they can easily sneak in cookies that assemble into Trojans! Plus a lot of sites don't screen their ads, and you may not note a pop-up ad that is malicious.
First advise is to select a restore point at a time before the infection.. and give the unit a thorough scan with malware scanning programs, plus post a Hijack This result for the pros to peruse.
You should be able to patch the drive into another known-clean system via an external USB case for a sanitizing. But do a backup first, to avoid loss of critical files. The resident Windows Firewall may be effective, but it can easily be defeated by hackers and malware. The "bigger" the target, the easier it is to score a hit!
F@H.. to solve mankind's maladies.. in our lifetimes!
Karlsweldt
Mobo-fu Master
Mobo-fu Master
 
Posts: 20659
Joined: Wed Nov 12, 2003 11:57 am
Location: 07438

Postby Spark » Mon May 16, 2011 4:59 pm

The OS and installed software in this lappy is totally trashed. After fooling around with it for a while with out success, I think it would be better just to reload the OS, BUT.....

I would like to completely wipe the HDD along with all parts of the previous OS & Nasties. Are there any suggestions on a good free cleaning utility to use prior to reloading the OS? Keep in mind I do not have a floppy drive.

Edit: I wiped the hdd with a tool I had that I had stashed away which works great. Now for the reload of the OS

Thanks..........
Spark
Anti-Static Strap
Anti-Static Strap
 
Posts: 485
Joined: Thu Jan 11, 2007 10:36 pm

Postby Karlsweldt » Tue May 17, 2011 7:59 am

If you wiped the drive, hopefully you didn't wipe the small partition that would contain the driver sets (normally hidden). That would be about a 2 GB or so partition.
It is best to kill off any partitions, then restart with none formed.. and then do a wipe. http://www.killdisk.com/ has a great program to ensure a full wipe of any data.
F@H.. to solve mankind's maladies.. in our lifetimes!
Karlsweldt
Mobo-fu Master
Mobo-fu Master
 
Posts: 20659
Joined: Wed Nov 12, 2003 11:57 am
Location: 07438

Postby Spark » Tue May 17, 2011 6:02 pm

Karlsweldt wrote:If you wiped the drive, hopefully you didn't wipe the small partition that would contain the driver sets (normally hidden). That would be about a 2 GB or so partition.
It is best to kill off any partitions, then restart with none formed.. and then do a wipe. http://www.killdisk.com/ has a great program to ensure a full wipe of any data.


I used a different utility. I used this one time before a few years ago when I had to send the lappy back to Sager for warranty work ( hdd went bad after 2 years).

The lappy was not partitioned. After running the utility 2 times (50 min each on a 250 gb hdd) As I started the install of the OS it showed the hdd as New RAW so I am assuming the hdd was totally erased. As of now the XP Pro SP3 OS has been installed along with Anti Virus Super Anti Spyware and Malwarebytes. Next is the drivers then update the anti virus and critical updates then the software goes in. A few more days and it will be done (done in spare time).
Spark
Anti-Static Strap
Anti-Static Strap
 
Posts: 485
Joined: Thu Jan 11, 2007 10:36 pm


Return to Virus/Spyware/Security

Who is online

Users browsing this forum: DotBot [Bot] and 1 guest