Alright, I spent 5 hours trying to tackle and retrieve a XP Media Center from one of the nastiest malware infections the owner has ever seen, and it's still not done. For the most part, I beleive several of the major peices of malware have been deleted/quarantined/removed, it still had Ad-Aware 2007 running a full scan as we left the store.
A soldier brought in an HP 17" laptop he had just recently purchased in Texas before being transferred to Fairbanks. The issues he was having was that it was no longer connecting to the internet, that he was no longer able to change his firewall settings, and that a pop-up was telling him he had virus. I asked if I could work on this case while worked on a hard drive transfer and some other things to which he said sure. He took me through the steps of deleting the TEMP folder contents through regedit and looked to see what was installed for anti-spyware and anti-virus. All he had was AOL Anti-spyware, which to say the least, did not make the situation look promising.
I offer to take care of the rest after Dave instructs me to install AVG since the owner did want Norton. I install AVG and attempt to update it with no success in either normal bootup or safe mode with networking. I Google the error message and note that AVG can become blocked by the Firewall in the event of virus attacks. I assume the worst and just run it. It detected 5 Trojans and 2 viruses, all of which it took care of. I then booted into normal mode and installed Spybot S&D with several issues of the process "delextra.exe" continuing to execute themselves. As fast as I can end 3, another begins. I fend them off for as long as it takes to install Spybot and run updates and restart into safe mode. I scan and stop it since Spybot has some problems if it gets too many hits that it has to delete... it finds a folder in C:\WINDOWS\Fonts\' with 32,112 hits.
A soldier brought in an HP 17" laptop he had just recently purchased in Texas before being transferred to Fairbanks. The issues he was having was that it was no longer connecting to the internet, that he was no longer able to change his firewall settings, and that a pop-up was telling him he had virus. I asked if I could work on this case while worked on a hard drive transfer and some other things to which he said sure. He took me through the steps of deleting the TEMP folder contents through regedit and looked to see what was installed for anti-spyware and anti-virus. All he had was AOL Anti-spyware, which to say the least, did not make the situation look promising.
I offer to take care of the rest after Dave instructs me to install AVG since the owner did want Norton. I install AVG and attempt to update it with no success in either normal bootup or safe mode with networking. I Google the error message and note that AVG can become blocked by the Firewall in the event of virus attacks. I assume the worst and just run it. It detected 5 Trojans and 2 viruses, all of which it took care of. I then booted into normal mode and installed Spybot S&D with several issues of the process "delextra.exe" continuing to execute themselves. As fast as I can end 3, another begins. I fend them off for as long as it takes to install Spybot and run updates and restart into safe mode. I scan and stop it since Spybot has some problems if it gets too many hits that it has to delete... it finds a folder in C:\WINDOWS\Fonts\' with 32,112 hits.
I open the folder and find 32k worth of zip folders, each with a size of 114KB. They all have names of software, movies, song albums and more. I have to manually delete them all and run the scan again. It finds another 120+ trojans, adware, spyware/ It deletes them and requires a restart to take care of the rest. I install Ad-Aware 2007 next update it and run it. It finds 6 items with a Threat Analysis Index (TAI) rating of 10 (maximum threat). It can't take care of them. I navigate to the folder it shows them in and manually delete the .exe files and some other files that a google search revealed were another problem source. I restart and scan again with everything with minimal hits which were easily resolved. I restart and boot into normal mode and begin toying with IE7 and FF, both work fine. I leave and come back the next day and the owner tells me he had to remove some netware stuff from the registry but otherwise did a good job removing everything.
No comments:
Post a Comment