unfucking a computer, or ask lazy infected lj

[rmd]

So, I have a family member who got what's either a valid antivirus warning or a fake antivirus warning. I suggested shutting down the computer until I can get over there to deal with it.

What's the current set of good solutions for unfucking a computer? I'd like to be able to go over there with a usb drive full of antivirus/antispyware programs in case I need them.

ETA: It's a windows box. I forget what version. Vista, maybe? Might still be XP.

Comments

[bikergeek.livejournal.com]

AIUI the only thing you can really do with a pwn3d Windows box is scorched-earth policy: nuke to bare metal and reinstall. Many people actually opt for *replacing the whole computer* rather than attempting to un-virus it.

Sorry if that's less than helpful.

[charleshaynes.livejournal.com]

I assume this is a windows box? How much effort are you willing to expend?

If it were *my* family member I'd back up data files, reinstall the system from original media, install all upgrades, and then gradually restore the backups. I have no idea what the state of the art is in anti-virus these days.

... but I am not a windows user and I assume you already know all of this.

(PS, people who replace hardware because of virus problems are being foolish)

[also-huey.livejournal.com]

If the BIOS supports boot-to-CD/DVD, and you have a spare Windows license lying around, the best answer is to cook up a UBCD, which is a windows install that runs from the disc and doesn't touch the hard drive at all until you tell it to. You can even script it so it finds the network, pulls fresh AV signatures down, and then scans the HD with as many different tools as you like.

Whether this is more or less pain-in-the-ass than 'nuke it to bare metal' isn't a question I can answer for you.

[koshmom.livejournal.com]

I use Avast! antivirus, mostly because it's free. They're all very similiar. I'd hazard a guess that if the family person is like most people, they click on everything. And use Microsoft browsers and other insecurable stuff.

I'd say get a regular free a-v program, and make them start using a different browser that can be secured better. Chrome is free and safer than anything microsoft has.

And tell them to stop clicking on everything. especially popups. :)

[deguspice.livejournal.com]

Before you nuke the disk, there are couple of things you could try.

(I wrote the following for someone two years ago, but the advice is probably still valid)

I got two bits of useful advice for dealing with something like that. The first is to try using the anti-virus apps from
http://www.malwarebytes.org/ and
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

If those don't work, try pressing F8 while the computer reboots and then select "System Restore" to go back to an earlier restore point (Windows periodically saves its state when you install new software). And after doing the restore, trying reinstalling and running the two apps mentioned above.

Info about System Restore:
http://www.microsoft.com/windowsxp/using/helpandsupport/getstarted/ballew_03may19.mspx

I ended using the System Restore method on my wife's computer to get it working again.

Once it gets working, try installing Microsoft Security Essentials (free). I've switched to using it instead of AVG (also free), MSE is less of a resource hog than AVG, and seems to work.

[paradoox.livejournal.com]

+1 to this.

Malwarebytes anti-malware and System Restore is my go to solution.

How are these people getting on the Interwebs? If they have Comcast cable they have access to free Norton (which I think is better than AVG or Microsoft Security Essentials).

[whipartist.livejournal.com]

I disagree with the people who advocate for a scorched earth policy. My experience with cleaning computers is that I've never had to do that.

Take along a "safe" computer with independent network connectivity. Boot the computer and look at the symptoms.

ClamAV has worked well for me, as has Spybot Search & Destroy.

[koshmom.livejournal.com]

One last thing: Buy your family member a small cable router. Do NOT, by any means, let them plug the cable from the cable modem directly into their computer.

[rmd.livejournal.com]

Oh, there's a small cable router in place, and some antivirus running on it already. Which is why I'm not sure if it's a fake alert or not. (The fakes are good enough these days that I didn't want to rely on an over-the-phone description to determine which it was.)

[whitebird.livejournal.com]

Microsoft Security Essentials is actually pretty good. Free, and not very system resource intensive.