PC Security Neglect

Discussion in 'malware problems & news' started by TheKid7, Apr 21, 2011.

Thread Status:
Not open for further replies.
  1. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,469
    I have only very limited experience with cleaning up infected PC's.

    Today I took a look at a near 4 year old Acer Notebook (Windows VISTA). It came with Trendmicro Antivirus and Spysweeper Trials. The PC owner knew that the AntiMalware software was out-of-date. I saw that not only was Trendmicro out-of-date, but it was showing that it had never been activated.

    Also, Restore DVD(s) had never been made. No blank DVD's were available at the time or I would have made them.

    I did not have a connection to the web while I was looking at the PC, so I did not install and run Malwarebytes AntiMalware since it could not be updated prior to scan.

    Steps Taken:

    1. DrWeb Cureit Express Scan (Report Only) from Safe Mode. No Malware found.
    2. Full Scan (Report Only) with the AVIRA Rescue System CD. One Trojan detected (TR/Crypt.zpack.gen in a file named: gvtlf.dll).
    3. DrWeb Cureit Custom Scan (Report Only) from Safe Mode. The path of the reported Trojan, above, was scanned. The same file (gvtlf.dll) was detected by Dr.Web Cureit as an "Adware......gen"(I don't remember the full description.).
    4. Full Scan with SuperAntiSpyware Portable. The same file (gvtlf.dll) was detected as a Trojan (I do not remember the name it was given.). Also lots of malicious registry entries were found and maybe one or two files most related to a Browser Hijacker of some kind.). The usual bunch of Cookies were found and I think that some sort of Adware was found. I selected to Quarantine all of the malicious objects.

    The PC seems to be faster now.

    Next week I plan to:

    1. Make the Restore DVD's for him.
    2. Uninstall both Trendmicro and Spysweeper using their cleanup uninstallers.
    3. Install a 60 day Trial of Norton Internet Security 2011.
    4. Install and configure Sandboxie.

    Any comments/suggestions?

    Thanks in Advance.
     
  2. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    Almost funny, if it wasn't true :eek:

    I'd be tempted to run MBAM as well, and install Prevx, at least the free PSOL version anyway :thumb:

    And apps like Gmer etc.

    Also run as many scans in safe mode.

    Plus run a good cleaner to eliminate Temp etc files

    Finally, disable System Restore to delete ALL & then re-enable.

    Oh, & don't forget to charge ;)
     
  3. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    Why Norton Internet Security trial? Are you sure he/she will pay for it before the trial ends?
     
  4. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,469
    I think that he will. I will make sure before I install it. If he says that he does not want to pay, I will probably install a free one like MSE or Avast.
     
  5. zapjb

    zapjb Registered Member

    Joined:
    Nov 15, 2005
    Posts:
    3,515
    Location:
    USA - Back in a real State in time for a real Pres
    Install Teamviewer to remotely fix it next time. You know there'll be a next time.:eek:
     
  6. JRViejo

    JRViejo Global Moderator

    Joined:
    Jul 9, 2008
    Posts:
    20,916
    Location:
    U.S.A.
  7. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,469
    Thanks for your suggestions.

    I will look into the TeamViewer option.

    I asked him about letting me have physical access to the PC to uninstall his predominantly non-functional Antimalware software and install a replacement Antimalware product. He said that the PC seems to be working better since I did a quick Malware clean operation on it. He acknowledged that he does need to change out the Antimalware software but I have a strong impression that things will stay the same until he gets the PC infected again.
     
Loading...
Thread Status:
Not open for further replies.