PC Security Neglect

I have only very limited experience with cleaning up infected PC's.

Today I took a look at a near 4 year old Acer Notebook (Windows VISTA). It came with Trendmicro Antivirus and Spysweeper Trials. The PC owner knew that the AntiMalware software was out-of-date. I saw that not only was Trendmicro out-of-date, but it was showing that it had never been activated.

Also, Restore DVD(s) had never been made. No blank DVD's were available at the time or I would have made them.

I did not have a connection to the web while I was looking at the PC, so I did not install and run Malwarebytes AntiMalware since it could not be updated prior to scan.

Steps Taken:

1. DrWeb Cureit Express Scan (Report Only) from Safe Mode. No Malware found.
2. Full Scan (Report Only) with the AVIRA Rescue System CD. One Trojan detected (TR/Crypt.zpack.gen in a file named: gvtlf.dll).
3. DrWeb Cureit Custom Scan (Report Only) from Safe Mode. The path of the reported Trojan, above, was scanned. The same file (gvtlf.dll) was detected by Dr.Web Cureit as an "Adware......gen"(I don't remember the full description.).
4. Full Scan with SuperAntiSpyware Portable. The same file (gvtlf.dll) was detected as a Trojan (I do not remember the name it was given.). Also lots of malicious registry entries were found and maybe one or two files most related to a Browser Hijacker of some kind.). The usual bunch of Cookies were found and I think that some sort of Adware was found. I selected to Quarantine all of the malicious objects.

The PC seems to be faster now.

Next week I plan to:

1. Make the Restore DVD's for him.
2. Uninstall both Trendmicro and Spysweeper using their cleanup uninstallers.
3. Install a 60 day Trial of Norton Internet Security 2011.
4. Install and configure Sandboxie.

Any comments/suggestions?

Thanks in Advance.

 

Almost funny, if it wasn't true

I'd be tempted to run MBAM as well, and install Prevx, at least the free PSOL version anyway

And apps like Gmer etc.

Also run as many scans in safe mode.

Plus run a good cleaner to eliminate Temp etc files

Finally, disable System Restore to delete ALL & then re-enable.

Oh, & don't forget to charge

 

Why Norton Internet Security trial? Are you sure he/she will pay for it before the trial ends?

 

I think that he will. I will make sure before I install it. If he says that he does not want to pay, I will probably install a free one like MSE or Avast.

 

Install Teamviewer to remotely fix it next time. You know there'll be a next time.

 

Thanks for your suggestions.

I will look into the TeamViewer option.

I asked him about letting me have physical access to the PC to uninstall his predominantly non-functional Antimalware software and install a replacement Antimalware product. He said that the PC seems to be working better since I did a quick Malware clean operation on it. He acknowledged that he does need to change out the Antimalware software but I have a strong impression that things will stay the same until he gets the PC infected again.