Question about a virused machine

A friend just contacted me. He has some kind of virus on his machine keeping him off the Internet, from running his antivirus program (Norton), or opening files.

I advised him to go into safe mode and try to remove the virus with Norton (which probably wouldn't work since it didn't catch it in the first place). If that didn't work, I told him to try to get online in safe mode and run an online antivirus program such as housecall or Mcafee online.

He can't do any of that. Even in safe mode, he can't make anything work.

I said about the only thing left was to format his hard drive and reload everything and chalk it up to experience.

Now, someone else told me that he might not be able to format and reinstall because the hard drive might be trashed by the virus. Is that possible? Can a virus infected operating system destroy the hard drive?

 

As you can see on the left of your screen, I'm no expert. Wait for them!
If he can boot into safe mode, it's been my experiece that the virus wasn't that bad. He can start up in safe and then drop to dos to do his work, he will need a clean local media of windows to fix things though. If you don't get any easier fixes from the pro's I can walk you through it the way I just did one of my machines, get all the latest updates of AV's you can find, these will help you find the little bugger as they sometimes like to hide out in the darkest places.
Don't dispair, help is on the way I'm sure.

I'll Second that Amendment

 

Chuck,

Just see if he has hijackthis... or if he has not just send him by some file transfers... ofcourse if its possible though...
now tell him to run hijackthis and just post the log in adware , hijacking forum.
either if he can or thru you...
the hijackthis log will help for a better understanding about what happened

regarding virus on hard disk... some information

Virus authors have decided to exploit the confusion around the Year 2000 problem and are now releasing virus programs with trigger date around the start of the new millennium. Many of these viruses even simulate a Year 2000 problem. Unsuspecting computer users will concentrate their defence on known Year 2000 problems instead of virus. Different viruses are already on their way, and the first one was triggered on the 1st of December. Most of them spread as so-called "worms" via e-mail. Some of them carry personal messages, which make you believe that the mail is sent by a friend. If you open the attached file your hard disk will be infected. When the virus is activated at a later date it can delete files, format your disk and do other seemingly irrepairable damage to your data. Furthermore the virus will spread by transmitting a copy of itself to persons on your mailing list.

 

Hmm no experts here so far.

 

I would (have someone) download the bitdefender bootable cd and use that to fight the virus. If it is a virus.

 

Okay, I am going to take a shot at this one since I just cleaned out a similar scenario for a friend's neighbor. This computer was so bad that it was completely taken over as I sat back watching things happen on the screen without ever touching the mouse or keyboard. It was really weird. It took mega hours but I got it done.

1. Get someone to download on to a diskette from Panda in order to do a computer scan of the infected computer. Then run the scan. If there are any critters that cannot be removed, then they will have to hunted down one by one after they have been identified. Panda will also repair any infected files and identify suspected files.
http://www.pandasoftware.com/products/activescan/#e3

2. Download SpyBot, SpywareBlaster, Ad-Aware on to diskettes and have them installed into the infected computer, immediately check for updates, and then do scans. SpywareBlaster does not scan a computer but one should have it installed to prevent spyware but that can be done later.
Ad-Aware: http://www.lavasoftusa.com/support/download/
SpyBot: http://www.safer-networking.org/index.php?lang=en&page=download
SpywareBlaster: http://www.javacoolsoftware.com/spywareblaster.html

3. If the infected computer runs WinXP or ME, be sure to disable the System Restore feature before scanning. Often a worm or virus will hide there and simply restore itself just when you think you have it all cleaned up. When system restore is disabled, reboot the computer, then scan and after you have the computer completely clean, enable the System Restore and reboot again.

4. Now if you have any critters that have a write protect and cannot be removed and of course, you know the names, click on START, then SEARCH, then FILES & FOLDERS, then type in the name of the files that could not be removed. They will be listed and if you cannot remove them manually with a simple delete, then insert a diskette into your CPU, and right click on that item and choose either MOVE TO or SEND TO and choose the floppy drive. Do that for each item that will not remove with a simple delete. Presto, write protect or not, it is gone right out of your computer. Do a full system scan again as well as another Search in case something was missed and if everything comes out clean that should just about do it.

After gaining control of th computer, you can download HijackThis and post a log on the appropriate forum here and someone will read it & give you a final analysis.

Hope I have helped and Good luck. Peaches

 

Okay, thanks everyone, and especially Peaches4U. After several long phone calls (my friend lives in Kansas and me in New Mexico, he got the machine cleaned and back running. Unfortunately, he didn't or couldn't tell me what he was infected with.

He used his wife's computer to download the Panda AV to disc. Whatever the viruses, trojans, or worms were, Panda caught and removed them. He said there were several but never bothered to list them although I asked him to. He's also uninstalled Norton and replaced it with Panda Platinum Security and will be downloading Adaware (my favorite) and Spywareblaster onto his computer.

Again, thank you everyone

 

Everytime I read this statement (NAV user cursing NAV not protecting them and switching) I wonder.

Almost every test (I mean indepedent test not mag reviews) I have seen NAV ranks highly in terms of accuracy. It also tends to do well on detecting malware in general and the wider the test set (zoo, exploits,adware etc), the better it seems to do. Even in terms of trojans it does very well usually, only behind KAV.

Yet, I keep reading about users not being protected by Norton and switching in droves to things from AVG (which always has much poor detection rates than almost everything) to Panda/Sophos etc

Why is this so?

Either..

1) Users of NAV are incompetent and don't update their AV signatures (but doesn't NAv have autoupdate by default)

2) The tests don't tell us everything. Perhaps, by trying to cover everything, NAV tends to miss out in detecting really critical viruses that are more often encountere by typical users

3) There are more NAV users out there, hence more of them tend to get problems. Perhaps by % the number of such users who get zapped by viruses are about number, but in terms of actual numbers they may be large because of NAV's popularity.

 

Hi
I think the probs users get with NAV is more than likely due to the way its been configured,I haven't used any Norton product in ages,w95 machine years ago,but even then I thought the user interface confusing,and I imagine as the "tools" have got more complicated,configuring to give optimal protection has probably got more complicated:-bet most users leave everything set at default!(stopped using Norton cos found systemworks/win doctor,whatever it was called at the time,a real pain to get rid of,I hope things have improved on that front!)