Questions from a nubee

Discussion in 'malware problems & news' started by HD rider UK, Feb 16, 2005.

Thread Status:
Not open for further replies.
  1. HD rider UK

    HD rider UK Registered Member

    Joined:
    Feb 16, 2005
    Posts:
    121
    Location:
    Gloucestershire, UK
    Hi all
    this is my first post so please be gentle with me.
    Thanks to the advice given in here, I now have a clean, safe and reasonably secure system, however my father has a major problem with his PC. He is running Win98 with minimal up to date AV, no firewall, no anti spy etc etc etc, and now has all the classic symptoms of multiple infection, browser redirects, popups slow machine etc. Its now so bad that he cant even get on the web and access secutity sites to d/l any tools such as CWshredder or AdAware to start cleaning up. The question is- would I be OK if I copied the installation / setup apps for CWshredder, Adaware, AVG, spyware guard and blaster, HJT, Winpatrol, SSD and A2(free) from my PC onto a CD and then installed them on his system and ran them for him. (all these are free versions and fully up to date).
    Advice please?

    Jock
     
  2. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Hi Jock, welcome to Wilders.

    No problem in doing that at all. General Cleaning has a list of tools that will help you with your fathers system.

    Let us know how you go...

    Cheers :D
     
  3. HD rider UK

    HD rider UK Registered Member

    Joined:
    Feb 16, 2005
    Posts:
    121
    Location:
    Gloucestershire, UK
    Thanks for that, i will add them to the schedule. \i am seeing him tomorrow so will post my progress in the evening.
     
  4. Jimbob1989

    Jimbob1989 Registered Member

    Joined:
    Oct 18, 2004
    Posts:
    2,529
    You may want to install tools to prevent such nasty files being downloaded again.

    Jimbob
     
  5. HD rider UK

    HD rider UK Registered Member

    Joined:
    Feb 16, 2005
    Posts:
    121
    Location:
    Gloucestershire, UK
    Evening all.
    Well it looks like I have been fairly succesfull in sorting out my old mans PC.
    I followed the steps described in the general cleaning guide after first getting rid of a lot of rubbish through the add/remove programmes utility.
    I installed Adaware se fully updated, CWshredder, Spybot S&D, AVG7 and HJT from a CD I created on my PC.
    I ran CWShredder straight away in scan only, just to see what it would find - result? zero detections! which i must admit surprised me a bit, however-on with the story-
    Booted into safe , ran all the apps, quarantined everything they found - I wont list them there were HUNDREDS of detects, and that was after clearing all the cookies and temp files! I should point out that as has already been posted elsewhere, no single app found everything, CWS still detected nothing yet both Spybot and Adaware found numerous CWS items. AVG also found a few bits and pieces. Repeated the process until all scans came up clean.
    Rebooted into normal mode and defragged the system. Rebooted again into safe and rescanned -all clear. Next normal boot there was a huge improvement in system performance, boot time was now a quarter of what it had been when i first got there. Rescanned again with everything - still clear so allowed myself a small smile. Installed Spyware Guard and Spywareblaster, reconnected the modem and got on the net with SG , AVG and teatimer all active ( we had disabled the macafee AV that he was running before). First stop was to DL and install ZA free, then Ewido- evrything going fine, no pop ups or redirects ran the trend micro online scan - yippee - clean. Nothing strange asking for access through ZA, screwed that down as tight as possible along with the IE settings and AOL settings. so far so good...
    Spent the next few hours checking the functionality of the machine with everything still in various quarantines - no probs so deleted the items, everything still worked YIPPEE!!! :D

    Anyway, that was yesterday, and the feedback from my dad is that everything still working fine, had some alerts from the apps, but he handled those ok and it looks like he is sorted for the moment at least.

    Now to be frank, I am not sure as to how clean his system actually is, it was so riddled that it would hardly run, but now is (apparently) fully functional again, which to be frank, we regard as a real result so we are regarding this as a small victory agains the scummers.
    last point i would comment on is that older versions of CWS had always worked well for me and had been my first tool to run, this newest Intermute version didnt inspire the same confidence.

    Thanks for your help and guidance here, the fight goes on.

    Jock
    PS
    have you heard of this file?
    C:\windows\msak.exe AAW Se identified it as CWS related, but from what i could find it seems to be related to the Blaster worm.
     
  6. HD rider UK

    HD rider UK Registered Member

    Joined:
    Feb 16, 2005
    Posts:
    121
    Location:
    Gloucestershire, UK
    last post corrected ooops

    Correction to my last post
    I d/l and installed A2on Dads PC, not Ewido as stated, as dads OS is win98 and Ewido wont run on that, i use Ewido myself on XP, sorry about that, not firing an all two cylinders this evening.. :oops:
     
  7. meneer

    meneer Registered Member

    Joined:
    Nov 27, 2002
    Posts:
    1,132
    Location:
    The Netherlands
    And prevent infection, practicing safe hex, would be nice.
    Switch to less vulnerable programs helps too.
     
  8. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Good to see that there was a nice result, you may want to take a look HERE. As well there are discussions HERE and even more HERE.

    Hope this helps...

    Let us know how you go.

    Cheers :D
     
  9. HD rider UK

    HD rider UK Registered Member

    Joined:
    Feb 16, 2005
    Posts:
    121
    Location:
    Gloucestershire, UK
    Thanks for your help and encouragement here, its appreciated.
    24 hours on and my old man is happy as a pig in s*** over both the way his system is running and the way the security apps are working. As he is not particularly pc literate, it is important that the software he uses is fairly friendly and understandable in terms of output. With this in mind, we are reasonably happy that we have a good balance and layered protection within his skillset.
    As a PS to my last post , I asked if you had any info on a file with the path
    c:windows\msak.exe. which adaware had identified as being CWS related. When I googled it, the only refs I could find were to the blaster worm type, which we didnt find on his system, any ideas what it might be?
    I would also welcome your views on the fact that the latest version of the (intermute) cws shredder had found no cws infection, whereas adaware and s&d did.

    ta

    Jock
     
Loading...
Thread Status:
Not open for further replies.