Very heavily infected PC, need help won't boot in windows

Discussion in 'malware problems & news' started by Simon Phoenix, Jan 11, 2009.

Thread Status:
Not open for further replies.
  1. Simon Phoenix

    Simon Phoenix Registered Member

    Joined:
    Apr 3, 2005
    Posts:
    152
    I'm fixing a computer for a customer and her computer is heavily infected with all sorts of stuff. I managed to delete some files with Dr web cure it as well as A2 free (running from usb) but upon deletion of those files I cannot get back to the Windows screen.

    It boots but doesn't go to desktop.

    I have Bart PE running and I managed to install a couple programs on the infected hard drive and erased some but no luck, still the pc won't get into the desktop, I have to load Bart and get to the desktop in Explorer.

    How should I go about doing this?

    I have Bart and well as other software install on a flash drive and cd, since I cannot load the flash drive I can however run from the CMD.

    Any advice will be appreciated, I will be online for a while working this out.
     
  2. Simon Phoenix

    Simon Phoenix Registered Member

    Joined:
    Apr 3, 2005
    Posts:
    152
    I'm trying to install superantispyware but it installs on the Bart PE drive instead of the C: drive, I have no idea how this is happening.
     
  3. Simon Phoenix

    Simon Phoenix Registered Member

    Joined:
    Apr 3, 2005
    Posts:
    152
    This is a HP desktop, it has HP recovery on it, should I run this? will it delete any of the customers info?
     
  4. emperordarius

    emperordarius Registered Member

    Joined:
    Apr 27, 2008
    Posts:
    1,218
    Location:
    Who cares
    Probably yes. I'd suggest to try with UBCD4Win, you boot it from a disc and you get a GUI Windows-Like system. Then just use it to put the customer's documents on an external drive, and then use the HP Recovery.
     
  5. Fly

    Fly Registered Member

    Joined:
    Nov 1, 2007
    Posts:
    2,069
    Heavily infected ? If security/privacy is important, reformat the harddisk, reinstall the OS, drivers, programs, updates etc.
    If you have a clean backup of the data you can just restore that afterwards.
    If not, you could try to back up the data but then you risk reinfecting the system.

    I presume we're not talking about cookies here, but about the more serious stuff. You can't ever be sure that by cleaning/deleting malware the system will get back to a previous clean state, and even if you could, you're risking corruption of the OS.

    Undoubtedly not the answer you were looking for. But before you do this, I suggest you make sure that you know how to reinstall everything. That can sometimes be more difficult than expected.

    Of course, if a clean IMAGE is available, you can simply restore that (although you might have to deal with the data).
     
  6. Simon Phoenix

    Simon Phoenix Registered Member

    Joined:
    Apr 3, 2005
    Posts:
    152
    I will try that soon, I'm gonna run a cmd scan with A2 first and see, System restore didn't work, computer still won't boot into windows completely.
     
  7. Fly

    Fly Registered Member

    Joined:
    Nov 1, 2007
    Posts:
    2,069
    I created my post before you made that one !

    I don't know what 'HP recovery' is, I'm not even certain what a recovery disk is. Maybe it will help o_O
     
  8. Simon Phoenix

    Simon Phoenix Registered Member

    Joined:
    Apr 3, 2005
    Posts:
    152
    The lady said she wants her files on the computer so that's why I'm trying to recover the OS rather than reformat the HD, if I have to do that I will but I will make her know first.

    About the computer, it's a older HP desktop, it has the recovery partition on it but it told me to try system restore and windows repair first, I will make sure I try those options first.
     
  9. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    This is a hidden partition on the HDD which many vendors provide instead of the OS install CD/DVD.

    Blue
     
  10. Smokey

    Smokey Registered Member

    Joined:
    Apr 1, 2002
    Posts:
    1,513
    Location:
    Annie's Pub
    The customer will not appreciate that drastic solution......:rolleyes: *puppy*
     
  11. Fly

    Fly Registered Member

    Joined:
    Nov 1, 2007
    Posts:
    2,069
    You're referring to a Windows system restore (point) ? Malware can hide there. Windows repair ? Is that when you run the Windows (XP?) OS CD-R, and you try to replace any damaged/missing windows files ? I doubt it will be sufficient.
     
  12. Fly

    Fly Registered Member

    Joined:
    Nov 1, 2007
    Posts:
    2,069
    People want miracles :D
     
  13. Fly

    Fly Registered Member

    Joined:
    Nov 1, 2007
    Posts:
    2,069
    I have my doubts about that practice.

    What if one really wants/needs the original Windows installation CD-R ?
     
  14. Starbuck50

    Starbuck50 Registered Member

    Joined:
    Oct 20, 2006
    Posts:
    6
  15. Simon Phoenix

    Simon Phoenix Registered Member

    Joined:
    Apr 3, 2005
    Posts:
    152
  16. Smokey

    Smokey Registered Member

    Joined:
    Apr 1, 2002
    Posts:
    1,513
    Location:
    Annie's Pub
    Agree. What can be a reliable alternative instead of reformat, in such way the customer will not be EXTREMELY pissed about losing all his files? :rolleyes:
     
  17. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    Agreed.

    The obvious issue is loss of the drive via hardware failure. In that case, the recovery partition does not do any good.

    I always have an externally based solution available (install CD's, backup on Windows Home Server, a previously cloned drive, etc.) and always request the install CD's if they weren't provided (there's typically an added minor media/shipping charge, ~ $15-$20).

    Blue
     
  18. Huupi

    Huupi Registered Member

    Joined:
    Sep 2, 2006
    Posts:
    2,024
    For heavens sake teach her some basics about security or........don't if your objective is to get some future $$ from her. LOL :D
     
  19. Simon Phoenix

    Simon Phoenix Registered Member

    Joined:
    Apr 3, 2005
    Posts:
    152
    I have a back external hard drive but I immediately jumped into delete viruses and I think A2 free might of deleted some viruses that were hidden in the system files, since I ran that virus scan I cannot get into the desktop at all.

    I can get to the logon screen but not to desktop, I think the virus scan at times is pretty aggressive. I have to see if there is a better and safer way than just trying to delete viruses.

    I'm running the recovery software right now, it installs all the orginal system files without affecting the users data so I hope that will enable me to get into the desktop.

    The user claimed times as long as 30 minutes for the computer to boot up and I beleive her, this desktop is loaded with stuff, kids downloading from kazaa and "free music" all day searches, A2 must have caught about 250 pieces and I didn't even get a chance to delete or move all of them, the "system turn off" virus came on and shut the computer down shortly after.
     
  20. Smokey

    Smokey Registered Member

    Joined:
    Apr 1, 2002
    Posts:
    1,513
    Location:
    Annie's Pub
    Well Blue, you act in a way it should be, regrettably such is not practised by everyone..:isay: *puppy*
     
  21. Smokey

    Smokey Registered Member

    Joined:
    Apr 1, 2002
    Posts:
    1,513
    Location:
    Annie's Pub
    Simon, I will provide you with a FREE advice: next time let perform a qualified professional the cleaning job, OK? :cautious:
     
  22. Fred_Flintstone

    Fred_Flintstone Registered Member

    Joined:
    May 6, 2008
    Posts:
    2
    Location:
    Somerset
    It's a bit late to "lock the stable door" now.. the horse is already long gone!...:D
    You could try slaving the drive to another machine to try and copy over the data you need to save?..
    THEN reinstall and copy the customers' data back to the machine again..
     
  23. Starbuck50

    Starbuck50 Registered Member

    Joined:
    Oct 20, 2006
    Posts:
    6
    If you get this up and running again, i'd suggest that you run some scans and find out exactly what you are dealing with before you go nuking stuff.
    and get the programs installed properly on the system.... then if you have problems you can pull back the deletions that were made.
    All good security software will make backups of what it removes.... if it's installed properly.
     
  24. Simon Phoenix

    Simon Phoenix Registered Member

    Joined:
    Apr 3, 2005
    Posts:
    152
    It's no biggie she's pretty understanding so if I have to wipe the hard drive she'll understand that completely. As I see it, I'm learning myself so I deal with people who know that as well.

    This is a older computer, a qualified professional will charge her as much as her computer is worth... she won't do that.
     
  25. Smokey

    Smokey Registered Member

    Joined:
    Apr 1, 2002
    Posts:
    1,513
    Location:
    Annie's Pub
    When she have understanding for the sad fact you destroyed her machine for reason of massive ignorance and she will accept such without any complaints: my sincere congrats to you!
    Well, I assume you are not really informed about the possibilties, OTOH I didn't expect such at all after what is written here by you. You have acted in a highly irresponsable way.

    Tell your customer she is welcome to visit my board and will be provided with help for FREE by qualified professionals concerning malware removal. :cautious: :isay:
     
Loading...
Thread Status:
Not open for further replies.