OH NOEZ S0M3BDOY ST0LED MY M3GAHERTZ!!!
Jan. 15th, 2007 07:44 am![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
plonqI think they tripled up the cream and sugar in my coffee this morning. I am one of those odd folk who actually like coffee for its flavour, and I am not impressed by this syrupy concoction with only wan hints of coffee-like flavour sneaking through the overpowering cream and sugar. >.<
I made a service call yesterday afternoon to help an old friend who was having some computer issues. I knew that I was going to be walking into a mess after she described the situation on the phone. She's a very nice lady, but she suffers the same paralyzing fear of technology that seems to grip a lot of people from her generation which prevents her from advancing beyond the "press this button for power and click here to do my banking" level of expertise around her computer. If I click the wrong thing I might break it!
I loaded Avast! onto my USB key, and then grabbed the latest Firefox, and a good trojan/spyware scanner. As an afterthought I grabbed my laptop computer as well - just in case her networking was too borked to let me update any of those applications.
Following is a dry recap of how I cleansed her computer. To my surprise I didn't have to reformat and do a clean install of Windows.
Her computer was about as sluggish and unresponsive as I had been expecting, and when I finally got Internet Explorer to come up, it had a few bonus toolbars that I recognized as variants on CoolWebSearch. Before I even started attempting to clean off her computer I made her promise that she would change the password on her on-line banking as soon as I was done. She won't - but I don't recall seeing the term "password logger" or "key logger" crop up during the cleansing process, so she may be okay on that front.
The first thing I did was shut down a number of running processes - or attempted to in some instances; there were the usual bits of linked malware that would immediately relaunch the other if one of them got shut down. I finally called up MSCONFIG and disabled the start-up of anything that I didn't recognize and rebooted the machine. The self-relaunching applications were gone this time, and I managed to shut down everything else that I did not recognize. Next I installed the Trojan scanner, updated its definition file and set it loose; it found about 700 items of concern, and managed to delete 600 of them before it locked up. I rebooted into Safe mode and ran it again, this time with better success.
My next step was to install Avast (a decent, free virus scanner). Even though its definitions were a few months out of date, I let it reboot the system and scan things on start-up. It found and removed a few dozen infected files. Once it was finished I registered it, updated its definition files and then booted back into Safe mode, where I went through manually deleting folders and files associated with the various bits of malware. On a humorous note, many of these applications actually had un-installers under Add/Remove in the Control Panel, and all of the ones that I tried were unfailing in their failure to work. My favourite was the one which gave a dire warning about how removing its bit of intrusive ad-ware might cause some applications to fail, and demanded that I type the numbers and letters from a picture into the text box below to confirm that I wanted to un-install this program. Then it disabled the keyboard to make that a bit trickier...
After cleaning up everything that I could find, I booted back into regular mode and went looking for Windows updates. The updater had not worked on my previous attempt, but this time it found some updates. She was only a couple of updates behind, so I am guessing that it only recently stopped working. I "upgraded" her to IE7 (since IE6 was broken beyond being usable any more) and then installed the latest Firefox and (once again) advised her to use it exclusively, and only use IE if she encountered a web page that would not work in Firefox. Since she seldom fires up the browser except to do her banking, I copied over the links to Firefox and let her confirm for herself that the bank worked just fine with Firefox in spite of her earlier protests that it didn't.
Finally I de-fragmented her drive and then started the Trojan cleanser running again. I left her with strict instructions to let it delete anything that it wanted to delete, and then showed her how to manually run the virus scanner once it was done. She called me later and told me that the it had found a couple dozen more items to delete, and the virus scanner had found another 5-6. I was not too concerned by that news -- there are always a few straggler files like that once you have cleaned off a system. None of them were actually running by that point, and that was my primary concern.
One of the things that I noticed when I was working on her system was that she had no virus scanner. I pointed to the little red shield in her task bar which indicated that Windows was unhappy about the lack of virus scanning available and her response was, "My son put that there when he came out to visit." What he had done was remove her expired copy of Norton Antivirus and replaced it with a virus cleaner. I know why he did that, but I am going to slap him upside the head the next time I see him. Her computer is a little strapped for memory, so rather than installing a full anti-virus client, he just installed a scanner and instructed her to run it once a week. I am sure she ran it faithfully for the first few weeks, and then stopped when it regularly found nothing. When I had a look at it, its virus definitions were more than a year out of date.
She should be good for a few months now. She has a working, current anti-virus client that automatically updates its own virus dictionary at least once a day. She has a good, current Spyware/Trojan scanner that auto-updates when it is run, which she has promised to run every week, or at least twice a month. (She'd had both Ad Aware and Spybot Search & Destroy on her computer, and both had become mysteriously corrupted...)
I made a service call yesterday afternoon to help an old friend who was having some computer issues. I knew that I was going to be walking into a mess after she described the situation on the phone. She's a very nice lady, but she suffers the same paralyzing fear of technology that seems to grip a lot of people from her generation which prevents her from advancing beyond the "press this button for power and click here to do my banking" level of expertise around her computer. If I click the wrong thing I might break it!
I loaded Avast! onto my USB key, and then grabbed the latest Firefox, and a good trojan/spyware scanner. As an afterthought I grabbed my laptop computer as well - just in case her networking was too borked to let me update any of those applications.
Following is a dry recap of how I cleansed her computer. To my surprise I didn't have to reformat and do a clean install of Windows.
Her computer was about as sluggish and unresponsive as I had been expecting, and when I finally got Internet Explorer to come up, it had a few bonus toolbars that I recognized as variants on CoolWebSearch. Before I even started attempting to clean off her computer I made her promise that she would change the password on her on-line banking as soon as I was done. She won't - but I don't recall seeing the term "password logger" or "key logger" crop up during the cleansing process, so she may be okay on that front.
The first thing I did was shut down a number of running processes - or attempted to in some instances; there were the usual bits of linked malware that would immediately relaunch the other if one of them got shut down. I finally called up MSCONFIG and disabled the start-up of anything that I didn't recognize and rebooted the machine. The self-relaunching applications were gone this time, and I managed to shut down everything else that I did not recognize. Next I installed the Trojan scanner, updated its definition file and set it loose; it found about 700 items of concern, and managed to delete 600 of them before it locked up. I rebooted into Safe mode and ran it again, this time with better success.
My next step was to install Avast (a decent, free virus scanner). Even though its definitions were a few months out of date, I let it reboot the system and scan things on start-up. It found and removed a few dozen infected files. Once it was finished I registered it, updated its definition files and then booted back into Safe mode, where I went through manually deleting folders and files associated with the various bits of malware. On a humorous note, many of these applications actually had un-installers under Add/Remove in the Control Panel, and all of the ones that I tried were unfailing in their failure to work. My favourite was the one which gave a dire warning about how removing its bit of intrusive ad-ware might cause some applications to fail, and demanded that I type the numbers and letters from a picture into the text box below to confirm that I wanted to un-install this program. Then it disabled the keyboard to make that a bit trickier...
After cleaning up everything that I could find, I booted back into regular mode and went looking for Windows updates. The updater had not worked on my previous attempt, but this time it found some updates. She was only a couple of updates behind, so I am guessing that it only recently stopped working. I "upgraded" her to IE7 (since IE6 was broken beyond being usable any more) and then installed the latest Firefox and (once again) advised her to use it exclusively, and only use IE if she encountered a web page that would not work in Firefox. Since she seldom fires up the browser except to do her banking, I copied over the links to Firefox and let her confirm for herself that the bank worked just fine with Firefox in spite of her earlier protests that it didn't.
Finally I de-fragmented her drive and then started the Trojan cleanser running again. I left her with strict instructions to let it delete anything that it wanted to delete, and then showed her how to manually run the virus scanner once it was done. She called me later and told me that the it had found a couple dozen more items to delete, and the virus scanner had found another 5-6. I was not too concerned by that news -- there are always a few straggler files like that once you have cleaned off a system. None of them were actually running by that point, and that was my primary concern.
One of the things that I noticed when I was working on her system was that she had no virus scanner. I pointed to the little red shield in her task bar which indicated that Windows was unhappy about the lack of virus scanning available and her response was, "My son put that there when he came out to visit." What he had done was remove her expired copy of Norton Antivirus and replaced it with a virus cleaner. I know why he did that, but I am going to slap him upside the head the next time I see him. Her computer is a little strapped for memory, so rather than installing a full anti-virus client, he just installed a scanner and instructed her to run it once a week. I am sure she ran it faithfully for the first few weeks, and then stopped when it regularly found nothing. When I had a look at it, its virus definitions were more than a year out of date.
She should be good for a few months now. She has a working, current anti-virus client that automatically updates its own virus dictionary at least once a day. She has a good, current Spyware/Trojan scanner that auto-updates when it is run, which she has promised to run every week, or at least twice a month. (She'd had both Ad Aware and Spybot Search & Destroy on her computer, and both had become mysteriously corrupted...)
![[identity profile]](https://www.dreamwidth.org/img/silk/identity/openid.png){kind=small}
no subject
Date: 2007-01-15 03:10 pm (UTC)no subject
Date: 2007-01-15 08:16 pm (UTC)1) Because of the tale of woe outlined above, and
2) For more selfish reasons -- I don't know the system, and it would relieve me of future tech-support calls ;)
no subject
Date: 2007-01-15 08:17 pm (UTC)no subject
Date: 2007-01-15 11:49 pm (UTC)Did you use the onscreen keyboard to get around that problem?