My girlfriend's sister is having some serious problems with her computer. Since it's not my computer the information I have is incomplete, but I'll do that best that I can.
The specs:
Windows XP SP 2
Dell (no idea about the processor and such because I can't access My Computer.)
I'm guessing it's roughly two years old.
The problem:
Upon startup, about a dozen command-line windows open on top of each other. They're titled "Cwindows\system32\drivers\spools.exe"
She's completely locked out of just about everything in her computer including anti-virus programs, she can't access the start menu, etc. The searching I've done on a clean computer has said that spools.exe is a pretty serious virus and can be difficult to remove. She says there isn't much irreplaceable data on her computer. She said it's mostly things like her resume that would be a pain to recreate, but she could manage.
Is it worthwhile to try to remove the virus, and if so, what should I do? Otherwise, should I just reformat and reinstall windows to be sure that the problem is history?
__________________
Thanks for the support everyone! For those of you who visited my thread in the FS/T forum, my students got all the calculators they needed!
It would be a good idea to backup whatever is needed just to be sure. Just be careful that what is backed up is not infected. Then boot to safe mode, turn off recovery check point thing, and scan with a good AV program. See if that's enough to clean it off.
Originally posted by: CalvinHobbes
It would be a good idea to backup whatever is needed just to be sure. Just be careful that what is backed up is not infected. Then boot to safe mode, turn off recovery check point thing, and scan with a good AV program. See if that's enough to clean it off.
Thing is, when I boot into safe mode I'm still unable to open the start menu or run her antivirus software. I suppose I should've mentioned that above.
__________________
Thanks for the support everyone! For those of you who visited my thread in the FS/T forum, my students got all the calculators they needed!
Originally posted by: CalvinHobbes
It would be a good idea to backup whatever is needed just to be sure. Just be careful that what is backed up is not infected. Then boot to safe mode, turn off recovery check point thing, and scan with a good AV program. See if that's enough to clean it off.
Thing is, when I boot into safe mode I'm still unable to open the start menu or run her antivirus software. I suppose I should've mentioned that above.
Her antivirus software appears not to be up to the task anyway. Try Safe Mode With Networking and use some online antivirus scanners such as F-Secure's (use Internet Explorer). The suggestion of HijackThis is also good if you have someone tell you what to remove, or can deduce it yourself.
Personally, I would rescue whatever data is important, nuke it to the ground with a DBAN CD, then set Windows up securely for her.
That style virus is a pain in the behind to clean. If you have the time, you could start by pulling her hard drive out and scanning it from another system that has a good working AV and anti spyware programs
This link describes how to export/import a registry setting that re-enables the ability to run programs.
Ok, I'm at her house now posting from their secondary computer.
I booted into safe mode and deleted spools.exe from the Cwindows\system32\drivers\ directory. Since I can't access the start menu, I had to do that by running C through Task Manager. I then tried to run regedit through Task Manager, and it asked me what program to use to run regedit.exe. (Like when you try to open a .pdf without having Acrobat Reader on your system.) Same thing with msconfig.
I would use something like HijackThis or an online scanner, but her internet access is completely borked on that computer. The machine is literally crippled except for the few things I can dance around, like skirting My Computer by running C directly.
If they have any blank CDs around, backing up the vitals and then nuking the poor machine is looking like the most attractive option. Then I will absolutely set them up securely mechbgon. Even with anti-virus programs, this family seems to have their computer go down at least once a month.
__________________
Thanks for the support everyone! For those of you who visited my thread in the FS/T forum, my students got all the calculators they needed!
I was in a hurry last week, so we didn't actually wipe the computer out that day. Would it be possible for me to burn some kind of Linux distro onto a CD, boot from that, and burn/email files that way without going into windows?
Any idea if this would work at all, and if so, what variety of Linux I should be looking for?
Thanks in advance.
__________________
Thanks for the support everyone! For those of you who visited my thread in the FS/T forum, my students got all the calculators they needed!
here is something that might help. I use linux as my only op/sys and have used distros like dsl and puppy as a quick and dirty live cd. this link takes you to the INSERT project (Inside Security Rescue Toolkit) and is a bootable 60 Meg cd... I will be downloading a copy of this to see how well it works on my roommates computer (windoze based)
Help with computer virus - spools.exe
windows\system32\drivers\spools.exe"
