Contagious?

[imported_inspire]

Okay. I really hope you guys can help me out because I don't know where else I should look. I'm 'fixing' a friend's computer.

The problem is that it is FUBAR'ed (I'll spare the details). I've got a pretty good idea it has at least one major virus on it, and I know he has uber-spyware (HijackThis log has literally over 1000 lines in it). Blah Blah. I want to do one of two things:

#1 - Reformat.
#2 - Pull the HD and put it in a box of mine as a slave and run utilities on it from a functional OS.

Obviously, #2 is preferable (which is why Im asking) - problem is, I don't want to get whatever is screwing his box up on mine. How much of a risk is there of that happening? Both boxes are running Windows XP Pro SP2. His setup is similar to the one in my sig.

 

[Cr0nJ0b]

If I were in your shoes, I would just reformat. My experience is that once you get to a certain point with Spyware and viruses you will have a hard time getting back. The likely scenario in #2 is that you would find some, but not all of the spyware and probably the viruses (they shouldn't infect your main system, but I hope you have a good AV program with all the updates)...then you will return the drive and find that it's still cracked up...parts missing, progs not running right...etc. You will like be forced to reinstall or reformat at that point anyway.

What I do in this case is, 1) use something like Ghost to image the drive, to another system on the same network or that can be acessed later from a network connection, 2) reformat, 3) patch, patch, patch, 4) add the basic programs in...nothing fancy just the main basic stuff that you always need like AV and office tools and apps, 5) turn on System restore and take a restore point (some will disagree, but I actually like SR). 6) add the rest of the apps and make sure that everything including games and utils are running ok, then...take steps to make sure that this doesn't happen again.

1) tell your "friend" to stop spending so much time on the porn sites.
2) load up an alternative browser like Opera or Firefox for those occasion when you might be visitingg the seedier side of the internet.
3) make sure that you have a router with a good firewall and lock it up tight
4) keep the AV up to date
5) find a good Spyware app (I have yet to find a "Good" one) and use it and update it.
6) if your "friend" ever get the hint that he might be infected in the future...immediately bump back to an earlier restore point...then see suggestion #1 again.

hope that helps.

 

[imported_inspire]

Thanks man, that really helps. I personally use Spybot - I know it's not all-powerful, but the bundled Tea Timer proggy doesn't let anything mess with my registry unless I say so (and that stops a lot of stuff). I also use AVG and keep it updated.

Incidentally, a year or more ago I installed Spybot on his compy. But, when he gave it to me this time, it had been uninstalled. In all fairness, though, his 'subscription' to NAV ran out a month before this happened...

Thanks again.