Infected p/c - scans removed some - now won't bootup

[roc17]

My friends kid asked me to help with his Dell Dimension 3000 as it appeared to have become infected with spyware, malware, etc. and he has his college schoolwork on it.

Did the folowing:
* Scanned with Avast anti-virus on bootable disk and ran signature files from thumbdrive - removed 3 threats.
* Was then able to reach internet and bring down signature file updates for NAV which was previously installed on p/c - ran a full scan and it came back with several infections - Vundo trojan was one of them but don't remember the others.
* Chose to delete infected files and rebooted to complete process.
* Now p/c loops out of 'Logging on user' and immediately moves to 'Logging off user' (WinXP home edition)

I can boot up with the Avast bootable CD but cannot log into Windows. I suspect something now has to be fished out of the registry but don't know where/how to proceed.

Any ideas would be appreciated...next semestere starts soon.

Thanks in advance.

 

[mechBgon]

At this point, I would

1) remove the hard drive and slave it into another computer

2) take ownership of his user folder if necessary, and back up whatever needs rescued

3) at the very least, do a repair installation of Windows (method 2 on this page) and then secure it properly and run virus/spyware scans, preferably with a really good antivirus like AntiVir or Microsoft Security Essentials, and a really good antispyware program like SuperAntiSpyware's free version.

4) better yet, nuke the HDD to smithereens after rescuing stuff (deleting the partitions while it's slaved will do the trick), then reinstall Windows from scratch.

 

[Pegun]

Remove the hard drive, pull off needed info, reformat, reinstall. You could try to use avira to remove any other threats or whatnot but in reality the viruses may not be found and may never be removed otherwise.

 

[RebateMonger]

I've had very poor luck in "fixing" contaminated PCs over the last year or so. It's getting tougher and tougher to find and remove all the malware. Yeah, sometimes I succeed, but it takes a LOT of work and some experience helps. The repairs often make the PC unbootable.

As mechBgon notes, a Repair Install of XP will likely get it booting again, but you may find you have residual bad stuff popping up.

As in Aliens 2, the only way to be sure is to nuke them from orbit. Meaning a format and re-install of everything.

 

[mechBgon]

I'm with you, I prefer the surefire, no-question-about-it method. Installing, updating and securing Windows is simple work that a guy can do while eating pizza and watching a movie

 

[MadScientist]

I've had very poor luck in "fixing" contaminated PCs over the last year or so. It's getting tougher and tougher to find and remove all the malware. Yeah, sometimes I succeed, but it takes a LOT of work and some experience helps. The repairs often make the PC unbootable.

As mechBgon notes, a Repair Install of XP will likely get it booting again, but you may find you have residual bad stuff popping up.

As in Aliens 2, the only way to be sure is to nuke them from orbit. Meaning a format and re-install of everything.

In the OP's case I agree. So far I've been lucky and have only come across a few infected pc's where a complete re-install was necessary, but it takes an arsenal of antivirus weapons and time.
I got a laptop the other day where the boot.ini file was corrupted and could not be re-built and a repair install only made things worse.

I check John's Malware Guide frequently for advice. http://www.elitekiller.com/malware.htm

 

[Modelworks]

The main thing with cleaning out a pc from all malware and virus is time. I haven't found a system yet that I couldn't remove all the junk from, but it takes a very long time to do that and unless it is really necessary you are better to re-format.

The last time I did that was for a car dealer who had never backed up the pc in 4 years. It held all his customer data, payments, loans, etc. He couldn't tell me what was important and what wasn't. I spent about 12 hours on that one removing all the crap and had to use linux to do it with windows running in a virtual machine and me setting breakpoints to control the malware.

 

[SirGeeO]

^how the hell you do that?...lol... not saying it can't be done, but wow.....car dealership PC....I'm pretty sure that IS a unforgettable experience.

 

[MadScientist]

It's a case by case decision on every infected PC I get whether to try to clean it or do a fresh OS re-install. A fresh install usually, depending on what needs to be installed, takes me about 2-4 hours.

Yes, cleaning a hard drive thoroughly? can be very time consuming. And as mentioned you are never 100% certain it is entirely clean.

A friend of mine, who owns a Subway, keeps all his business records on his PC and let his kids use it. He had no backup. It took 8 hours to get into the hard drive and clean it. He now backs up his files daily. In this case I should have used my external hard drive enclosure to back up his files and then nuke the drive.