So...my buddy gives me his computer telling me it is slow...

leeland

Diamond Member
Dec 12, 2000
3,659
0
76
he got a new computer from his father and a big upgrade for him...

He calls me up and asks if I could look at it as it is 'slow' and 'won't connect to the internet'

I say sure...plug the box in and fire it up...


I am like 'daymn...' this thing is slow as shit for a x64 dual core and 4 gb's of RAM


open up task manager after like 5 minutes of waiting I get this...


http://pics.bbzzdd.com/users/leeland/Spyware.jpg


after I got it under control I finally find 5 different tool bars installed, 3 different filesharing apps and I have Kaspersky bouncing all over the place with trojans

Got to love it!
 

Ayah

Platinum Member
Jan 1, 2006
2,512
1
81
LOL. Damn. That has to be a record for number of processes running.
 

leeland

Diamond Member
Dec 12, 2000
3,659
0
76
no kidding...why do you think I took the screen shot...had to get proof!

now trying to figure out wtf they are and how to get rid of them...
 

Red Squirrel

No Lifer
May 24, 2003
67,299
12,082
126
www.anyf.ca
LOL wow.

We noticed something interesting on a server the other day and also came to the conclusion that there is a limit of 700 processes in Windows. Sadly it was not a virus, but a very crappy custom app that we're stuck supporting. We don't really know what the app does but apparantly it's not very efficient at doing whatever it is suppose to do.
 

leeland

Diamond Member
Dec 12, 2000
3,659
0
76
I am in safe mode right now trying to run a virus scan but it just keeps detecting 'risks' and rebooting at 54% completion...hopefully it is actually removing the infected files and cleaning stuff up...

To be honest I have never done a system restore on a boxed system...I have always just formatted and reloaded...
 

postmortemIA

Diamond Member
Jul 11, 2006
7,721
40
91
I am in safe mode right now trying to run a virus scan but it just keeps detecting 'risks' and rebooting at 54% completion...hopefully it is actually removing the infected files and cleaning stuff up...

To be honest I have never done a system restore on a boxed system...I have always just formatted and reloaded...

that's what you'll need to do... hopefully he got his windows disk or has restore partition

it will take you 5x more time to try to salvage that than him to reinstall all that crapware.

I'm surprised that windows is so dumb to not limit max number of processes running.
 

leeland

Diamond Member
Dec 12, 2000
3,659
0
76
that's what you'll need to do... hopefully he got his windows disk or has restore partition

it will take you 5x more time to try to salvage that than him to reinstall all that crapware.

I'm surprised that windows is so dumb to not limit max number of processes running.

It has an option on boot to do a system restore and there is a partition on the drive that looks like the OS

He doesn't have any disks that he knows of (of course)

I am wondering if that will just put it back to default and he can go on his merry way.

will give it a go with the safe mode and attempt to clean up...if it isn't done by tonight I will go to plan B probably and be done with it
 

Arkaign

Lifer
Oct 27, 2006
20,736
1,377
126
Is this a Vista x64 system? I've used a retail 64-bit Vista Ultimate DVD to reload a friend's OEM Vista Home Premium, his hard drive had cratered on an HP Notebook. The cool thing was that it took him from 32-bit to 64-bit, and now he can use his full 4gb of ram. Had to call Microsoft and explain/get their help with final activation, but that was a relatively painless few minutes.
 

Sheep

Golden Member
Jun 13, 2006
1,275
0
71
That screenshot needs to be submitted to Failblog or some similar site with approrpriate snarky caption added. :)

I had no clue it was even POSSIBLE to run that many processes and boot Windows at all.
 

RebateMonger

Elite Member
Dec 24, 2005
11,588
0
0
It has an option on boot to do a system restore and there is a partition on the drive that looks like the OS

He doesn't have any disks that he knows of (of course)

I am wondering if that will just put it back to default and he can go on his merry way.
You didn't say what brand of PC, but many models of major-brand PCs have a System Recovery Partition. You can read more details in the manual for the PC, doubtless available online. This kind of recovery will normally erase everything on the PC and re-install everything that came installed on the PC out-of-the-box.

Unless you are an absolute expert on malware removal, I'd recommend this as the best course of action. You'll want to back up any important data files first, although I find that most people are just happy to get their working computer back and damn the data files.
 

leeland

Diamond Member
Dec 12, 2000
3,659
0
76
It was a HP machine that he was given from his father. He wasn't the fine individual that shitted up the machine, it was his GF's kid...who had all the file sharing shit on there and god knows what else.

Once I figured out how to actually allow the AV suite to complete the entire scan without rebooting (simple option change) it detected like close to 13,000 infected files and close to 1,200 viruses (not sure if that was completely accurate)

After two consecutive runs I was clean on the deep root kit virus scan so I felt pretty safe it was cleaned up.

I also removed all the shitware he had installed...and told him to give the kid a good talking to

I had, in the past done the same thing you are refering to Arkaign on a friends laptop...it wasn't until we had to activate it that it failed and I was kind of like (FUDGE!).

We called MS support and explained what was going on and they activated it for us, no biggy.

I didn't feel like going through that again which is why I just attempted to clean it up.

On a side note I wonder if you could get a vendor specific Vista disc (like an HP OEM Vista x64 Install disc) for the reinstall that would accept the key delivered on the machine.
 

RebateMonger

Elite Member
Dec 24, 2005
11,588
0
0
On a side note I wonder if you could get a vendor specific Vista disc (like an HP OEM Vista x64 Install disc) for the reinstall that would accept the key delivered on the machine.
If you use a vendor-specific Install disk, you don't need a Key at all. The Key that's on the COA sticker attached to the box is never intended to be used.
 

tommo123

Platinum Member
Sep 25, 2005
2,617
48
91
i fix peoples PCs at times. i format and reinstall windows and make an image. :D

after 2-3 times of losing all their data they tend to take more care of their PCs (i don't backup anything of theirs)
 

JackMDS

Elite Member
Super Moderator
Oct 25, 1999
29,471
387
126
Cleaning amount so much infestation is Not a good idea.

In the process it is unavoidable that some Hooks into the OS would stay unsolved.

As a result sooner or later there would be problem with the smooth working of the computer even if the infestation per-se is gone.

If you can not get a back OS disk tell the owner buy an upgrade and reinstall. No reason to be a "miser" if he wants to enjoy the computer.
 

Nothinman

Elite Member
Sep 14, 2001
30,672
0
0
that's what you'll need to do... hopefully he got his windows disk or has restore partition

it will take you 5x more time to try to salvage that than him to reinstall all that crapware.

I'm surprised that windows is so dumb to not limit max number of processes running.

Because no specific number of processes in idicative of a problem and arbitrary limits are bad...
 

soonerproud

Golden Member
Jun 30, 2007
1,874
0
0
no kidding...why do you think I took the screen shot...had to get proof!

now trying to figure out wtf they are and how to get rid of them...

That bad of an infection requires a wipe and reinstall. It would be the fastest and easiest way to fix that issue.
 

rasczak

Lifer
Jan 29, 2005
10,453
22
81
that's an immediate reload imho. there's too much crap in there to be comfortable that you got everything. blow it away start from scratch load up all service packs and updates, as well as load up an AV. take away admin rights from all users except "administrator" and if they need admin rights, have them shift + right clk on the exe file and use and elevated account.

then tell them that they are on their own after this, not to call or bother you with anymore computer questions.
 

xSauronx

Lifer
Jul 14, 2000
19,586
4
81
That bad of an infection requires a wipe and reinstall. It would be the fastest and easiest way to fix that issue.

this. thats an insane amount of crap to expect to clean safely. treat it like a condemned building and get rid of it.