Virus on XP box

[roc17]

My neighbor asked me to take a look and their XP box, it seems to start the bootup into windows but then leaves you with just a blank desktop. Task manager opens in a huge font and will only let the user 'switch to' the path for the .exe for AOL....browse does not work. I thought of having them buy Symantec's SystemWorks and running a scan from the CD for starters:thumbsdown:. It appears the box is loaded with viruses based on all this crazy behavior.

Any recommendations would be greatly appreciated....

 

[mechBgon]

1) Drop the drive into a different computer as a secondary drive and scan it with a couple of current-generation antivirus products. free online antivirus scanners Note the precise names of the viruses you find, and post them so we can look and see what types of user behavior might need modifying.

2) copy out any files they want to rescue, and save them on the healthy computer.

3) confirm that you have a full-on, genuine Windows CD to reinstall from, then delete all the partitions on the infected drive.

4) put the blanked drive back in the other computer and reinstall Windows, following some security measures to ensure it doesn't come down with worms in the process.

5) get the system set up as securely as practical and educate the users about where they went wrong last time. Maybe it was P2P, maybe it was clicking on enticing links in an IM program, maybe it was lack of a firewall/router plus expired antivirus software. Finding out what it came down with will help prevent it from happening again.


If you are dealing with an off-the-shelf computer that needs a recovery partition on the hard drive in order to reinstall Windows, then your best bet might be to try the manufacturer's recovery procedure first. If you have a full-version unadulterated WinXP CD, however, then Drop The Bomb On It :evil:

 

[roc17]

mechbgon........Great game-plan. Will follow through and advise.....I know the neighbors don't have genuine XP CD to re-install from so I'll advise that they buy one after the smoke clears. One last question.......do you see any issues with installing their drive....let's say...on my p/c as a slave in order to accomplish what you suggest.....when I run Win200Pro as my OS?

 

[mechBgon]

Originally posted by: roc17
mechbgon........Great game-plan. Will follow through and advise.....I know the neighbors don't have genuine XP CD to re-install from so I'll advise that they buy one after the smoke clears. One last question.......do you see any issues with installing their drive....let's say...on my p/c as a slave in order to accomplish what you suggest.....when I run Win200Pro as my OS?

You wouldn't want it to accidentally boot from their drive while it's in your PC. It usually doesn't work, WinXP usually freaks and blue-screens if it's in a different system, but if they had the same mobo chipsets it could happen. You could unplug your drive, plug in theirs, and just confirm that it does not successfully boot in your system. If it did boot, it might infect your system.

An external USB or Firewire drive box would be nifty for this if you happen to have one. I should invest in one of those...

 

[roc17]

Okay........here's how it played out - wired the 'sick' XP drive to my box as you suggested(disconnected my CD drive and used cable and power for the drive). Left the jumpers on 'CS' vs. 'SLAVE' and rebooted into BIOS - saw the drive as Primary 1; Next, booted up fully into windows (Win2000 - my OS); ran Norton's against the now recognized 'D' drive and revealed 147 spyware/adware programs....no viruses! Performed fix/delete and removed most on first pass....note - was able to subsequently bootup p/c when drive was restored to original box as C: Next step is to have neighbor purchase anti-virus (probably Norton's Systemworks) and install before putting back on ISP. Thanks a million for the guidance. BTW....did blue-screen once or twice but was able to proceed from the subsequent SAFE MODE type window that allowed to proceed with normal bootup.

 

[mechBgon]

That's good news The Microsoft AntiSpyware Beta software is pretty good for a free software, there's a shortcut to it on that page too. You could throw that on there to augment the Norton software if you wanted, or just as a stopgap measure until he picks it up.

Also it still couldn't hurt to have it hammer out a Kaspersky scan overnight too, using their online scanner. They have a good reputation and their software detected Trojans on my little sister's infected system that both McAfee and Norton 2005 had missed.