Virus problem

[NL mkII]

I just built a new pc and didnt have time to install the antivirus software as I was busy with other stuff. My mate asked to quickly check something on Wikipedia so I said ok as long as he didnt go on any porn sites (he loves the porn!).... he says thats reasonable and nips upstairs.

15 minutes later I walk upstairs and he is looking a little pale and guilty as sin... my pc is displaying a pop up box saying that the system with shut down in 25 seconds, but it has completely frozen. So I restart the pc and now a few pop up boxes appear at the start but NOTHING works, cant even open a notepad file thats on the desktop. I tried safe mode and exactly the same, literally nothing work.

Does anyone know if I am going to have to do a complete reinstall, or is there any chance I am going to be able to sort it out in some other way.


(Sorry about the lack of exact info on the pop up boxes, I'm at work so dont have access to my pc)


NL mkII - Offering £50 to anyone willing to slap my mate with a cold wet haddock

 

[mechBgon]

1) what version of Windows is it (2000, XP, 98, ME?)

2) what service-pack level is the Windows at (e.g. Windows2000 Service Pack 4, WindowsXP Service Pack 2)?

3) what kind of an Internet connection do you have (dial-up, or broadband)? If it's broadband, do you have a router providing firewall protection, or no router?

4) do you have a second, working PC at home, or only at work? If it's only at work, then do you have a CD burner on your work system that you could use to take resources home?

 

[mechBgon]

I have to go to be here in a few minutes, so here is my take on your scenario: you need to do a complete reinstallation, and get it right this time. To do so,

1) remove any wireless cards or dongles, and unplug any network cables. The computer must remain isolated from networks so it cannot be attacked by network worms when its defenses are down.

2) start Windows Setup from the Windows CD. Get to where it shows the hard drive partitions, and delete them all, then press the F3 key twice to EXIT from Windows Setup. Now begin Windows Setup a second time, and this time follow through.

3) absolutely do not connect the network cable, or connect to a wireless network.

4) I'm going to assume a WindowsXP setup here. You need to use a different computer to download & burn the full Service Pack 2 installation file to a CD so you can patch your vulnerable WinXP computer while it's in an isolated state. When Service Pack 2 is installed, it fixes the worst of the wormholes and also enables the Windows Firewall to shield the remaining ones until you can get it patched. Enable the Automatic Updates when you see the prompt.

5) Once the system has Service Pack 2 and its Windows Firewall, you can connect the computer to a network and go online. Immediately go to Windows Update to patch the remaining vulnerabilities. If you have Office Software, install it and go to the Office Update site to patch Office vulnerabilities, and visit again until the system comes up completely patched.

6) Also install some antivirus software, here's a good free one: AOL Kaspersky. Skip the optional "security toolbar" during installation. Configure it like this (screencapture movie narrated by myself).

7) Especially if your mate likes teh pr0n, you should set up the computer so that no one is routinely using a Computer Administrator-class account. Make three user accounts, Admin, your account's name, and Visitors. Make the Visitors account a Limited account. Make your account a Limited account too, so if he sneaks onto it while your back is turned, he still lacks the power to do harm.

Password-protect the Admin account, and don't use it except in instances where you really need Admin-level power for something. This is a huge deterrent to viruses, Trojans and spyware, with or without cooperation from your mate and his friends. It'll keep unwanted software off your computer too. You may also wish to password-protect your own account for privacy reasons.



If you have Windows2000 instead of WinXP, then you will want a third-party firewall such as basic free ZoneAlarm pre-downloaded on a CD, along with the antivirus software and Service Pack 4 , Update Rollup 1, and Microsoft Baseline Security Analyzer 1.2.1. Even with SP4 and UR1, Windows2000 is still in peril of being subverted by network worms if it doesn't have a firewall up from the moment you plug the network cable into it, so make SURE you have the firewall up BEFORE the network gets connected!!

Windows2000 can also do the equivalent of the Limited user accounts, they're called Restricted User accounts. See Control Panel > Users & Passwords and LMK if you have questions. MBSA 1.2.1 can find missing security patches in your Office2000 software if you have any; this ability is not found in MBSA 2.01, so you may want to start with MBSA 1.2.1 and then install 2.01 as a secondary.

When you run MBSA 1.2.1, do address the Restrict Anonymous and weak/blank password issues if it dings you for them. With either Win2000 or WinXP, it is also smart to have a router as a perimeter firewall if you have a broadband connection.

Ok, that's it for me, it's 3AM here :moon:

 

[NL mkII]

Thanks much!

I just bought Windows XP home, so it came with sp2, does that mean I didnt install or that I have screwed up in some way?

 

[NL mkII]

Also (and this is pretty important), is there any way of getting the documents off that HD before reinstalling? I shifted my documents over to a new HD and then gave my brother the old one, which he has now formatted.

Also I've played quite a bit of Oblivion and dont want to have to do it all again!

 

[NL mkII]

... man I should plan these replies first! (just wanted to get one in before you went home!)

Net connection is via a wireless router (although I connect to it via a cable)

I live with 7 other people, half of whom have pcs, and I can get stuff done at work too.



One option I had considered (although I'm not sure it will work), is buying a second hard drive and installing Windows on to that and loading up all the anti virus stuff properly. Then connecting the current hard drive as a secondary drive and hoping that the anti virus software cleans it all up. I had considered buying a second HD for a RAID configuration anyway so it is no problem to do this... but will it work?

 

[mechBgon]

Since you have WinXP with SP2 built in, things get simpler. Rescue your data, reinstall Windows, and this time use the Limited accounts and antivirus software, as well as making sure it's updated right away at Windows Update.

Rescuing your data could be done by isolating the computer from the network, then doing a parallel installation of WinXP on the same partition, but into a separate folder such as C:\Windows_2. After you've rescued your stuff onto CDs or DVDs or a separate hard drive, next remove any extra drives (including USB drives or memory-card readers) and burn both Windows installations to the ground using the method I outlined above (deleting partitions, exiting Windows Setup, then starting again).

Once you've got your new Windows set up and secured, double-check that your antivirus software is fully updated and using maximum settings, then scan your saved data for viruses before you work with it.

Ok, now I'm REALLY going to bed :moon: Good luck!

 

[NL mkII]

how do I choose the folded that windows is installed in to?

Ive always known it to start automatically

 

[imported_nocturne]

Just a little bit of side info... there used to be an exploit is windows XP that allowed someone to shutdown the RPC service, thus causing XP to reboot since it is a vital service (can be reproduced by closing the svchost the runs the service). I originally fixed this by blocking the ports used in the exploit, and MS eventually released a hotfix to fix the problem. This problem might be a related exploit, and was used to comprimise your system files.

I have no experience with kapersky, but I'd recommend Antivir as it's free and has worked phenomonally.

 

[mechBgon]

Originally posted by: NL mkII

how do I choose the folded that windows is installed in to?

Ive always known it to start automatically

When you run Windows Setup, it'll see that "hey wait, there's a Windows installation already, should I repair that one?" and you tell it no, and then along the way you should be able to say "yeah, install to the existing C: partition" and tell it a folder name. I haven't had to do this in a long time so my memory's a bit spotty but see if it jumps out at you when you go to do it.

AntiVir is another good free antivirus, probably next-best after the free version of Kaspersky.

 

[NL mkII]

ah, I didn't actually click on install windows in to this drive as I was worried it would just copy over my current windows (I thought thats what it did). So my plan now is to speak to my work IT department and see if they will generously copy my files over to a dvd or something and then I'll install windows later (after first trying out the methods you have suggested of course, this is definately a great oppurtunity to learn!)

 

[imported_nocturne]

If you install a copy of windows over another one, it 'might' run fine, but you'll have all kinds of extra system folders.

 

[NL mkII]

Yeah, only considering doing it so that I can retrieve the data and write it to a dvd, I would certainly reformat the HD afterwards.

I just got a new HD through today though, so hopefully I can set everything up on that and then virus check the virused drive as a secondary. After that is done reformat that drive and set up a RAID 1.

... thats IF everything goes to plan

...don't you hate that word... If