Need help fixing a heavily infected xp os
Posted 12 January 2011 - 04:08 PM
I started by trying to install AVG, hoping I could get rid of a good amount of the stuff right off the bat with that. After dling the free version of AVG, it told me I needed to uninstall McAfee because it was interfering. I did this and then rebooted. Go to run the AVG installer, and what do you know, I get a pop up informing me the AVG file has been infected and the comp freezes.
This is where I'm at right now. I wanted to get some input from you guys before I try anything else and possibly screw things up more. So, what do you think my next step should be, try to dl the free AVG again in safe mode or something? As a side note, soooo happy I've switched to Ubuntu on my rig and don't have to deal with this shit on there.
Posted 12 January 2011 - 04:56 PM
It is possible to use stuff like sysinternals tools (I've posted them many times in these forums) and something like HiJack This, that will take a snapshot of running processes But formatting and re-installing is much more reliable, and 80% of the time is much quicker than tracking down every single running process. Also, it is possible to develop Windows Rootkits that can make this impossible, for all but the best security investigators.
If I planned on using a service like Netflix that requires secure authentication, linked to financial information, I'd definitely format and reinstall Windows.
EDIT: even if you do track every process, and confirm it is a legit running process, you'd still need to verify the executable to make sure it is original. To to that correctly, you'd probably need to verify it's MD5 hash signature vs. a known good executable.
Edited by tekio, 12 January 2011 - 05:00 PM.
Posted 12 January 2011 - 05:01 PM
Posted 12 January 2011 - 05:14 PM
Just boot up a copy of Ubuntu, Knoppix, etc.. and pop in a thumb drive or USB CD Burner. Be sure to scan all the saved files on a clean updated system though.
Posted 12 January 2011 - 09:47 PM
BinRev is hosted by the great people at Lunarpages!