Jump to content


Photo
- - - - -

Need help fixing a heavily infected xp os


  • Please log in to reply
5 replies to this topic

#1 zwei

zwei

    I broke 10 posts and all I got was this lousy title!

  • Members
  • 14 posts
  • Gender:Male

Posted 12 January 2011 - 04:08 PM

So, my mom recently acquired my deceased grandmothers computer, and wanted me to hook it up to our television so we could watch netflix. I installed Ubuntu hoping to just do everything on that and avoid having to take care of her xp os for a while, but as I soon learned you can't run Netflix on a linux system because the movie industry is stupid. So on to the real problem, this xp is seriously messed up.

I started by trying to install AVG, hoping I could get rid of a good amount of the stuff right off the bat with that. After dling the free version of AVG, it told me I needed to uninstall McAfee because it was interfering. I did this and then rebooted. Go to run the AVG installer, and what do you know, I get a pop up informing me the AVG file has been infected and the comp freezes.

This is where I'm at right now. I wanted to get some input from you guys before I try anything else and possibly screw things up more. So, what do you think my next step should be, try to dl the free AVG again in safe mode or something? As a side note, soooo happy I've switched to Ubuntu on my rig and don't have to deal with this shit on there.

#2 tekio

tekio

    5(R1P7 |<1DD13

  • Binrev Financier
  • 1,085 posts
  • Gender:Male
  • Location:The Blue Nowhere

Posted 12 January 2011 - 04:56 PM

There is a chance you might be able to get it to run correctly, and maybe even get rid of every last piece of malware. But, the most headache free, and sure fire way to be SURE it is cleaned is to format and reinstall. Especially since it sounds like there is not much data to be saved.

It is possible to use stuff like sysinternals tools (I've posted them many times in these forums) and something like HiJack This, that will take a snapshot of running processes But formatting and re-installing is much more reliable, and 80% of the time is much quicker than tracking down every single running process. Also, it is possible to develop Windows Rootkits that can make this impossible, for all but the best security investigators.

If I planned on using a service like Netflix that requires secure authentication, linked to financial information, I'd definitely format and reinstall Windows.


EDIT: even if you do track every process, and confirm it is a legit running process, you'd still need to verify the executable to make sure it is original. To to that correctly, you'd probably need to verify it's MD5 hash signature vs. a known good executable.

Edited by tekio, 12 January 2011 - 05:00 PM.


#3 zwei

zwei

    I broke 10 posts and all I got was this lousy title!

  • Members
  • 14 posts
  • Gender:Male

Posted 12 January 2011 - 05:01 PM

Yeah, that would be the easiest/best thing to do I guess. The problem is my mom wants some pics and stuff from it. I was thinking maybe I could scan it from a Ubuntu live cd, try to clear some of the virus stuff that way, at least enough to get on and get these pics and whatnot, and then I could reformat. Does that make sense? I guess I would scan the individual files I took off it again to make sure they are ok before I do anything with them.

#4 tekio

tekio

    5(R1P7 |<1DD13

  • Binrev Financier
  • 1,085 posts
  • Gender:Male
  • Location:The Blue Nowhere

Posted 12 January 2011 - 05:14 PM

Yeah, that should be good. Be careful, MS had a GDI vuln, as late as August 2009 that would spawn a remote shell if a "crafted" WMF image was viewed in the o/s. You should be fine on Linux.

Just boot up a copy of Ubuntu, Knoppix, etc.. and pop in a thumb drive or USB CD Burner. Be sure to scan all the saved files on a clean updated system though.

#5 zwei

zwei

    I broke 10 posts and all I got was this lousy title!

  • Members
  • 14 posts
  • Gender:Male

Posted 12 January 2011 - 05:37 PM

OK. Thanks.

#6 nyphonejacks

nyphonejacks

    Dangerous free thinker

  • Members
  • 793 posts
  • Gender:Male
  • Location:718

Posted 12 January 2011 - 09:47 PM

i would also say a fresh install is the best way to go... but if all you want is netflix on your TV you can just use a gaming console - 360, ps3 or wii... i used to have a HTPC connected to my HDTV, but currently i just use my wii to access netflix...




BinRev is hosted by the great people at Lunarpages!