TechSpot

Catch 22 with the 8-step virus removal

By k.jacko
Jan 23, 2009
  1. Ok,
    i've been asked to clean up a HP Pavilion dv 1000 laptop, which seems to be inundated with nasties due to the owner letting the Nortons Internet Security trial expire without renewing it. He had no other protection on the laptop at all.

    So, looking at the 8-step guide. I have copied onto a blank cd fresh downloads of:
    Avira, Avast, CCleaner and MalwareBytes.
    Installed Avira and ran it, but without a connection to the net i cannot update the latest definitions, same goes for avast (both keep prompting me to update). They both find loads of stuff, but require updating.
    One of the symptoms is that it just won't connect to the net, and i daren't put it on my network for fear of infections spreading.
    I'm trying to install a 3g usb modem, but it seems to hang after so long on the installation.
    Its also hanging at the 'Finishing Installation' stage of Malware Bytes, something that has been reported by other users in other threads.
    All the above has/is being done in safe mode with ALL non-Microsoft services disabled. Could this be a problem?

    Please help, if you can....

    Many thanks :)


    Update

    Ok, malwarebytes eventuall DID finish installation.
    However the pc hangs when trying to uninstall Nortons Internet Security.
    I know there is a removal tool for their products but 'Internet Security' isn't listed and i cannot find which version it is.

    update 2:
    ok, still can't anyting to update or even work properly
    I have found though that when trying to connecto to the net, the local lan adaptor keeps adopting a DNS of 85.255.112.223, regardless of whether i have it assigned automatically and release/renew the ip, or input mine manually.

    Hopefully someone must have a clue.
     
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    About Avast and Avira: the suggestion is that if you do NOT have an antivirus program running, to install EITHER Avast or Avira, not both. And I am seeing suggestions to remove whatever current AV you do have in favor of either Avast or Avira. My opinion on this is: IF there is a functioning AV program that has been updating currently, leave it alone for now. While the latter two may be more highly recommended, It's just one more program to have to deal with.

    As for updating- one symptom of malware is that it will not let you update- it; s called survival! Why let the system get an update that might wipe it out?! Clever, huh?!

    DNS of 85.255.112.223 is a result of the malware DNS Changer. Please refer to this immediately:
    DNSChanger Trojan

    Now do the 8 Steps for Virus and Malware Removal HERE.

    Attach the three logs for review when finished.
     
  3. k.jacko

    k.jacko TS Rookie Topic Starter Posts: 493

    Bobbye:
    yep, know all about ip configs (remember the other thread where we both needed coffee, lol?)

    Thing is i can't fully uninstall anything, so Nortons is stuck.
    What i've managed to do is copy of the user's data onto external storage. I'll then fully scan and hopefully eradicate any nasties by connecting the storage to a standalone pc with loads of anti-virus/malware/spyware stuff on.
    I'll then do a destructive recovery on the laptop and copy the cleaned up data back on.
    It really will the be the simplest and quickest option as this lappy is all but bricked!

    Thanks for the input.
     
  4. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Run the Norton Removal tool

    But your way, sounds better ;)
    Make sure to re-install all Drivers and then all Windows Security updates
    Also I find Avira Antivirus to be the best presently.
     
  5. k.jacko

    k.jacko TS Rookie Topic Starter Posts: 493

    Well hopefully the recovery partition isn't infected so that will reload all drivers for me.
    I still have the issue of getting the .pst mail files off as it just freezes every time i get near to doing something like that. :(
     
  6. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Try this:

    By right clicking and selecting "Save As" Download this small TOOL (this is safe to use)
    Fully close Outlook Express

    Run the newly downloaded "open_oe_store.vbs"
    When the folder opens, save all your PST files


    Also found a free OE (Outlook Express), backup program here: http://www.insideoe.com/backup/index.htm
     
  7. CCT

    CCT TS Evangelist Posts: 2,653   +6

  8. k.jacko

    k.jacko TS Rookie Topic Starter Posts: 493

    Thanks guys,

    Kimsland; the main user account is using windows live mail on xp sp2.
    So will try your suggestion but may not work.

    CCT; thanks dude, downloading it now.
    :)
     
  9. k.jacko

    k.jacko TS Rookie Topic Starter Posts: 493

    guys, just a thought.
    You reckon its worth taking the hdd out of the laptop, putting it into an external caddy, attaching it to a standalone pc which is loaded up with Avira, Avast, Malwarebytes and CCleaner) and it scan the external for viruses/spyware etc?
    Would it be able to find as much by scanning it this way?

    Basically i'm concerned that i need to get the users mailbox off the lappy, but its constantly freezing on me, so i just can't get near it to try.


    edit:
    managed to download virus databse updates for avira, avast and malwarebtes AND update them on the infected lappy.
    Avast is currently running a bootscan and has found loads of stuff. Amongst them Antivirus pro 2009 which only an hour ago i was reading about on another forum how it is a rogue app which infects the pc.
    I'm gonna see how all this pans out, but i might still reformatt anyway.
     
  10. k.jacko

    k.jacko TS Rookie Topic Starter Posts: 493

    update:

    ok, all the nasties seem to have gone now. I did a full scan using avira, avast, superantispyware and malware bytes and it cleaned out loads of stuff. I can now access the internet, and update all relevent progs.
    I also installed O&O defragger and sorted out the hdd which was fairly sluggish at 25% (although i've seen worse) degrafmentation.
    All seems good now.

    Thanks for your help guys, muchos gracias! :)
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...