Virus or Malware Friend's Computer

[Jboman]

In need of help.

If your pc has already been infected with a virus or malware and your antivirus software was not re-newed, how or what can be used to detect and/or remove the virus or malware during the boot process or after reaching your desktop?

I have a friend (really a friend, not me) that didn't renew the antivirus software he had been using, and now that AV has expired.

My friend's computer has been infected with some virus or malware. Some message plainly shows Virus or adware...something like that, and his desktop background has changed from 'Bliss' to a funny green color.

He went out and purchase Norton Internet Security Suite 2008, but he can't install it unless he first installs Service Pack 2.

When he attempted to go to www.microsoft.com to download SP2 he received a message regarding unprotected or infected computers, something like that can not access the site. When he clicked on continue a 'page can not be displayed' appeared.

My friend is at a dilemma, has AV/Internet Sec software, but can't install it.

Also, I read at the microsoft site you can download a Malicious Software Removal Tool that can detect and remove prevalent or active viruses. But, how can he download and install this tool if he can't access www.microsoft.com due to his computer being unprotected and/or infected?

So, I was thinking I could possibly download the Malicious Software Removal Tool to my HDD, then burn it to a CD-R/RW. Then I was thinking once my friend starts up his computer I could possibly download the Malicious Software Removal Tool to a location on his HDD, and then install from that location. Then from that location run the Malicious Software Removal Tool to scan for this virus or malware that has infected his computer.

All that written, is that possible?

Jboman.

 

[kimsland]

Use an online anti-virus/spyware scanner: Kaspersky Online Scanner and Trend Micro Housecall

Edit:

Oh and Xp is up to SP3 now

But you need to install SP2 first

 

[DjKraid]

you can also try with AdAware...but that woan't take away the virus but it removes adware and spyware.... lavasoft.com or download.com

 

[kimsland]

1. Spybot Search & Destroy - Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.
   
2. AdAware - Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.
   
3. SpywareBlaster - Great prevention tool to keep nasties from installing on your system.
   
4. SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.
   
5. IE-SpyAd - puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
   
6. ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
   
7. Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
   
8. Google Toolbar - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows.
   
9. Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)

 

[Jboman]

Thanks a whole lot

Thanks Kimsland and DjKraid will look into your suggestions.

I really appreciate the quick responses and help.

Thanks again.

Jboman.

 

[Jboman]

I finally found out what my friend's computer has gotten infected with.

That nasty Antivirus XP 2008.

I was able to download the Windows Malicious Software Removal Tool to the HDD of my computer, then I 'burned' it to a CD-RW.

I started up my friends computer, then logged in, once I reached desktop the Antivirus XP 2008 started doing it's thing.

I then inserted the CD with the Windows Malicious Software Removal Tool on it into the CD-ROM Drive, and then the Tool launched, and promped me for a quick scan or full scan. I chose Full Scan. After about an hour, I received a report that three infected files were detected. Then I was prompted to restart, as the actual removal takes place upon re-start. I restarted the computer. I then logged in, and it appears the Antivirus XP 2008 is removed. But, my friend's computer still displays a message " Your computer has been infected " or something like that.

I don't know if this Antivirus XP 2008 been eradicate or not. Plus, I went to add/remove programs and it was still populated there. I attempted to uninstall from add/remove programs, but to no avail. As Antivirus XP 2008 is still listed in Add/remove programs. Then I attemped to uninstall by going to START, Programs, then Anitvirus XP 2008, then uninstall. The Antivirus XP 2008 doesn't show when going to START, Programs anymore, but still appears in add/remove programs, so I'm assuming my friend's computer is still infected.

What are the proper steps to take to remove this Antivirus XP 2008?

And, once this suspected 'nasty' is removed, what should I do and/or check for?

Please outline for me.

Thanks.

 

[SpiritWind]

Your friend apparently has a "Rogue" Program and the 1st "Thing" to try is
ruuning a "Full Scan" of an Updated FREE Version of "Malwarebytes' Anti-Malware" available from www.malwarebytes.org/mbam.php .

By the way, I am still using Win XP SP1 on my computer and I have no trouble
downloading, installing and Updating all my security programs. And I recommend
you try using the FREE Avast Antivirus Home Edition ( www.avast.com ) with
further Info at www.avast.com/eng/avast_4_home.html . It has "boot scan"
capabilities as long as the OS is not "too" old .

 

[Jboman]

Thanks SpiritWind.

My Friend's OS is Windows XP Home Edition.

I don't know the version.

I will do as you suggested.

I will also keep you post on this.

Next time I will attach logs.

Thanks again SpiritWind.