Replies

This is a fascinating time for being on the sidelines. I get to see a lot of random consumer machines, and a couple patterns are apparent. One, the Win XP systems in service are hardy machines, they’re working fine but failing on schedule. I see a LOT of old Dell plastic clamshell cases. A lot of Vista machines are failing recently, mostly due to bad motherboard capacitors. We don’t repair those, but I’m curious if any of you do and how well that works. (I used to work for Heathkit and soldering is as easy to me as flossing my teeth…but replacing caps on old machines seems like a waste of money…right?)

Anyway, these people are buying new machines as their old ones fail. Many of them barely know how to use Windows to get to their browser or Office, or some games. Their HDD has maybe 40GB used total, unless they have a lot of music, photos, or movies. These people are going to hate computers even more than they do already.

We know that most (all?) businesses will reject Win 8 on first glance due to the retraining and lack of any obvious productivity or reliability advantages. Certainly MS knows this too. Win 7 is gone from stores, so the beta tester for this POS UI is the home user who won’t buy online where she can choose a more suitable desktop OS.

MS has hindered OS downgrades because regular Win 8, which is what’s on all the machines at retailers, is downgradeable. We will likely be installing ClassicShell a lot when new Win 8 users get shat on by that hot mess of a UI.

Microsoft is making bold moves but I don’t think they’re doing it right.

IIRC the command line won’t challenge you when using the REN command. LOL

Dagaan…If you think your system might still have malware, you need to back up and perform a deeper scan. I suggest making a Kaspersky Rescue CD, booting from that, updating the signatures, and then a full scan. Microsoft has a similar tool that works great.

The problem is that the malware is doing its best to avoid detection and removal. That effort is less effective during scans in safe mode, and the effort is very low when scanning from a live CD, such as those mentioned.

http://support.kaspersky.com/faq/?qid=208282173

http://windows.microsoft.com/en-US/windows/what-is-windows-defender-offline

After using one (or both) of these tools, boot to safe mode with networking and run Malwarebytes. Make sure to update and do a full scan. Pull the network cable once you get the update, or shut off wifi.

Reboot into safe mode again. Superantispyware is a nice compliment to MBAM, catching a slightly different group of things.

Have you used something like CCleaner to delete temp files and other junk? Do that.

I like the ESET online scanner once MBAB and SaS have removed the big stuff. http://go.eset.com/us/online-scanner

Once the system is stable consider deleting all restore points and make a new one. Watch the results of the scans..if you see anything that says rootkit, you might to need pro help or a repave of the entire HDD.

-John

That’s a wise move if you’re uncomfortable with all this technobabble nonsense.

If it keeps coming back, it’s hiding somewhere. If the system is otherwise stable, shut off System Restore to kill off the old restore points. You can turn it on later. Also run CCleaner to clean out temp files etc.

Perhaps an offline scanner will help.

The procedure Doc linked to at Bleeping looks worse than it is…the guy getting help isn’t following instrux well. All he’s doing is checking, cleaning, and scanning, plus Combofix. Bleeping is a great place, and I agree with their recommendation to NOT run Combofix unless told to. I’ve broken a couple computers with that tool, so their warnings are appropriate. I wish I knew more about how that tool worked but they keep the details quiet.

-John

I’ve had this on my Win 7 machine forever. Works great, especially if you configure it to use the old-style menus only with a shift-click.

I don’t use it much, but as I’m writing this I’m playing with the XP-style fly-outs….I miss that system. It worked really well.

-John

Peter…go get Kaspersky’s Rescue CD, or make a Windows Defender Offline CD. Both of them boot outside of your XP install and perform a far deeper scan than you can do in XP’s normal mode…where malware actively avoids detection and heals itself.

Kaspersky: http://support.kaspersky.com/faq/?qid=208282173
WDO: http://windows.microsoft.com/en-US/windows/what-is-windows-defender-offline

-John

Regarding F-Secure…ran it on a customer’s infected machine, it found two or three things but I couldn’t identify what they were because the path to them extended beyond the end of the screen…not a useful setup.

Ran Kaspersky’s disk right behind, and it found a trojan, a trojan dropper, and the pihar.c rootkit.

That’s a bad review. Not only can’t I tell what F-Secure might have caught, it missed some serious stuff.

As a general rule, I agree with cloudsandskye: always using a Standard user account, especially for kids and folks who click on every darn thing. Then, don’t tell them the admin account password. That act alone will dramatically reduce malware exposure. I regularly work from a standard user account, and it presents no burdens as I’m not one to tweak settings all day.

SpywareBlaster is a decent immunity tool that blocks known redirect sites and such. AdblockPlus is a great tool for preventing ads in Firefox and Chrome and eliminating a smaller vector for web madness.

Smells like a failing hard drive to me. Make that backup ASAP if there’s any data you want to keep. Most important is the /Users folder and everything underneath.

Perhaps a chkdsk as Clint says will do the job, at least it might get you to the point where the backup works.

Connie…The user interface differences between Vista and 7 are often a challenge to identify…unless you know exactly where to look. Same question….what does Vista offer than makes it more attractive than 7? I can’t name anything…

You are the best anti virus program, software just makes it easier to be lazy.

Paul has it exactly right. I see machines every week with full Norton-whatever, AVG, MSE, McAfee, NOD(eset), Avira, TrendMicro, and all the rest, fully infected.

There is no “best” so go with one that fits your budget and matches the way you work on a PC. My recommendation is MSE for real-time scanning, and MalwareBytes free version for the occasional scans. Once in a while run an offline scanner. (RETIREDGEEK: WDO is no longer beta and I agree it’s a great tool.)

Whatever you do, and there are lots of good choices, don’t use two real-time scanners simultaneously. The Norton product pushed by Comcast is good and free, but the  installers don’t check what you may already have, and I fix the resulting computer-molasses mess frequently.

-John

About the best we can do as techies is turn the scam around on them and waste their time, plus educate as many users as possible.

Ran the F-Secure disk on a couple known-infected systems. Works fine, seems speedy. But, it’s hard to tell what it’s caught. The report at the end is on a ‘DOS’ screen and the names of the malware are off the right edge. Maybe there’s a way around this or details on the bugs somewhere that I can’t find? This is where the Microsoft WDO disk shines: I get a clear list of scan results along with descriptions of the malware and their seriousness. I also get to choose how to handle the bugs individually, including so-called PUPs…potentially unwanted programs.

As a side note, I’ve been removing malware every day for a year, and I have yet to see malware that destroys user data. I see a lot of busted Windows installs…Update won’t run or MSE won’t update or whatever, but never any lost data due to malicious software. We used to see lots of machines with data hidden by malware, but that’s easy to fix.

I think this is bacause today’s malware isn’t destructive like it was in the 80s and 90s, and early in the last decade. Today it’s all about botnets and getting money from you. I think backups are essential because hard drives regularly fail, but malware as a reason for a backup solution isn’t a good rationale in my little piece of the world, unless you’re selling backup solutions.

Bob…I’m glad we rarely run into something that the scanners can’t remove. The damage left behind? That’s a whole other can-o-worms. The one that scares me are future rootkits. The offline scanners do well with the current crop of rootkits, but the potential for really serious undetectables is strong.

The strategy of using several scanners has served me well.

-John