Having been presented with a laptop belonging to a 'friend of a friend' of Da Boss's, complete with a 'Can you fix this?' request!

The machine had obviously toured the bad sites, was inundated with malware, browser hijacked etc etc! It would not connect wirelessly or wired to anything, as there were hundreds of apps trying to make connection at the same time! :eek:

Normally, I'd just wipe it and reinstall, but decided to go the curative way this time, just to see if I could!

Using;

Spybot S&D,
AdAware,
Symantec AntiVirus,
AVG AntiVirus,
HijackThis,
CWShredder,
XPC Forums,
Microsoft Windows Update,
Google,

I have managed to recover the machine, in excess of 12, 000 nasties removed, IE recovered and homepage locked, it's connecting wirelessly and seamlessly to my network, updated to SP2, sitting next to me at 65% on it's third job, ( all machines that come into the house have FaD installed, it's a policy!:D )

It was fun doing it, maybe I'll go this way all the time in future!

:)

Bob

<Edit: I forgot Google! :D >

how did you know what to delete using hijackthis?

For the most part, if you read the log several times, the obvious jobbies jump out!

Example ( from printed copy of log from that machine,)

04 HKLM\...\Run: [Hot_Tarts] C:\ Program.......................................
R1 HKCU\Software\Microsoft\Internet Explorer\Main, search page = http://www.zpecialoffer.com
O21 - C:\windows\system32\eplrr9.dll ( file missing)

The registry entries make sense read in context, ie read the address to work out the function.

:)

Bob

Bob, I can see how "hot tarts" and "zpecialoffer" jump out, but the other two ??? They don't seem harmful unless there's something I'm not getting, which there must be :p

That's what Google is for, sao. :D Just Google the file name (like eplr9.dll) and see what it comes up with. Most nasties will be clearly identified by many security sites. :cool:

Good work, Bob! I rarely wipe first go now. I always try a recovery first like that, but sometimes it still isn't enough, especially when some really nasty thing like AOL is involved. :o :eek:

Cheers
Mick

edit: BTW, sao, In think Bob only listed three things. One is wrapped on the line. ;)

Absolutely, Mick!

sao, if a winders/system32 entry has a file missing, it warrants a closer look!

Remove AOL - Way outta my league! :D I'd suggest a new machine, cheaper and easier!:D

:)

Bob

Originally posted by mickwish
That's what Google is for, sao. :D

Cheers
Mick

You mean I have to work!!!!! :eek:

edit: BTW, sao, In think Bob only listed three things. One is wrapped on the line. ;) [/B]

I meant to say three, I swear ;)