splitbrain.org

electronic brain surgery since 2001

Of Horses, Worms and other Critters

As a full time Linux user, I'm seldom confronted with the threats “normal” users face on the internet.

We were visiting Kaddi's family this weekend. Her brother complained about random error messages on his computer. Even though he uses Firefox as default browser, Internet Explorer windows popped up unrequested.

It was obvious to me that his PC was infested with Ad- and Spyware. Neither Kaddi's brother nor his parents have much computer knowledge, so I took it on me to clean the system.

I started with Spybot Search & Destroy which revealed the size of the disaster: 173 different problems where found! The installed AntiVir virus scanner hadn't been updated for six months. I installed a fresh version of AVG which identified 4 different Trojan Horses, 7 Worms and 3 “Trojan Downloaders”1).

It turned out that removing all those crap was much more complicated than I expected. Some of the Trojans lock their own files in a way which makes them undeletable - even for the local admin2). Even if the tools used, report to have cleaned the problem, the trojan reappears on reboot.

I finally finished the job by booting a PLOP Linux CD and running F-Prot AntiVirus on the mounted NTFS partition. After this, I ran Spybot S&D and AVG in Windows' safe mode. This was followed by CounterSpy and AdAware in the normal mode. Of course all this should be done with the network cable unplugged.

Dear Windows users: It took me about a day to clean this PC. It will cost you a little fortune if you have to pay someone to do that for you. Avoiding this mess is easy:

  1. Install an Antivirus Software. I can recommend the free AVG. Keep it up to date!
  2. Install the Windows Updates provided by Microsoft!
  3. Don't use the Internet Explorer. Use Firefox or Opera instead.

Icons by: FastIcon.com

Tags:
windows, viruses, trojans
Similar posts:
1)
Which will download and install more malware on their own
2)
I'm no Windows expert - there may be workarounds