Physically cleaning a system, for a change

[Die Hard]

I helped a friend to clean his parents old AMD box yesterday. Took me a good 7 hours.
It was the worst infected system I`ve ever seen, I think mostly because of bad maintenance. This in turn I´m convinced is because of lack of knowledge.
The box had Win 2K installed . CPU was AMD 600 Mhz and 126 Mb of RAM.

The first thing that happened was that the system didn´t boot, not even in safe mode. Virus ?  Spyware?   Nah, the CPU-fan. Had to replace it.

Then it could boot up. Boot up to "a million" warnings from Norton about something trying to be sent from the computer. I struggled to close all alerts before I could navigate on the desktop. I decided to rid it from Norton, and install AVG7. AVG was downloading with 16 Kb/s........on a 2 Mb cable connection.

By now the computer had been active for about 15 mins and I checked the network properties. 169 000packets had been sent during this time !!!Just as many had been recieved.
If I didn´t know  I had a badly infected computer in front of me, I was aware of it now.

The first time I run AVG and Ewido, the scans couldn´t complete because a service , "System.exe", was teminating the system so it rebooted.I tried to shut down the service in "services.msc" but it wouldn´t let me.

To make a long story short, I guess I manually removed at least 30 files and fixed 17 entries with HJT before the computer was good enough to run Ewido and AVG. When I emptied the virus vault in AVG, it contained 3,6 Mb of bad files.
I had to emty the "Local settings\user\temp" manually,piece by piece,  because the memory couldn´t cope with the 17000+ Norton logs it contained.

And the mother of my friend said :" I cant understnd how all those viruses have infected the machine, I only do my book-keeping and surf for cooking recipes "
I did not mention for her, nor to my friend or her husband that I found remnants of (poker) games and other online amusements. I do believe in discretion   :P

Die Hard :)

[Corrine]

That sounds like the mess I dealt with recently.  I am happy to say after checking with the owner today that it is now running smoothly and he assures me that they are scanning daily and keeping the security programs I installed updated. 

[Goatie]

Die Hard I see you are having physical fun for once not only reading HJT logs from your desk!!!  :tease:

My friend has remained clean since your "desk fun"... but we're still cleaning the harmeless leftovers, 272 emails later.... here is the homework I gave him last. http://www.mediom.com/~marpelt/ProgramFileContentTotal.jpg The XX are baddies files, the X are just no longer in use or in add/remove, the ? have to be opened to know what's in it before acting... the OK are OK...
He's learned how to screen shot and it makes things a lot easier now. But now that he has all his Mitch's IE & OE security settings done, he gets all those messages: Do you accept to run this ActiveX and do you accept this cookie.... eheh! so I taught him the word "NO" and "NEVER" in english... and in doubt: ABSTAIN !  :tease:

One thing is sure, his system is now working GREAT for the first time in many many MONTHS! He's so happy, you have no idea!!! He's now a very good willing learner and becoming a responsible actor. All this hard work he has to go through makes all the difference... he's learning. In the old days, he just took the computer to a shop and had it cleaned and so never learned a thing. 

Just thought I'd let you know, that getting baddies and a lot of help from your desk, can change a behaviour for the best and for a long time to come!  :thumbsup: :thumbsup: :thumbsup:

A Goatie sitting at her desk....  :lol: