Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


boris336

7 posts

Wannabe Geek


#43540 20-Oct-2009 10:49
Send private message

An elderly relative of mine has a seriously infected computer, operating with XP.

I know what the virus/es are (seres.exe & svcst.exe).

I managed to back up some information, however I could not get everything as the process was extremely slow due to the virus taxing valuable resources. When I attempted to install another anti-virus (Nod32) since the original seems to have been crippled, the keyboard and mouse ceased to function - meaning I couldn't input any serial key.

Is there any way, without having to boot into XP that I can:
1. Retrieve the data stored on the hard drive? and
2. Format and install another less resource hungry OS (ubuntu)

Thanks!

Create new topic
rossmnz
507 posts

Ultimate Geek


  #265246 20-Oct-2009 11:03
Send private message

If they are elderly do they really have anything worth saving?

I mean.....sure I wouldnt want to lose a couple of TB of pr0n or a few years of digital photos but Id suggest just a totally virgin install and setup of antivirus etc by yourself.

More than likely being "elderly" they dont have any of the above!




 


The force is strong with this one!



boris336

7 posts

Wannabe Geek


  #265249 20-Oct-2009 11:08
Send private message

rossmnz: If they are elderly do they really have anything worth saving?

I mean.....sure I wouldnt want to lose a couple of TB of pr0n or a few years of digital photos but Id suggest just a totally virgin install and setup of antivirus etc by yourself.

More than likely being "elderly" they dont have any of the above!



There are family photos that have been emailed to them etc as well as records from when they operated a home business.

The photos can be resent but the business records are probably quite important and I'd like to give it a shot at salvaging the data.

Cheers

freitasm
BDFL - Memuneh
79257 posts

Uber Geek

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #265251 20-Oct-2009 11:10
Send private message

"Elderly" doesn't mean inactive. My parents-in-law (no I wouldn't call them "elderly) have about 15GB of pictures in one of their laptops, plus business documents - all with online backup so I know they have some protection.

As for the problem at hand. Installing two AV software on the same PC is a no-no. They will interfere with each other and cause problems. If the PC is in such bad state then I recommend you get an external USB case, add their drive to that and plug into your computer (which will be will protected, right?).

Then copy the data files you need - no programs!... And run a scan to make sure it's all ok.

Next put the drive back in their PC and reinstall the OS. Immediately after you install an AV and ALL updates available.

Regardless of OS - Windows, Mac OS or Linux - you will always have updates available so make sure that the OS is up-to-date.

Then give them some lessons. No opening unknown files. No installing sofware they don't need. No installing toolbars or add-ons. Some common sense! This goes a long way. My parents-in-law have not had a virus or malware attack in a long time, probably more than six years now.





Please support Geekzone by subscribing, or using one of our referral links: Samsung | AliExpress | Wise | Sharesies | Hatch | GoodSyncBackblaze backup




rossmnz
507 posts

Ultimate Geek


  #265255 20-Oct-2009 11:18
Send private message

Well there you go Mauricio.

You wouldnt call them elderly. Personally i would only call someone elderly who is like 70 plus.

If they have ran a home business then i suggest you also advise to keep a hard copy of all the files aswell as several backed up copies.
If the IRD come a-knockin and there are no records for whatever reason they might be in the poo!




 


The force is strong with this one!

freitasm
BDFL - Memuneh
79257 posts

Uber Geek

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #265256 20-Oct-2009 11:21
Send private message

Backup! Backup! Backup! Backup! Backup! Backup! Backup! Backup! Backup! Backup! Backup!




Please support Geekzone by subscribing, or using one of our referral links: Samsung | AliExpress | Wise | Sharesies | Hatch | GoodSyncBackblaze backup


boris336

7 posts

Wannabe Geek


  #265265 20-Oct-2009 11:28
Send private message

freitasm: "Elderly" doesn't mean inactive. My parents-in-law (no I wouldn't call them "elderly) have about 15GB of pictures in one of their laptops, plus business documents - all with online backup so I know they have some protection.

As for the problem at hand. Installing two AV software on the same PC is a no-no. They will interfere with each other and cause problems. If the PC is in such bad state then I recommend you get an external USB case, add their drive to that and plug into your computer (which will be will protected, right?).

Then copy the data files you need - no programs!... And run a scan to make sure it's all ok.

Next put the drive back in their PC and reinstall the OS. Immediately after you install an AV and ALL updates available.

Regardless of OS - Windows, Mac OS or Linux - you will always have updates available so make sure that the OS is up-to-date.

Then give them some lessons. No opening unknown files. No installing sofware they don't need. No installing toolbars or add-ons. Some common sense! This goes a long way. My parents-in-law have not had a virus or malware attack in a long time, probably more than six years now.




They are my grandparents, so IMO they are elderly but that's besides the point.

Thanks very much Freitasm. I will try to get an external USB case and see how that goes.

wazzageek
1093 posts

Uber Geek

ID Verified
Trusted
Lifetime subscriber

  #265283 20-Oct-2009 12:14
Send private message

 As for the problem at hand. Installing two AV software on the same PC is a no-no. They will interfere with each other and cause problems. If the PC is in such bad state then I recommend you get an external USB case, add their drive to that and plug into your computer (which will be will protected, right?).



I'd suggest using something like an Ubuntu live CD in conjunction with an external disk - in theory, the virii on the hard drive will not be multi platform, copy the data off.


Then copy the data files you need - no programs!... And run a scan to make sure it's all ok.

Next put the drive back in their PC and reinstall the OS. Immediately after you install an AV and ALL updates available.

Regardless of OS - Windows, Mac OS or Linux - you will always have updates available so make sure that the OS is up-to-date.

Then give them some lessons. No opening unknown files. No installing sofware they don't need. No installing toolbars or add-ons. Some common sense! This goes a long way. My parents-in-law have not had a virus or malware attack in a long time, probably more than six years now.



+1 for all of that - I'd add also make sure that the "everyday" account doesn't have Administrator rights (or some path that requires user intervention to upgrade the permissions).


If you are considering a different OS, then you need to ensure that they can do everything they used to - i.e. if there is a photo application that they use, make sure you find an appropriate replacement.  If you do not they'll not be happy with you and / or get someone else to help out with their computing woes ...

 
 
 

Cloud spending continues to surge globally, but most organisations haven’t made the changes necessary to maximise the value and cost-efficiency benefits of their cloud investments. Download the whitepaper From Overspend to Advantage now.
boris336

7 posts

Wannabe Geek


  #265285 20-Oct-2009 12:22
Send private message

Thanks for the suggestion of the Ubuntu live CD, I'll try this also.

Good point. I'll do some research to ensure they can still do everything before going for another OS.

wazzageek
1093 posts

Uber Geek

ID Verified
Trusted
Lifetime subscriber

  #265288 20-Oct-2009 12:25
Send private message

Oh, me being paranoid as well would tend to install a brand new drive and store the old drive for a period of time (3 months, maybe) - this is simply if in 2 weeks time you get asked where a file is that you didn't manage to restore back you have an option of using the old hard drive to find the file.

I think of this specifically due to the way that multiple applications will store their files in seemingly random places (Outlook in $HOME\Local Settings\blah blah, Outlook Express in $HOME\Application Data - etc.)

Hopefully that is clear.

Ragnor
8219 posts

Uber Geek

Trusted

  #265316 20-Oct-2009 13:33
Send private message

Have you tried booting into safe mode?

You should be able to run malwarebytes (MBAM) in safe mode to remove much of the malware. You should also be able to run SystemInternals Autoruns and remove everything suspicious from starting at startup.

That should hopefully allow you to copy the data off the system preferably to a USB drive or DVD.

Reformat and clean install is strongly advised after that.

Oblivian
7297 posts

Uber Geek

ID Verified

  #265318 20-Oct-2009 13:37
Send private message

I had a customers box in a similar state once.

Safemode + Combofix (off usb) did the trick as long as its a detected malware.

It nukes all instances of TSRs, Explorer and any other nasties before performing a virus scan and cleanup

The alternate good method is live or PE CDs as above. You can get to the data with no fear of the original viri being executed (unless you are silly) and at the same time if its a WindowsPE run something like DrWeb CureIT (single filel virus scanner)

http://www.bleepingcomputer.com/combofix/how-to-use-combofix
http://www.freedrweb.com/cureit/

boris336

7 posts

Wannabe Geek


  #265321 20-Oct-2009 13:48
Send private message

No I haven't attempted booting in safe mode yet. Once the keyboard and mouse stopped I felit like giving up the ghost a bit but will definitely try safe mode tonight.

Thanks for the links as well.

wazzageek
1093 posts

Uber Geek

ID Verified
Trusted
Lifetime subscriber

  #265322 20-Oct-2009 13:49
Send private message

Ragnor: Have booting into safe mode?

You should be able to run malwarebytes (MBAM) in safe mode to remove much of the malware. You should also be able to run SystemInternals Autoruns and remove everything suspicious from starting at startup.



I'm always dubious of removing the infection and then running along - just because how can you be absolutely certain that you have removed all the malware.


As an example, the machine I'm currently on is reporting that there are more than a million files on it.  If I was infected, how would I be able to determine absolutely what files should remain.


One other thing about using a live cd - I know of malware that alters the contents of files as they are being read - so that would give rise to not booting off that drive.


Disclaimer: Yes, I am that paranoid ...

Ragnor
8219 posts

Uber Geek

Trusted

  #265323 20-Oct-2009 13:58
Send private message

Yeah reformat is advised but getting into a state where you can get the users data off first is the priority.

wazzageek
1093 posts

Uber Geek

ID Verified
Trusted
Lifetime subscriber

  #265330 20-Oct-2009 14:22
Send private message

Ragnor: Yeah reformat is advised but getting into a state where you can get the users data off first is the priority.



True ... although imagine if explorer.exe is corrupted.  Or another file is named explorer.exe that is in the path before the "legit" version.  This could allow the malware to be executed even in safemode.


Live CD's / plugging in the original hard drive as an external drive to another (clean) machine that has autorun disabled seems to be close to being the better options.


Admittedly - I don't know if there is malware that is this extreme out there and there are a lot of ifs, maybes and buts in this ... 

Create new topic





News and reviews »

Air New Zealand Starts AI adoption with OpenAI
Posted 24-Jul-2025 16:00


eero Pro 7 Review
Posted 23-Jul-2025 12:07


BeeStation Plus Review
Posted 21-Jul-2025 14:21


eero Unveils New Wi-Fi 7 Products in New Zealand
Posted 21-Jul-2025 00:01


WiZ Introduces HDMI Sync Box and other Light Devices
Posted 20-Jul-2025 17:32


RedShield Enhances DDoS and Bot Attack Protection
Posted 20-Jul-2025 17:26


Seagate Ships 30TB Drives
Posted 17-Jul-2025 11:24


Oclean AirPump A10 Water Flosser Review
Posted 13-Jul-2025 11:05


Samsung Galaxy Z Fold7: Raising the Bar for Smartphones
Posted 10-Jul-2025 02:01


Samsung Galaxy Z Flip7 Brings New Edge-To-Edge FlexWindow
Posted 10-Jul-2025 02:01


Epson Launches New AM-C550Z WorkForce Enterprise printer
Posted 9-Jul-2025 18:22


Samsung Releases Smart Monitor M9
Posted 9-Jul-2025 17:46


Nearly Half of Older Kiwis Still Write their Passwords on Paper
Posted 9-Jul-2025 08:42


D-Link 4G+ Cat6 Wi-Fi 6 DWR-933M Mobile Hotspot Review
Posted 1-Jul-2025 11:34


Oppo A5 Series Launches With New Levels of Durability
Posted 30-Jun-2025 10:15









Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.