Crippled Computer

Forums › Desktop computing › Crippled Computer

boris336

7 posts

Wannabe Geek

#43540 20-Oct-2009 10:49

An elderly relative of mine has a seriously infected computer, operating with XP.

I know what the virus/es are (seres.exe & svcst.exe).

I managed to back up some information, however I could not get everything as the process was extremely slow due to the virus taxing valuable resources. When I attempted to install another anti-virus (Nod32) since the original seems to have been crippled, the keyboard and mouse ceased to function - meaning I couldn't input any serial key.

Is there any way, without having to boot into XP that I can:
1. Retrieve the data stored on the hard drive? and
2. Format and install another less resource hungry OS (ubuntu)

Thanks!

rossmnz

507 posts

Ultimate Geek

#265246 20-Oct-2009 11:03

If they are elderly do they really have anything worth saving?

I mean.....sure I wouldnt want to lose a couple of TB of pr0n or a few years of digital photos but Id suggest just a totally virgin install and setup of antivirus etc by yourself.

More than likely being "elderly" they dont have any of the above!

The force is strong with this one!

boris336

7 posts

Wannabe Geek

#265249 20-Oct-2009 11:08

rossmnz: If they are elderly do they really have anything worth saving?

I mean.....sure I wouldnt want to lose a couple of TB of pr0n or a few years of digital photos but Id suggest just a totally virgin install and setup of antivirus etc by yourself.

More than likely being "elderly" they dont have any of the above!

There are family photos that have been emailed to them etc as well as records from when they operated a home business.

The photos can be resent but the business records are probably quite important and I'd like to give it a shot at salvaging the data.

Cheers

freitasm

BDFL - Memuneh
79257 posts

Uber Geek

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#265251 20-Oct-2009 11:10

"Elderly" doesn't mean inactive. My parents-in-law (no I wouldn't call them "elderly) have about 15GB of pictures in one of their laptops, plus business documents - all with online backup so I know they have some protection.

As for the problem at hand. Installing two AV software on the same PC is a no-no. They will interfere with each other and cause problems. If the PC is in such bad state then I recommend you get an external USB case, add their drive to that and plug into your computer (which will be will protected, right?).

Then copy the data files you need - no programs!... And run a scan to make sure it's all ok.

Next put the drive back in their PC and reinstall the OS. Immediately after you install an AV and ALL updates available.

Regardless of OS - Windows, Mac OS or Linux - you will always have updates available so make sure that the OS is up-to-date.

Then give them some lessons. No opening unknown files. No installing sofware they don't need. No installing toolbars or add-ons. Some common sense! This goes a long way. My parents-in-law have not had a virus or malware attack in a long time, probably more than six years now.

rossmnz

507 posts

Ultimate Geek

#265255 20-Oct-2009 11:18

Well there you go Mauricio.

You wouldnt call them elderly. Personally i would only call someone elderly who is like 70 plus.

If they have ran a home business then i suggest you also advise to keep a hard copy of all the files aswell as several backed up copies.
If the IRD come a-knockin and there are no records for whatever reason they might be in the poo!

The force is strong with this one!

freitasm

BDFL - Memuneh
79257 posts

Uber Geek

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#265256 20-Oct-2009 11:21

Backup! Backup! Backup! Backup! Backup! Backup! Backup! Backup! Backup! Backup! Backup!

boris336

7 posts

Wannabe Geek

#265265 20-Oct-2009 11:28

freitasm: "Elderly" doesn't mean inactive. My parents-in-law (no I wouldn't call them "elderly) have about 15GB of pictures in one of their laptops, plus business documents - all with online backup so I know they have some protection.

As for the problem at hand. Installing two AV software on the same PC is a no-no. They will interfere with each other and cause problems. If the PC is in such bad state then I recommend you get an external USB case, add their drive to that and plug into your computer (which will be will protected, right?).

Then copy the data files you need - no programs!... And run a scan to make sure it's all ok.

Next put the drive back in their PC and reinstall the OS. Immediately after you install an AV and ALL updates available.

Regardless of OS - Windows, Mac OS or Linux - you will always have updates available so make sure that the OS is up-to-date.

Then give them some lessons. No opening unknown files. No installing sofware they don't need. No installing toolbars or add-ons. Some common sense! This goes a long way. My parents-in-law have not had a virus or malware attack in a long time, probably more than six years now.

They are my grandparents, so IMO they are elderly but that's besides the point.

Thanks very much Freitasm. I will try to get an external USB case and see how that goes.

wazzageek

1093 posts

Uber Geek

ID Verified

Trusted

Lifetime subscriber

#265283 20-Oct-2009 12:14

As for the problem at hand. Installing two AV software on the same PC is a no-no. They will interfere with each other and cause problems. If the PC is in such bad state then I recommend you get an external USB case, add their drive to that and plug into your computer (which will be will protected, right?).

I'd suggest using something like an Ubuntu live CD in conjunction with an external disk - in theory, the virii on the hard drive will not be multi platform, copy the data off.

Then copy the data files you need - no programs!... And run a scan to make sure it's all ok.

Next put the drive back in their PC and reinstall the OS. Immediately after you install an AV and ALL updates available.

Regardless of OS - Windows, Mac OS or Linux - you will always have updates available so make sure that the OS is up-to-date.

Then give them some lessons. No opening unknown files. No installing sofware they don't need. No installing toolbars or add-ons. Some common sense! This goes a long way. My parents-in-law have not had a virus or malware attack in a long time, probably more than six years now.

+1 for all of that - I'd add also make sure that the "everyday" account doesn't have Administrator rights (or some path that requires user intervention to upgrade the permissions).

If you are considering a different OS, then you need to ensure that they can do everything they used to - i.e. if there is a photo application that they use, make sure you find an appropriate replacement. If you do not they'll not be happy with you and / or get someone else to help out with their computing woes ...

Equinox IT

Cloud spending continues to surge globally, but most organisations haven’t made the changes necessary to maximise the value and cost-efficiency benefits of their cloud investments. Download the whitepaper From Overspend to Advantage now.

boris336

7 posts

Wannabe Geek

#265285 20-Oct-2009 12:22

Thanks for the suggestion of the Ubuntu live CD, I'll try this also.

Good point. I'll do some research to ensure they can still do everything before going for another OS.

wazzageek

1093 posts

Uber Geek

ID Verified

Trusted

Lifetime subscriber

#265288 20-Oct-2009 12:25

Oh, me being paranoid as well would tend to install a brand new drive and store the old drive for a period of time (3 months, maybe) - this is simply if in 2 weeks time you get asked where a file is that you didn't manage to restore back you have an option of using the old hard drive to find the file.

I think of this specifically due to the way that multiple applications will store their files in seemingly random places (Outlook in $HOME\Local Settings\blah blah, Outlook Express in $HOME\Application Data - etc.)

Hopefully that is clear.

Ragnor

8219 posts

Uber Geek

Trusted

#265316 20-Oct-2009 13:33

Have you tried booting into safe mode?

You should be able to run malwarebytes (MBAM) in safe mode to remove much of the malware. You should also be able to run SystemInternals Autoruns and remove everything suspicious from starting at startup.

That should hopefully allow you to copy the data off the system preferably to a USB drive or DVD.

Reformat and clean install is strongly advised after that.

Oblivian

7297 posts

Uber Geek

ID Verified

#265318 20-Oct-2009 13:37

I had a customers box in a similar state once.

Safemode + Combofix (off usb) did the trick as long as its a detected malware.

It nukes all instances of TSRs, Explorer and any other nasties before performing a virus scan and cleanup

The alternate good method is live or PE CDs as above. You can get to the data with no fear of the original viri being executed (unless you are silly) and at the same time if its a WindowsPE run something like DrWeb CureIT (single filel virus scanner)

http://www.bleepingcomputer.com/combofix/how-to-use-combofix
http://www.freedrweb.com/cureit/

boris336

7 posts

Wannabe Geek

#265321 20-Oct-2009 13:48

No I haven't attempted booting in safe mode yet. Once the keyboard and mouse stopped I felit like giving up the ghost a bit but will definitely try safe mode tonight.

Thanks for the links as well.

wazzageek

1093 posts

Uber Geek

ID Verified

Trusted

Lifetime subscriber

#265322 20-Oct-2009 13:49

Ragnor: Have booting into safe mode?

You should be able to run malwarebytes (MBAM) in safe mode to remove much of the malware. You should also be able to run SystemInternals Autoruns and remove everything suspicious from starting at startup.

I'm always dubious of removing the infection and then running along - just because how can you be absolutely certain that you have removed all the malware.

As an example, the machine I'm currently on is reporting that there are more than a million files on it. If I was infected, how would I be able to determine absolutely what files should remain.

One other thing about using a live cd - I know of malware that alters the contents of files as they are being read - so that would give rise to not booting off that drive.

Disclaimer: Yes, I am that paranoid ...

Ragnor

8219 posts

Uber Geek

Trusted

#265323 20-Oct-2009 13:58

Yeah reformat is advised but getting into a state where you can get the users data off first is the priority.

wazzageek

1093 posts

Uber Geek

ID Verified

Trusted

Lifetime subscriber

#265330 20-Oct-2009 14:22

Ragnor: Yeah reformat is advised but getting into a state where you can get the users data off first is the priority.

True ... although imagine if explorer.exe is corrupted. Or another file is named explorer.exe that is in the path before the "legit" version. This could allow the malware to be executed even in safemode.

Live CD's / plugging in the original hard drive as an external drive to another (clean) machine that has autorun disabled seems to be close to being the better options.

Admittedly - I don't know if there is malware that is this extreme out there and there are a lot of ifs, maybes and buts in this ...