Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsDesktop computingCrippled Computer


7 posts

Wannabe Geek


Topic # 43540 20-Oct-2009 10:49
Send private message

An elderly relative of mine has a seriously infected computer, operating with XP.

I know what the virus/es are (seres.exe & svcst.exe).

I managed to back up some information, however I could not get everything as the process was extremely slow due to the virus taxing valuable resources. When I attempted to install another anti-virus (Nod32) since the original seems to have been crippled, the keyboard and mouse ceased to function - meaning I couldn't input any serial key.

Is there any way, without having to boot into XP that I can:
1. Retrieve the data stored on the hard drive? and
2. Format and install another less resource hungry OS (ubuntu)

Thanks!

Create new topic
507 posts

Ultimate Geek
+1 received by user: 31


  Reply # 265246 20-Oct-2009 11:03
Send private message

If they are elderly do they really have anything worth saving?

I mean.....sure I wouldnt want to lose a couple of TB of pr0n or a few years of digital photos but Id suggest just a totally virgin install and setup of antivirus etc by yourself.

More than likely being "elderly" they dont have any of the above!




 


The force is strong with this one!



7 posts

Wannabe Geek


  Reply # 265249 20-Oct-2009 11:08
Send private message

rossmnz: If they are elderly do they really have anything worth saving?

I mean.....sure I wouldnt want to lose a couple of TB of pr0n or a few years of digital photos but Id suggest just a totally virgin install and setup of antivirus etc by yourself.

More than likely being "elderly" they dont have any of the above!



There are family photos that have been emailed to them etc as well as records from when they operated a home business.

The photos can be resent but the business records are probably quite important and I'd like to give it a shot at salvaging the data.

Cheers

 
 
 
 


Try Wrike: fast, easy, and efficient project collaboration software
BDFL - Memuneh
60310 posts

Uber Geek
+1 received by user: 11354

Administrator
Trusted
Geekzone
Lifetime subscriber

  Reply # 265251 20-Oct-2009 11:10
Send private message

"Elderly" doesn't mean inactive. My parents-in-law (no I wouldn't call them "elderly) have about 15GB of pictures in one of their laptops, plus business documents - all with online backup so I know they have some protection.

As for the problem at hand. Installing two AV software on the same PC is a no-no. They will interfere with each other and cause problems. If the PC is in such bad state then I recommend you get an external USB case, add their drive to that and plug into your computer (which will be will protected, right?).

Then copy the data files you need - no programs!... And run a scan to make sure it's all ok.

Next put the drive back in their PC and reinstall the OS. Immediately after you install an AV and ALL updates available.

Regardless of OS - Windows, Mac OS or Linux - you will always have updates available so make sure that the OS is up-to-date.

Then give them some lessons. No opening unknown files. No installing sofware they don't need. No installing toolbars or add-ons. Some common sense! This goes a long way. My parents-in-law have not had a virus or malware attack in a long time, probably more than six years now.




Geekzone broadband switch | Amazon (Geekzone aff) | MightyApe (Geekzone aff) | Backblaze cloud backup (personal and business)My technology disclosure  

 

You can support content creators (and Geekzone) by using the Brave browser.

507 posts

Ultimate Geek
+1 received by user: 31


  Reply # 265255 20-Oct-2009 11:18
Send private message

Well there you go Mauricio.

You wouldnt call them elderly. Personally i would only call someone elderly who is like 70 plus.

If they have ran a home business then i suggest you also advise to keep a hard copy of all the files aswell as several backed up copies.
If the IRD come a-knockin and there are no records for whatever reason they might be in the poo!




 


The force is strong with this one!

BDFL - Memuneh
60310 posts

Uber Geek
+1 received by user: 11354

Administrator
Trusted
Geekzone
Lifetime subscriber

  Reply # 265256 20-Oct-2009 11:21
Send private message

Backup! Backup! Backup! Backup! Backup! Backup! Backup! Backup! Backup! Backup! Backup!




Geekzone broadband switch | Amazon (Geekzone aff) | MightyApe (Geekzone aff) | Backblaze cloud backup (personal and business)My technology disclosure  

 

You can support content creators (and Geekzone) by using the Brave browser.



7 posts

Wannabe Geek


  Reply # 265265 20-Oct-2009 11:28
Send private message

freitasm: "Elderly" doesn't mean inactive. My parents-in-law (no I wouldn't call them "elderly) have about 15GB of pictures in one of their laptops, plus business documents - all with online backup so I know they have some protection.

As for the problem at hand. Installing two AV software on the same PC is a no-no. They will interfere with each other and cause problems. If the PC is in such bad state then I recommend you get an external USB case, add their drive to that and plug into your computer (which will be will protected, right?).

Then copy the data files you need - no programs!... And run a scan to make sure it's all ok.

Next put the drive back in their PC and reinstall the OS. Immediately after you install an AV and ALL updates available.

Regardless of OS - Windows, Mac OS or Linux - you will always have updates available so make sure that the OS is up-to-date.

Then give them some lessons. No opening unknown files. No installing sofware they don't need. No installing toolbars or add-ons. Some common sense! This goes a long way. My parents-in-law have not had a virus or malware attack in a long time, probably more than six years now.




They are my grandparents, so IMO they are elderly but that's besides the point.

Thanks very much Freitasm. I will try to get an external USB case and see how that goes.

Go Hawks!
845 posts

Ultimate Geek
+1 received by user: 43

Trusted
Subscriber

  Reply # 265283 20-Oct-2009 12:14
Send private message

 As for the problem at hand. Installing two AV software on the same PC is a no-no. They will interfere with each other and cause problems. If the PC is in such bad state then I recommend you get an external USB case, add their drive to that and plug into your computer (which will be will protected, right?).



I'd suggest using something like an Ubuntu live CD in conjunction with an external disk - in theory, the virii on the hard drive will not be multi platform, copy the data off.


Then copy the data files you need - no programs!... And run a scan to make sure it's all ok.

Next put the drive back in their PC and reinstall the OS. Immediately after you install an AV and ALL updates available.

Regardless of OS - Windows, Mac OS or Linux - you will always have updates available so make sure that the OS is up-to-date.

Then give them some lessons. No opening unknown files. No installing sofware they don't need. No installing toolbars or add-ons. Some common sense! This goes a long way. My parents-in-law have not had a virus or malware attack in a long time, probably more than six years now.



+1 for all of that - I'd add also make sure that the "everyday" account doesn't have Administrator rights (or some path that requires user intervention to upgrade the permissions).


If you are considering a different OS, then you need to ensure that they can do everything they used to - i.e. if there is a photo application that they use, make sure you find an appropriate replacement.  If you do not they'll not be happy with you and / or get someone else to help out with their computing woes ...



7 posts

Wannabe Geek


  Reply # 265285 20-Oct-2009 12:22
Send private message

Thanks for the suggestion of the Ubuntu live CD, I'll try this also.

Good point. I'll do some research to ensure they can still do everything before going for another OS.

Go Hawks!
845 posts

Ultimate Geek
+1 received by user: 43

Trusted
Subscriber

  Reply # 265288 20-Oct-2009 12:25
Send private message

Oh, me being paranoid as well would tend to install a brand new drive and store the old drive for a period of time (3 months, maybe) - this is simply if in 2 weeks time you get asked where a file is that you didn't manage to restore back you have an option of using the old hard drive to find the file.

I think of this specifically due to the way that multiple applications will store their files in seemingly random places (Outlook in $HOME\Local Settings\blah blah, Outlook Express in $HOME\Application Data - etc.)

Hopefully that is clear.

8020 posts

Uber Geek
+1 received by user: 387

Trusted
Subscriber

  Reply # 265316 20-Oct-2009 13:33
Send private message

Have you tried booting into safe mode?

You should be able to run malwarebytes (MBAM) in safe mode to remove much of the malware. You should also be able to run SystemInternals Autoruns and remove everything suspicious from starting at startup.

That should hopefully allow you to copy the data off the system preferably to a USB drive or DVD.

Reformat and clean install is strongly advised after that.

2562 posts

Uber Geek
+1 received by user: 265


  Reply # 265318 20-Oct-2009 13:37
Send private message

I had a customers box in a similar state once.

Safemode + Combofix (off usb) did the trick as long as its a detected malware.

It nukes all instances of TSRs, Explorer and any other nasties before performing a virus scan and cleanup

The alternate good method is live or PE CDs as above. You can get to the data with no fear of the original viri being executed (unless you are silly) and at the same time if its a WindowsPE run something like DrWeb CureIT (single filel virus scanner)

http://www.bleepingcomputer.com/combofix/how-to-use-combofix
http://www.freedrweb.com/cureit/



7 posts

Wannabe Geek


  Reply # 265321 20-Oct-2009 13:48
Send private message

No I haven't attempted booting in safe mode yet. Once the keyboard and mouse stopped I felit like giving up the ghost a bit but will definitely try safe mode tonight.

Thanks for the links as well.

Go Hawks!
845 posts

Ultimate Geek
+1 received by user: 43

Trusted
Subscriber

  Reply # 265322 20-Oct-2009 13:49
Send private message

Ragnor: Have booting into safe mode?

You should be able to run malwarebytes (MBAM) in safe mode to remove much of the malware. You should also be able to run SystemInternals Autoruns and remove everything suspicious from starting at startup.



I'm always dubious of removing the infection and then running along - just because how can you be absolutely certain that you have removed all the malware.


As an example, the machine I'm currently on is reporting that there are more than a million files on it.  If I was infected, how would I be able to determine absolutely what files should remain.


One other thing about using a live cd - I know of malware that alters the contents of files as they are being read - so that would give rise to not booting off that drive.


Disclaimer: Yes, I am that paranoid ...

8020 posts

Uber Geek
+1 received by user: 387

Trusted
Subscriber

  Reply # 265323 20-Oct-2009 13:58
Send private message

Yeah reformat is advised but getting into a state where you can get the users data off first is the priority.

Go Hawks!
845 posts

Ultimate Geek
+1 received by user: 43

Trusted
Subscriber

  Reply # 265330 20-Oct-2009 14:22
Send private message

Ragnor: Yeah reformat is advised but getting into a state where you can get the users data off first is the priority.



True ... although imagine if explorer.exe is corrupted.  Or another file is named explorer.exe that is in the path before the "legit" version.  This could allow the malware to be executed even in safemode.


Live CD's / plugging in the original hard drive as an external drive to another (clean) machine that has autorun disabled seems to be close to being the better options.


Admittedly - I don't know if there is malware that is this extreme out there and there are a lot of ifs, maybes and buts in this ... 

Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

IBM leads Call for Code to use cloud, data, AI, blockchain for natural disaster relief
Posted 25-May-2018 14:12

New FUJIFILM X-T100 aims to do better job than smartphones
Posted 24-May-2018 20:17

Stuff takes 100% ownership of Stuff Fibre
Posted 24-May-2018 19:41

Exhibition to showcase digital artwork from across the globe
Posted 23-May-2018 16:44

Auckland tops list of most vulnerable cities in a zombie apocalypse
Posted 23-May-2018 12:52

ASB first bank in New Zealand to step out with Garmin Pay
Posted 23-May-2018 00:10

Umbrellar becomes Microsoft Cloud Solution Provider
Posted 22-May-2018 15:43

Three New Zealand projects shortlisted in IDC Asia Pacific Smart Cities Awards
Posted 22-May-2018 15:14

UpStarters - the New Zealand tech and innovation story
Posted 21-May-2018 09:55

Lightbox updates platform with new streaming options
Posted 17-May-2018 13:09

Norton Core router launches with high-performance, IoT security in New Zealand
Posted 16-May-2018 02:00

D-Link ANZ launches new 4G LTE Dual SIM M2M VPN Router
Posted 15-May-2018 19:30

New Panasonic LUMIX FT7 ideal for outdoor: waterproof, dustproof
Posted 15-May-2018 19:17

Ryanair Goes All-In on AWS
Posted 15-May-2018 19:14

Te Papa and EQC Minecraft Mod shakes up earthquake education
Posted 15-May-2018 19:12


Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.