Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsDesktop computingCrippled Computer


7 posts

Wannabe Geek


#43540 20-Oct-2009 10:49
Send private message

An elderly relative of mine has a seriously infected computer, operating with XP.

I know what the virus/es are (seres.exe & svcst.exe).

I managed to back up some information, however I could not get everything as the process was extremely slow due to the virus taxing valuable resources. When I attempted to install another anti-virus (Nod32) since the original seems to have been crippled, the keyboard and mouse ceased to function - meaning I couldn't input any serial key.

Is there any way, without having to boot into XP that I can:
1. Retrieve the data stored on the hard drive? and
2. Format and install another less resource hungry OS (ubuntu)

Thanks!

Create new topic
507 posts

Ultimate Geek


  #265246 20-Oct-2009 11:03
Send private message

If they are elderly do they really have anything worth saving?

I mean.....sure I wouldnt want to lose a couple of TB of pr0n or a few years of digital photos but Id suggest just a totally virgin install and setup of antivirus etc by yourself.

More than likely being "elderly" they dont have any of the above!




 


The force is strong with this one!



7 posts

Wannabe Geek


  #265249 20-Oct-2009 11:08
Send private message

rossmnz: If they are elderly do they really have anything worth saving?

I mean.....sure I wouldnt want to lose a couple of TB of pr0n or a few years of digital photos but Id suggest just a totally virgin install and setup of antivirus etc by yourself.

More than likely being "elderly" they dont have any of the above!



There are family photos that have been emailed to them etc as well as records from when they operated a home business.

The photos can be resent but the business records are probably quite important and I'd like to give it a shot at salvaging the data.

Cheers

 
 
 
 


BDFL - Memuneh
67048 posts

Uber Geek

Administrator
Trusted
Geekzone
Lifetime subscriber

  #265251 20-Oct-2009 11:10
Send private message

"Elderly" doesn't mean inactive. My parents-in-law (no I wouldn't call them "elderly) have about 15GB of pictures in one of their laptops, plus business documents - all with online backup so I know they have some protection.

As for the problem at hand. Installing two AV software on the same PC is a no-no. They will interfere with each other and cause problems. If the PC is in such bad state then I recommend you get an external USB case, add their drive to that and plug into your computer (which will be will protected, right?).

Then copy the data files you need - no programs!... And run a scan to make sure it's all ok.

Next put the drive back in their PC and reinstall the OS. Immediately after you install an AV and ALL updates available.

Regardless of OS - Windows, Mac OS or Linux - you will always have updates available so make sure that the OS is up-to-date.

Then give them some lessons. No opening unknown files. No installing sofware they don't need. No installing toolbars or add-ons. Some common sense! This goes a long way. My parents-in-law have not had a virus or malware attack in a long time, probably more than six years now.




 

 

Geekzone broadband switch | Backblaze backup (Geekzone aff) | Amazon (Geekzone aff) | MightyApe (Geekzone aff) | Sharesies (ref code) | My technology disclosure 

507 posts

Ultimate Geek


  #265255 20-Oct-2009 11:18
Send private message

Well there you go Mauricio.

You wouldnt call them elderly. Personally i would only call someone elderly who is like 70 plus.

If they have ran a home business then i suggest you also advise to keep a hard copy of all the files aswell as several backed up copies.
If the IRD come a-knockin and there are no records for whatever reason they might be in the poo!




 


The force is strong with this one!

BDFL - Memuneh
67048 posts

Uber Geek

Administrator
Trusted
Geekzone
Lifetime subscriber

  #265256 20-Oct-2009 11:21
Send private message

Backup! Backup! Backup! Backup! Backup! Backup! Backup! Backup! Backup! Backup! Backup!




 

 

Geekzone broadband switch | Backblaze backup (Geekzone aff) | Amazon (Geekzone aff) | MightyApe (Geekzone aff) | Sharesies (ref code) | My technology disclosure 



7 posts

Wannabe Geek


  #265265 20-Oct-2009 11:28
Send private message

freitasm: "Elderly" doesn't mean inactive. My parents-in-law (no I wouldn't call them "elderly) have about 15GB of pictures in one of their laptops, plus business documents - all with online backup so I know they have some protection.

As for the problem at hand. Installing two AV software on the same PC is a no-no. They will interfere with each other and cause problems. If the PC is in such bad state then I recommend you get an external USB case, add their drive to that and plug into your computer (which will be will protected, right?).

Then copy the data files you need - no programs!... And run a scan to make sure it's all ok.

Next put the drive back in their PC and reinstall the OS. Immediately after you install an AV and ALL updates available.

Regardless of OS - Windows, Mac OS or Linux - you will always have updates available so make sure that the OS is up-to-date.

Then give them some lessons. No opening unknown files. No installing sofware they don't need. No installing toolbars or add-ons. Some common sense! This goes a long way. My parents-in-law have not had a virus or malware attack in a long time, probably more than six years now.




They are my grandparents, so IMO they are elderly but that's besides the point.

Thanks very much Freitasm. I will try to get an external USB case and see how that goes.

Go Hawks!
1009 posts

Uber Geek

Trusted
Subscriber

  #265283 20-Oct-2009 12:14
Send private message

 As for the problem at hand. Installing two AV software on the same PC is a no-no. They will interfere with each other and cause problems. If the PC is in such bad state then I recommend you get an external USB case, add their drive to that and plug into your computer (which will be will protected, right?).



I'd suggest using something like an Ubuntu live CD in conjunction with an external disk - in theory, the virii on the hard drive will not be multi platform, copy the data off.


Then copy the data files you need - no programs!... And run a scan to make sure it's all ok.

Next put the drive back in their PC and reinstall the OS. Immediately after you install an AV and ALL updates available.

Regardless of OS - Windows, Mac OS or Linux - you will always have updates available so make sure that the OS is up-to-date.

Then give them some lessons. No opening unknown files. No installing sofware they don't need. No installing toolbars or add-ons. Some common sense! This goes a long way. My parents-in-law have not had a virus or malware attack in a long time, probably more than six years now.



+1 for all of that - I'd add also make sure that the "everyday" account doesn't have Administrator rights (or some path that requires user intervention to upgrade the permissions).


If you are considering a different OS, then you need to ensure that they can do everything they used to - i.e. if there is a photo application that they use, make sure you find an appropriate replacement.  If you do not they'll not be happy with you and / or get someone else to help out with their computing woes ...

 
 
 
 




7 posts

Wannabe Geek


  #265285 20-Oct-2009 12:22
Send private message

Thanks for the suggestion of the Ubuntu live CD, I'll try this also.

Good point. I'll do some research to ensure they can still do everything before going for another OS.

Go Hawks!
1009 posts

Uber Geek

Trusted
Subscriber

  #265288 20-Oct-2009 12:25
Send private message

Oh, me being paranoid as well would tend to install a brand new drive and store the old drive for a period of time (3 months, maybe) - this is simply if in 2 weeks time you get asked where a file is that you didn't manage to restore back you have an option of using the old hard drive to find the file.

I think of this specifically due to the way that multiple applications will store their files in seemingly random places (Outlook in $HOME\Local Settings\blah blah, Outlook Express in $HOME\Application Data - etc.)

Hopefully that is clear.

8035 posts

Uber Geek

Trusted

  #265316 20-Oct-2009 13:33
Send private message

Have you tried booting into safe mode?

You should be able to run malwarebytes (MBAM) in safe mode to remove much of the malware. You should also be able to run SystemInternals Autoruns and remove everything suspicious from starting at startup.

That should hopefully allow you to copy the data off the system preferably to a USB drive or DVD.

Reformat and clean install is strongly advised after that.

3813 posts

Uber Geek


  #265318 20-Oct-2009 13:37
Send private message

I had a customers box in a similar state once.

Safemode + Combofix (off usb) did the trick as long as its a detected malware.

It nukes all instances of TSRs, Explorer and any other nasties before performing a virus scan and cleanup

The alternate good method is live or PE CDs as above. You can get to the data with no fear of the original viri being executed (unless you are silly) and at the same time if its a WindowsPE run something like DrWeb CureIT (single filel virus scanner)

http://www.bleepingcomputer.com/combofix/how-to-use-combofix
http://www.freedrweb.com/cureit/



7 posts

Wannabe Geek


  #265321 20-Oct-2009 13:48
Send private message

No I haven't attempted booting in safe mode yet. Once the keyboard and mouse stopped I felit like giving up the ghost a bit but will definitely try safe mode tonight.

Thanks for the links as well.

Go Hawks!
1009 posts

Uber Geek

Trusted
Subscriber

  #265322 20-Oct-2009 13:49
Send private message

Ragnor: Have booting into safe mode?

You should be able to run malwarebytes (MBAM) in safe mode to remove much of the malware. You should also be able to run SystemInternals Autoruns and remove everything suspicious from starting at startup.



I'm always dubious of removing the infection and then running along - just because how can you be absolutely certain that you have removed all the malware.


As an example, the machine I'm currently on is reporting that there are more than a million files on it.  If I was infected, how would I be able to determine absolutely what files should remain.


One other thing about using a live cd - I know of malware that alters the contents of files as they are being read - so that would give rise to not booting off that drive.


Disclaimer: Yes, I am that paranoid ...

8035 posts

Uber Geek

Trusted

  #265323 20-Oct-2009 13:58
Send private message

Yeah reformat is advised but getting into a state where you can get the users data off first is the priority.

Go Hawks!
1009 posts

Uber Geek

Trusted
Subscriber

  #265330 20-Oct-2009 14:22
Send private message

Ragnor: Yeah reformat is advised but getting into a state where you can get the users data off first is the priority.



True ... although imagine if explorer.exe is corrupted.  Or another file is named explorer.exe that is in the path before the "legit" version.  This could allow the malware to be executed even in safemode.


Live CD's / plugging in the original hard drive as an external drive to another (clean) machine that has autorun disabled seems to be close to being the better options.


Admittedly - I don't know if there is malware that is this extreme out there and there are a lot of ifs, maybes and buts in this ... 

Create new topic



Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Samsung Announces 2020 QLED TV Range
Posted 20-May-2020 16:29

D-Link A/NZ launches AI-Powered body temperature measuring system
Posted 20-May-2020 16:22

NortonLifeLock Online Banking Protection now available for New Zealand banks
Posted 20-May-2020 16:14

SD Express delivers new gigabyte speeds for SD memory cards
Posted 20-May-2020 15:00

D-Link A/NZ launches Nuclias cloud managed network solution hosted in Australia
Posted 11-May-2020 17:53

Logitech introduces new video streaming solution for home studios
Posted 11-May-2020 17:48

Next generation Volvo cars to be powered by Luminar LiDAR technology
Posted 7-May-2020 13:56

D-Link A/NZ launches Wi-Fi Certified EasyMesh system
Posted 7-May-2020 13:51

Spark teams up with Microsoft to bring Xbox All Access to New Zealand
Posted 7-May-2020 13:01

Microsoft plans to establish its first datacenter region in New Zealand
Posted 6-May-2020 11:35

Genesis School-gen has joined forces with Mind Lab Kids
Posted 1-May-2020 12:53

Malwarebytes expands into privacy with fast, frictionless VPN
Posted 30-Apr-2020 16:06

Kordia to donate TV airtime on Channel 200 to community groups
Posted 30-Apr-2020 16:00

OPPO A91 is a high specs mid-range smartphone
Posted 23-Apr-2020 16:44

NordVPN rolling out NordLynx new generation VPN protocol based on WireGuard
Posted 23-Apr-2020 16:37


Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.