Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




7 posts

Wannabe Geek


Topic # 43540 20-Oct-2009 10:49
Send private message

An elderly relative of mine has a seriously infected computer, operating with XP.

I know what the virus/es are (seres.exe & svcst.exe).

I managed to back up some information, however I could not get everything as the process was extremely slow due to the virus taxing valuable resources. When I attempted to install another anti-virus (Nod32) since the original seems to have been crippled, the keyboard and mouse ceased to function - meaning I couldn't input any serial key.

Is there any way, without having to boot into XP that I can:
1. Retrieve the data stored on the hard drive? and
2. Format and install another less resource hungry OS (ubuntu)

Thanks!

Create new topic
507 posts

Ultimate Geek
+1 received by user: 31


  Reply # 265246 20-Oct-2009 11:03
Send private message

If they are elderly do they really have anything worth saving?

I mean.....sure I wouldnt want to lose a couple of TB of pr0n or a few years of digital photos but Id suggest just a totally virgin install and setup of antivirus etc by yourself.

More than likely being "elderly" they dont have any of the above!




 


The force is strong with this one!



7 posts

Wannabe Geek


  Reply # 265249 20-Oct-2009 11:08
Send private message

rossmnz: If they are elderly do they really have anything worth saving?

I mean.....sure I wouldnt want to lose a couple of TB of pr0n or a few years of digital photos but Id suggest just a totally virgin install and setup of antivirus etc by yourself.

More than likely being "elderly" they dont have any of the above!



There are family photos that have been emailed to them etc as well as records from when they operated a home business.

The photos can be resent but the business records are probably quite important and I'd like to give it a shot at salvaging the data.

Cheers

 
 
 
 


BDFL - Memuneh
58094 posts

Uber Geek
+1 received by user: 9634

Administrator
Trusted
Geekzone
Subscriber

  Reply # 265251 20-Oct-2009 11:10
Send private message

"Elderly" doesn't mean inactive. My parents-in-law (no I wouldn't call them "elderly) have about 15GB of pictures in one of their laptops, plus business documents - all with online backup so I know they have some protection.

As for the problem at hand. Installing two AV software on the same PC is a no-no. They will interfere with each other and cause problems. If the PC is in such bad state then I recommend you get an external USB case, add their drive to that and plug into your computer (which will be will protected, right?).

Then copy the data files you need - no programs!... And run a scan to make sure it's all ok.

Next put the drive back in their PC and reinstall the OS. Immediately after you install an AV and ALL updates available.

Regardless of OS - Windows, Mac OS or Linux - you will always have updates available so make sure that the OS is up-to-date.

Then give them some lessons. No opening unknown files. No installing sofware they don't need. No installing toolbars or add-ons. Some common sense! This goes a long way. My parents-in-law have not had a virus or malware attack in a long time, probably more than six years now.





507 posts

Ultimate Geek
+1 received by user: 31


  Reply # 265255 20-Oct-2009 11:18
Send private message

Well there you go Mauricio.

You wouldnt call them elderly. Personally i would only call someone elderly who is like 70 plus.

If they have ran a home business then i suggest you also advise to keep a hard copy of all the files aswell as several backed up copies.
If the IRD come a-knockin and there are no records for whatever reason they might be in the poo!




 


The force is strong with this one!

BDFL - Memuneh
58094 posts

Uber Geek
+1 received by user: 9634

Administrator
Trusted
Geekzone
Subscriber

  Reply # 265256 20-Oct-2009 11:21
Send private message

Backup! Backup! Backup! Backup! Backup! Backup! Backup! Backup! Backup! Backup! Backup!






7 posts

Wannabe Geek


  Reply # 265265 20-Oct-2009 11:28
Send private message

freitasm: "Elderly" doesn't mean inactive. My parents-in-law (no I wouldn't call them "elderly) have about 15GB of pictures in one of their laptops, plus business documents - all with online backup so I know they have some protection.

As for the problem at hand. Installing two AV software on the same PC is a no-no. They will interfere with each other and cause problems. If the PC is in such bad state then I recommend you get an external USB case, add their drive to that and plug into your computer (which will be will protected, right?).

Then copy the data files you need - no programs!... And run a scan to make sure it's all ok.

Next put the drive back in their PC and reinstall the OS. Immediately after you install an AV and ALL updates available.

Regardless of OS - Windows, Mac OS or Linux - you will always have updates available so make sure that the OS is up-to-date.

Then give them some lessons. No opening unknown files. No installing sofware they don't need. No installing toolbars or add-ons. Some common sense! This goes a long way. My parents-in-law have not had a virus or malware attack in a long time, probably more than six years now.




They are my grandparents, so IMO they are elderly but that's besides the point.

Thanks very much Freitasm. I will try to get an external USB case and see how that goes.

Go Hawks!
735 posts

Ultimate Geek
+1 received by user: 20

Trusted
Subscriber

  Reply # 265283 20-Oct-2009 12:14
Send private message

 As for the problem at hand. Installing two AV software on the same PC is a no-no. They will interfere with each other and cause problems. If the PC is in such bad state then I recommend you get an external USB case, add their drive to that and plug into your computer (which will be will protected, right?).



I'd suggest using something like an Ubuntu live CD in conjunction with an external disk - in theory, the virii on the hard drive will not be multi platform, copy the data off.


Then copy the data files you need - no programs!... And run a scan to make sure it's all ok.

Next put the drive back in their PC and reinstall the OS. Immediately after you install an AV and ALL updates available.

Regardless of OS - Windows, Mac OS or Linux - you will always have updates available so make sure that the OS is up-to-date.

Then give them some lessons. No opening unknown files. No installing sofware they don't need. No installing toolbars or add-ons. Some common sense! This goes a long way. My parents-in-law have not had a virus or malware attack in a long time, probably more than six years now.



+1 for all of that - I'd add also make sure that the "everyday" account doesn't have Administrator rights (or some path that requires user intervention to upgrade the permissions).


If you are considering a different OS, then you need to ensure that they can do everything they used to - i.e. if there is a photo application that they use, make sure you find an appropriate replacement.  If you do not they'll not be happy with you and / or get someone else to help out with their computing woes ...



7 posts

Wannabe Geek


  Reply # 265285 20-Oct-2009 12:22
Send private message

Thanks for the suggestion of the Ubuntu live CD, I'll try this also.

Good point. I'll do some research to ensure they can still do everything before going for another OS.

Go Hawks!
735 posts

Ultimate Geek
+1 received by user: 20

Trusted
Subscriber

  Reply # 265288 20-Oct-2009 12:25
Send private message

Oh, me being paranoid as well would tend to install a brand new drive and store the old drive for a period of time (3 months, maybe) - this is simply if in 2 weeks time you get asked where a file is that you didn't manage to restore back you have an option of using the old hard drive to find the file.

I think of this specifically due to the way that multiple applications will store their files in seemingly random places (Outlook in $HOME\Local Settings\blah blah, Outlook Express in $HOME\Application Data - etc.)

Hopefully that is clear.

8020 posts

Uber Geek
+1 received by user: 384

Trusted
Subscriber

  Reply # 265316 20-Oct-2009 13:33
Send private message

Have you tried booting into safe mode?

You should be able to run malwarebytes (MBAM) in safe mode to remove much of the malware. You should also be able to run SystemInternals Autoruns and remove everything suspicious from starting at startup.

That should hopefully allow you to copy the data off the system preferably to a USB drive or DVD.

Reformat and clean install is strongly advised after that.

1845 posts

Uber Geek
+1 received by user: 142


  Reply # 265318 20-Oct-2009 13:37
Send private message

I had a customers box in a similar state once.

Safemode + Combofix (off usb) did the trick as long as its a detected malware.

It nukes all instances of TSRs, Explorer and any other nasties before performing a virus scan and cleanup

The alternate good method is live or PE CDs as above. You can get to the data with no fear of the original viri being executed (unless you are silly) and at the same time if its a WindowsPE run something like DrWeb CureIT (single filel virus scanner)

http://www.bleepingcomputer.com/combofix/how-to-use-combofix
http://www.freedrweb.com/cureit/



7 posts

Wannabe Geek


  Reply # 265321 20-Oct-2009 13:48
Send private message

No I haven't attempted booting in safe mode yet. Once the keyboard and mouse stopped I felit like giving up the ghost a bit but will definitely try safe mode tonight.

Thanks for the links as well.

Go Hawks!
735 posts

Ultimate Geek
+1 received by user: 20

Trusted
Subscriber

  Reply # 265322 20-Oct-2009 13:49
Send private message

Ragnor: Have booting into safe mode?

You should be able to run malwarebytes (MBAM) in safe mode to remove much of the malware. You should also be able to run SystemInternals Autoruns and remove everything suspicious from starting at startup.



I'm always dubious of removing the infection and then running along - just because how can you be absolutely certain that you have removed all the malware.


As an example, the machine I'm currently on is reporting that there are more than a million files on it.  If I was infected, how would I be able to determine absolutely what files should remain.


One other thing about using a live cd - I know of malware that alters the contents of files as they are being read - so that would give rise to not booting off that drive.


Disclaimer: Yes, I am that paranoid ...

8020 posts

Uber Geek
+1 received by user: 384

Trusted
Subscriber

  Reply # 265323 20-Oct-2009 13:58
Send private message

Yeah reformat is advised but getting into a state where you can get the users data off first is the priority.

Go Hawks!
735 posts

Ultimate Geek
+1 received by user: 20

Trusted
Subscriber

  Reply # 265330 20-Oct-2009 14:22
Send private message

Ragnor: Yeah reformat is advised but getting into a state where you can get the users data off first is the priority.



True ... although imagine if explorer.exe is corrupted.  Or another file is named explorer.exe that is in the path before the "legit" version.  This could allow the malware to be executed even in safemode.


Live CD's / plugging in the original hard drive as an external drive to another (clean) machine that has autorun disabled seems to be close to being the better options.


Admittedly - I don't know if there is malware that is this extreme out there and there are a lot of ifs, maybes and buts in this ... 

Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Red Hat unveils production-ready open source hyperconverged infrastructure
Posted 23-Jun-2017 22:10


Whatever ailed Vodafone broadband … seems to be fixed
Posted 23-Jun-2017 14:10


VMware NSX Meets Stringent Government Security Standards with Common Criteria Certification
Posted 22-Jun-2017 19:05


Brother launches next-generation colour laser printers and all-in- ones for business
Posted 22-Jun-2017 18:56


Intel and IOC announce partnership
Posted 22-Jun-2017 18:50


Samsung Galaxy Tab S3: Best Android tablet
Posted 21-Jun-2017 12:05


Wellington-based company helping secure Microsoft browsers
Posted 20-Jun-2017 20:51


Endace delivers high performance with new 1/10/40 Gbps packet capture card
Posted 20-Jun-2017 20:50


You can now integrate SMX security into Microsoft Office 365, Google and other cloud email platforms
Posted 20-Jun-2017 20:47


Ravensdown launches new decision-making tool HawkEye
Posted 19-Jun-2017 15:38


Spark planning to take on direct management of all consumer stores
Posted 19-Jun-2017 10:03


Qrious acquires Ubiquity
Posted 14-Jun-2017 12:21


Spark New Zealand prepares for 5G with Nokia
Posted 14-Jun-2017 12:16


The future-proof 10.5-inch iPad Pro
Posted 13-Jun-2017 18:16


Mandatory data breach reporting in Australia
Posted 13-Jun-2017 11:30



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.