Veldor need your advice

[Gem35]

I have a friend's laptop, a toshiba satellite 1.1 ghz celly with 256 MB ram. Windows Xp Professional SP 2

The thing is virtually infested with spyware/viruses and I am trying to save it without having to wipe the hard drive and start over.
I did manage to remove a ton of spyware with adaware 2008 and now have the problem of getting rid of the viruses which total over 55 last time I checked.

I tried to use system restore but cannot get it to run very well with all of the virus pop-ups and numerous other programs running in the background.
What would you try next?
Can I run in safe mode and use avast anti-virus to try and remove the viruses?
Besides tossing it out the window do you have any tips for me?

[Veldor]

ORIGINAL: Gem35

I have a friend's laptop, a toshiba satellite 1.1 ghz celly with 256 MB ram. Windows Xp Professional SP 2

The thing is virtually infested with spyware/viruses and I am trying to save it without having to wipe the hard drive and start over.
I did manage to remove a ton of spyware with adaware 2008 and now have the problem of getting rid of the viruses which total over 55 last time I checked.

I tried to use system restore but cannot get it to run very well with all of the virus pop-ups and numerous other programs running in the background.
What would you try next?
Can I run in safe mode and use avast anti-virus to try and remove the viruses?
Besides tossing it out the window do you have any tips for me?

Yeah I once fixed a system really far gone like that more just to prove that it can be done. The basic issue is good viruses and spyware have cyclical monitoring from multiple components... So if you kill one, or even 2, the 3rd one restarts the first 2 and so forth.

There are of course a million possibilities but assuming you've already covered all the basics with the latest anti-spyware and anti-virus.. the basic tool I use is this one:

http://technet.microsoft.com/en-us/sysi ... 96653.aspx

Microsoft Acquire the whole company, SysInternals, the tool is Process Explorer.

Its been ages, cuz im not a desktop guy by profession, but I did use it on an XP system for the purpose described. If I remember correctly you boot into safe mode, run the util, and then whats key about it is that instead of just allowing you to STOP processes it lets you PAUSE them. Anyway by pausing them it fools the process... you can pull some doco on what to pause..

And then after that cleanup is easy since nothing is in memory...

Anyway best and only real idea I have... (Do try running AV in safe mode first though)

[Gem35]

Thanks for your help, so far I have removed about 20 viruses in safe mode, this is assuming they don't replicate themselves.[:)]
My friend has told me that if nothing else, wipe the system and she will deal with losing some vital files.
I won't do that until I have exhausted all other avenues.
I'll keep you posted and also look into that tool you linked.
Thanks for your concern.

[Veldor]

ORIGINAL: Gem35

Thanks for your help, so far I have removed about 20 viruses in safe mode, this is assuming they don't replicate themselves.[:)]
My friend has told me that if nothing else, wipe the system and she will deal with losing some vital files.
I won't do that until I have exhausted all other avenues.
I'll keep you posted and also look into that tool you linked.
Thanks for your concern.

Found a decent description of how to use the tool/process here:

http://miniminded.wordpress.com/2008/07 ... -computer/

I've not had any virus nasty enough to recognize the tool, but it even goes into how to get around that. Im guessing the tool alone would get whatever your AV in safe mode cannot.

Anyway Process Explorer, RegMon, FileMon, alot of the former SysInternals tools are all great things to have around in these type of situations. I remember having to get my company to pay thousands of dollars for them back in the day... Current versions appear to be free downloads by Microsoft now.

Good Luck!

[Gem35]

before I use your tool here is a sceenie of what I am up against.
This is running AV at start-up to scan the MBR.
As you can see there are numerous infections, more than 50 at last approximation.
Gosh, I don't think I have ever seen a PC this corrupted before ever, ha!
It appears the AV is deleting them, perhaps I cannot get all of them but it is a start and also appears to be a long night for me.
[:)]

[NefariousKoel]

If you want to narrow the numbers down and save some time, I'd suggest using a trial version of Prevx. 

It has nuked a lot of the viruses that other AVs can find but won't get rid of for me.  I've put it on a few customer's PCs that were pretty bad.

Only thing is.. your internet needs to be working to set it up.  At least, the last time I used it you needed one but that was about a year ago.

http://info.prevx.com/downloadprevx2.asp

[Grell]

About a week and a half ago I got a supposed email from UPS about a shipment. I had a few games on order and thought it was legit so I clicked on the exe. My comp was hit by a very bad virus. On last Sunday I had to reformat, I am quite mad with myself.

Regards,

Greg

[Gem35]

After a long and tough battle the Laptop succumbed to the bad guys...
Re-installed windows.[:)]

[andym]

i have a question,i have a laptop that refuses to turn itself off.It shuts down as all is normal,then 5 to 10 secs later it boots back up!I have to remove the battery to shut down.Any ideas.

[hermanhum]

Just ignore it until it says,

"Dr Bowman, what are you doing?...."

[andym]

Very funny but sadly unhelpful![:D][:D][:D]

[noxious]

Can be many things : The Google Search on the topic

Over 10,000,000 hits, so you should find relevant info in the first half dozen or so

[USSAmerica]

ORIGINAL: Gem35

Thanks for your help, so far I have removed about 20 viruses in safe mode, this is assuming they don't replicate themselves.[:)]
My friend has told me that if nothing else, wipe the system and she will deal with losing some vital files.
I won't do that until I have exhausted all other avenues.
I'll keep you posted and also look into that tool you linked.
Thanks for your concern.

OK, now I understand all this effort. [;)][:'(]

[Gem35]

ORIGINAL: USS America

ORIGINAL: Gem35

Thanks for your help, so far I have removed about 20 viruses in safe mode, this is assuming they don't replicate themselves.[:)]
My friend has told me that if nothing else, wipe the system and she will deal with losing some vital files.
I won't do that until I have exhausted all other avenues.
I'll keep you posted and also look into that tool you linked.
Thanks for your concern.

OK, now I understand all this effort. [;)][:'(]

SHE is happily married and is a good friend of mine Mike.[:-]

[Veldor]

ORIGINAL: andym

i have a question,i have a laptop that refuses to turn itself off.It shuts down as all is normal,then 5 to 10 secs later it boots back up!I have to remove the battery to shut down.Any ideas.

Call an exorcist, Buy a new laptop, or reinstall windows.

A really long shot would be to check your laptops BIOS settings for power etc. Its almost as if your machine is hanging on shutdown (See that google search for 10,000+ reasons why) and then your BIOS is kicking in and "recovering" your laptop by rebooting it.