Help with infected laptop please

  Never again 14:47 18 Aug 10
Locked

Hi guys

My friends laptop is running windows vista basic.

She reported it acting slow and that she kept getting warnings about her internet security.

She appears to be running "my security shield" "my web search" and a number of other dodgy programs.

I donloaded and ran antimalware bytes and it found nearly a 1000 problems, which it cleaned.
Since then I cant even open an internet explorer window, and nothing runs from the run command.

Its connected to my home wireless network.

It says that windows updates are downloading but they are stuck at 24%, and have been for hours.

She had AVG trial software on it but had not renewed or installed the free version once her trial had run out.

She has some important data on the laptop, (videos and photos of her late father) somewhere in a sony erricson program, but I can't see them?

None of the proggram shortcuts seem to work either.

The busy light is going crazy

Your help would be most appreciated please.


She also can't open

  MAJ 14:58 18 Aug 10

Start off by downloading SAS portable click here to a USB memory stick and run it on the infected computer.

  DieSse 15:06 18 Aug 10

Step 1 - disconnect it from your network - just in case.....

Step 2 - get the important data off.

You can do this by running a live CD with linux - that will enable you to find and copy off the data.

Step 3 - get the Kaspersky rescue CD and try again to remove the viruses

click here

Step 4 - Run a Vista repair re-install to try and get Windows working again.

If all this works you can then try all the other thingsm like putting on an up-to-date AV, Malware remover, Disk Cleaner etc etc.

  Never again 15:07 18 Aug 10

on a restart I press f8 to load last good known configuration and the message I get in loading says that it is configuring updates stage 1 of 3 0% complete do not turn off your computer.

Does this mean that she has corrupted an update.

How should I go about uninstalling them and reinstalling them.

Also on start up it says that windows has blocked some start up programs which are the antimalware bytes and paretologic update application.

I rebooted again (last known good configuration)and the run command let me into sytem configuration utility and I enabled all in the start up folder, but still get the same message about blocked start up programs

Any ideas?

  Never again 15:09 18 Aug 10

I'll do the above and report back

Thanks for the advice

  gaucho. 15:15 18 Aug 10

Does this mean that she has corrupted an update.

No. It means windows is configuring the updates for the computer. Probably SP3.

How should I go about uninstalling them and reinstalling them.

Don't. Let windows update the files.

I rebooted again

I hope you let the configuration updates run there course before you rebooted. Otherwise you could have corrupted the windows files.

I enabled all in the start up folder, but still get the same message about blocked start up programs

Check the services folder in management. Also tick hide all microsoft services to see if any essential program is blocked

  Never again 15:50 18 Aug 10

SAS has found (so far)

8 trojsan dropper/sysNV
3 trojan agent/ gen-koobface [billx]
19 adware hbhelper
9 adware mywebsearch/ funwebproducts
21 browser hijacker deskbar
82 security hijack[image file execution options]
4 trojan agent/ gen-koobface

I'm downloading the kaspersky disk now (its at 34 %)

The windows updates don't seem to install on reboot and the windows status is vista home basic service pack 1

As I've turned the wireless off it can't connect to download them but that was stuck at 24% for the last 8 hours anyway, which is why I suspect that they are corrupted - can't I uninstall them and reinstall them?

  lotvic 16:08 18 Aug 10

I would concentrate on finding and saving the data files (videos and photos of her late father)to a different removable media - usb stick or something.

  Never again 16:36 18 Aug 10

Good advice lotvic, but I will need to meet with her tomorrow to check where she has stored them.

SAS has had a clean up and removed 155 threats. Internet explorer is now working when I connect.

Wndows updates is saying that vista sp2 is available for installation and is downloading as we speak, but I've been here before - it stops at 24% for hours.

Kaspersky cd is now at 80%

  Never again 16:36 18 Aug 10

Good advice lotvic, but I will need to meet with her tomorrow to check where she has stored them.

SAS has had a clean up and removed 155 threats. Internet explorer is now working when I connect.

Wndows updates is saying that vista sp2 is available for installation and is downloading as we speak, but I've been here before - it stops at 24% for hours.

Kaspersky cd is now at 80%

  mfletch 17:02 18 Aug 10

Download sp2 then run it to install

click here

Save all important documents first

This thread is now locked and can not be replied to.

What is ransomware and how do I protect my PC from WannaCry?

What I learned from my mentor, Oscar-winning VFX supervisor Phil Tippett

Siri vs Google Assistant