Geeks in Phoenix

Geek Blog


A real life virus removal horror story

I hear more and more new computer users are getting severely infected with malware, spyware, Trojans, etc. I am currently working on a system that is, by far, the worst one I have ever seen. I have the system back running and have documented the procedures I followed to clean up this system. I have included a link at the bottom of this article to an article on free Internet security software.

Note: I took on this client as I felt he needed assistance. He’s an older veteran who just graduated from school. He bought a used computer and then connected it to a high-speed connection. Without any knowledge of what he needed for security software, he quickly got infected. The story does end happily (should I tell you now or make you go to the bottom of the page). I built a new system for him from my spare parts and loaded all his old software onto it. System cost: $0. Good feeling: Priceless.

Let me first outline the situation. I got a call from a gentleman who had purchased a used computer, and it got infected. It was so bad that it would not even boot into Safe Mode. When I got it, I immediately went to back it up. It was then that I discovered the system would not boot to a CD-ROM (red flag). This was my first issue.

The system had a floppy drive, so I installed a network card I knew worked and had DOS drivers. I then created network boot disks and was able to back up across the network. The data transmitted from the client was different in size from what the server received (red flag).

I now had a good working image of the hard drive. A system driver was failing to load, which caused the crash. I wanted to check the hard drive for errors first. Since this drive was FAT 32, I used a Windows 98 SE boot disk with support tools and ran Scandisk on it. The surface scan indicated a bad cluster on the drive (drive failure?). A quick download of the diagnostic software from the hard drive manufacturer confirmed the hard drive failure.

Luckily, I had an equal-sized hard drive and cloned the drive image back to a new drive. A quick Scandisk to check for errors, and away I went, but I still got errors when booting. I changed the boot options and was able to get the error screen to stay up. I took a photo to do more research. It turns out the error is coming from the onboard IDE controller (controller failure for sure, possible motherboard failure). This would explain the issue with the CD-ROM.

I happen to have a spare PCI IDE controller card from when I had to have eight drives in one of my systems (as opposed to the standard four at the time). I’ll tell the story of the system I built, where I had to turn off all onboard devices to keep running later. What I did to keep that 486 running was amazing.

I installed the controller card and almost immediately discovered the BIOS was scrambled. I couldn’t bootstrap the BIOS. That was it - motherboard failure. The project now was how to rebuild the computer. The motherboard failure made me suspicious of using any of the old hardware. You don’t know what else may be damaged (we know the hard drive was).

So I went around the office to see what I could find. A Pentium-D 805, ECS P4M800, a 256 MB stick of PC-3200 memory, CD-ROM, floppy drive, hard drive, power supply, and case. A slight modification to the case allowed clearance for the power connector to the motherboard, and I was off and running.

I assembled the system and loaded the original image. I was still getting boot errors, but it did boot. Of course, Windows found all sorts of new hardware. But the pop-ups were coming on hard and fast, and so were the system errors.

So I opened the hard drive image file, and there I found a couple hundred infections. I made a copy of the image and then proceeded to edit its contents manually. I was able to remove about three hundred (300) or so infected files. I then pushed the revised image to the new system. I could get the pop-ups and errors to come down quite a bit. I turned off System Restore, installed Malwarebytes, and started a scan. It found several infections and removed all on reboot.

I installed AVG, updated definitions by file, and ran a complete scan. It was then that I found out that this system was beyond repair. It had an infection that attaches itself to every executable file on the hard drive. AVG found over seven thousand (7,000) of these infections. Now, it is time to completely wipe the hard drive and do a clean install of Windows.

That’s where the story ends. I reloaded all of the applications, user files, etc. The computer is in place and running beautifully. It’s again hooked up to high-speed internet, but this time with protection.

Free Internet Security Software

Add comment

Free computer diagnostics

Repairing a PC can sometimes be expensive, and that is why we offer free basic in-shop diagnostics. Give one of our professional and experienced technicians a call at (602) 795-1111, and let's see what we can do for you.

Check out our reviews

Geeks In Phoenix LLC, BBB Business Review

Customer service is #1

Here at Geeks in Phoenix, we take pride in providing excellent customer service. We aim to give the highest quality of service  from computer repair, virus removal, and data recovery.

Bring your computer to us and save

Repairing a computer can be time-consuming. That is why we base our in-shop service on the time we work on your computer, not the time it takes for your computer to work! From running memory checking software to scanning for viruses, these are processes that can take some time.

Contact us

If you have any questions, please feel free to give us a call at (602) 795-1111  and talk with one of our Geeks. Or you can send us a message from our contact page , and one of our Geeks will get back to you as soon as possible. Or you can stop by and see us. Here are our hours and location.

Like Geeks in Phoenix on Facebook

Follow Geeks in Phoenix on Twitter

Watch Geeks in Phoenix on YouTube