I am hearing more and more of new computer users getting severely infected with Malware, Spyware, Trojans, etc.. I am currently working on a system that is, by far, the worst one I have ever seen. I have the system back running and am going to document the procedures I followed in the next couple of days. I’m also going to include links to the free (yes free!) software you can download and use to prevent this from happening to you.
*** Update 02/08/2009 ***
Link to Free Internet Security Software //www.geeksinphoenix.com/blog/post/2009/02/06/Free-Internet-Security-Software.aspx
'Note: I took on this client as I felt he really needed the assistance. He’s an older veteran who just graduated from school. He bought a used computer and then connected it to a high speed connection. Without any knowledge of what he needed for security software, he quickly got infected. The story does end happily (should I tell you now or make you go to the bottom of the page). Alright, I built a new system for him from my spare parts and loaded all of his old software on to it. System cost: $0. Good feeling: Priceless (sorry MasterCard, I had to use it).'
Let me first outline the situation. I got a call from a gentleman whom had purchased a used computer and it got infected. It was so bad that it would not even boot into Safe Mode. When I got it, I immediality went to back it up. It was then I discovered the system would not boot to a cd-rom (red flag). This was my first issue.
The system had a floppy drive, so I installed a network card I knew worked and had DOS drivers for. I then created network boot disks and was able to backup across the network. The data being transmitted from the client was different in size to what the server was receiving (red flag).
I now had a good, working image of the hard drive. It was apparent that a system driver was failing to load and causing the crash. I wanted the check the hard drive for errors first. Since this drive was FAT 32, I used a Windows 98 SE boot disk with support tools and ran scandisk on the hard drive. The surface scan indicated a bad cluster on the drive (drive failure!). A quick download of the diagnostic software from the hard drive manufacturer confirmed the hard drive failure.
Luckily I had a hard drive of equal size and cloned the drive image back to a new drive. A quick Scandisk to check for errors and away I went, but I still was getting errors when booting. I changed boot options and was able to get the error screen to stay up. I took a photo to do more research. Turns out the error is coming from the on-board IDE controller (controller failure for sure, possible mother board failure). This would explain the issue with the cd-rom.
I happen to have a spare PCI IDE controller card from when I had to have eight drives in one of my systems (opposed to the standard four at the time). I’ll tell the story of the system that I built that I had to disabled all on board devices to kept running at a later time. What I did to keep that 486 running was amazing.
I installed the controller card and almost immediately discovered the BIOS were coming up scrambled. I couldn’t boot strap the bios. That was it, motherboard failure. The project now was now to rebuild the computer. The motherboard failure made me leery of using any of the old hardware. You just don’t know what else may be damaged (we know the hard drive was).
So I went around the home to see what I could find. A Pentium-D 805, ECS P4M800, a 256 mb stick of PC-3200 memory, cd-rom, floppy drive, hard drive, power supply and case. A little modification to the case to allow clearance for the power connector to the motherboard and I was off and running.
I assembled the system and got the original image loaded on it. I was still getting boot errors, but it did boot. Of course Windows found all sorts of new hardware. But the ‘Pop Ups’ were coming on hard and fast. And so were the system errors.
So I went and opened the hard drive image file and it was there I found a couple hundred of infections. I made a copy of the image and then proceeded to manually edit the contents of it.
I was able to remove about three hundred (300) or so infected files. I then pushed the revised image to the new system. I was then able to get the ‘Pop Ups’ and errors to come down quite a bit. I turned off ‘System Restore’, installed Malware and started a scan. It found several infections and removed all on reboot.
I then installed AVG, updated definitions by file and ran a complete scan. It was then that I found out that this system was beyond repair. It had an infection that attaches itself to every executable file on the hard drive. AVG found over seven thousand (7,000) of these infections. At this point it is time to completely wipe the hard drive and do a clean install of Windows.
That’s where the story ends. I reloaded all of the applications, user files, etc. The computer is in place and running beautifully. It’s again hooked up to high speed internet, but this time with protection.