Busted! Now, how to fix the computer? (Long intro)

My nephew is 12-1/2 and (my sister says) has ADHD. A few months ago he got a cheap laptop for school. He emailed me, and I was able to decipher most of what he was trying to say. Basically: ‘I need a Mac so I can play Minecraft. Buy me one.’ Seems his laptop is running very slow. I told him his computer probably has malware on it that’s slowing it down, and suggested he download Malwarebytes. I don’t know if he did or didn’t, but he wrote back apparently saying he needs a Mac, and for me to get the money together and give him one for his birthday. :rolleyes:

My sister is completely computer-illiterate, but I called her to explain the computer is probably infected, and she needs to see that my nephew does what is necessary to clean it up. She says that the nephew is sneaky and changed screens whenever she tries to see what he’s doing. ‘See, mom? I’m doing school work!’ :dubious: She asked if there was any way to find out what he was doing. I’ve never even seen Chrome, but I did a little searching and told her how to find History. Oops.

History was full of Minecraft and porn sites. I told her the best way to get a virus is to visit porn sites, and that she needs to turn on parental controls. Unfortunately, I found out that Google Chrome does not have parental protections. A Google employee posted on a Q&A site that parents need to d/l Windows Live Essentials. I got home from work to find two emails from my nephew. The first was telling me (telling me!) to ‘get the money together’, and the second was protesting that he doesn’t go to porn sites. I wrote him a long reply, and then called sis.

I read her the email I sent to my nephew, and she was a bit taken aback by his audacity. Anyway, I told her that all of those porn links in History (lots of cartoon porn and hentai included) might have gotten there innocently enough. Nephew wants the full version of Minecraft, and he may have been searching for one to download free and clicked on pages that infected his computer with viruses that pop up porn links. Heck (I told her) it happened to me once when I was looking up businesses addresses at my job. It can happen. (On the other hand, I was 12 years old once, and I know how things are.) Regardless of how the links and, I suspect, the malware got there, the computer needs to be cleaned up.

Now that the boring intro is out of the way:
[ul][li]Their McAffee apparently did not catch the malware. Will Malwarebytes catch it all?[/li][li]Does Windows Live Essentials have adequate parental controls, and will they prevent clicking on infected sites that seem innocent?[/li][li]What other steps can be taken by someone who knows nothing about computers to clean it?[/li][li]How can she ensure the computer is not re-infected?[/ul][/li]BIL’s niece is supposed to be ‘good with computers’ and is supposed to go over this weekend. She can probably do the Malwarebytes and WLE. Nephew is ‘grounded’ from using the computer.

When I had a problem recently, Microsoft Security Essentials found some malware that Malwarebytes had not. MSE also offers real-time protection, IIRC.

It also turned out, though, that I had a nasty rootkit that resisted both of them and required some special and complicated countermeasures. If MB and MSE don’t do the trick, the easiest way of dealing with any resistant problems on your nephew’s computer would probably be to try to find a system restore point that predates the infection. He’d lose any programs added since then, but not data.

A good uncle might also point him to some porn sites that won’t trash his system. :wink:

Parent of twin 13 year old boys and a computer tech here.

Parental controls are pretty much futile and often cause more problems than they fix. If you want to go that route I reccomend they look into running him as a limited user and locking DNS to an openDNS account where they can selectively restrict websites that way.

I prefer the “dad knows everything and can apparently see through walls” method.


Rules are laid down, every so often, log into the monitoring program and check. If rules were broken, restricted from the computer, period, no appeal, no debate. Then again being a tech, I can do things like kill web access to a certain MAC address during certain hours, and enable or release it from my phone.

There is no substitute for parental involvement…trying to make a discipline problem into a computer problem is a recipie for disaster.

There is no decisive way to prevent infection. The anaology I use with my customers is “antivirus programs are like bulletproof vests, good to have if you get hit, but not a guarentee you will not get hurt.”

All AV apps have their blind spots, they just have differnt ones. In our shop, all machines get hit with a cocktail of programs that in our experience has only led to a handful of warranty issues.

With more than a few viruses this is futile. They infect the restore archives, to avoid this simple fix

Use my method from previos post…he is still busted.

Alas, I don’t go to porn sites! I wouldn’t know which are safe, and assume they’re all vectors.

About monitoring: Is there a way for the computer to automatically write History to a file?

Forgot this Q

There is little substitute for some basic tech knowhow when dealing with many viruses.

My thoughts:

Make sure he is on a limited account, dont ever let him have the password, make him step away when you type it in to install something. by restricting the admin, many viruses cannot dig in hard and are sometimes restricted to one user profile.

Install something with teeth like AVG, and make sure it gets updated, verify it is being updated at least every week. It should do it on its own every day.

Install malwarebytes, manually update it at least weekly, better if anytime you use the puter you pull an update just to keep it up to date, only takes around 30 seconds.

parental controls can do this, the program I mentioned does this, so can several third party apps.

Not sure if win7 home has access to gpedit.msc (probably not) if it does you can lock out the ability to delete the history.

definitely a lot more techy but

gives the registry keys to allow it to be locked manually.

HKLM\Software\Policies\Microsoft\Internet Explorer\Privacy!CleanHistory
HKCU\Software\Policies\Microsoft\Internet Explorer\Privacy!CleanHistory

in a hurry, so I cant dig anymore for a few hours but these should be the registry keys to modify to block history deletion in win7 home

No worries. My sister doesn’t even know her email address (her previous one from years ago is now invalid). I’d need to study this thread and have the computer in front of me to do anything. I’ll have to relay advice via telephone. (Talking! To People! :eek: )

Thanks for the replies so far.

I’ll just echo what drachillix said and expand a little:

You could remotely control the machine with something like Teamviewer.

If the computer is running Windows 7 or Vista, enable UAC.

I would suggest a layered defence model. First you have UAC enabled as above. Then you have a real-time antimalware scanner like Microsoft Security Essentials. Then you ensure Windows is up to date and is set to update itself frequently. Then you have apps like Malware Bytes and Adaware which you run regularly.

Make sure utilities like Acrobat Reader are up to date.

To install all these utilities in one fell swoop, go to www.ninite.com and pick from the list.

I’d really only be comfortable with a format and re-install. with rootkits the way they are, it’s really the only way to be sure.

'course, nephew or not, if I were you I’d have told him where to stick it the second he started demanding I buy him a new system.

Maybe I missed it somewhere, but how do you know for a fact that the computer has malware on it?

Properly cleaning out an infested PC is usually (in my experience) a fairly laborious process and is not simply click and point with an AV program as malware infestations are often fairly involved.

Re your nephew’s demands/requests I’d encourage you to stop being such a little bitch and just get the money together. He needs to play Minecraft!

My experience with “yuts” and new computers is that they click on everything. Then end up clicking on toolbars, scans, clocks, weather and anything else. A slow running computer without more obvious signs of malware may just be junked up with “stuff.” Someone has to go get that stuff and remove it. An anti virus program won’t help.

Minecraft is a Java program and runs just fine on Windows.

My grandsons play this all the time on XP machines.

Doesn’t run on their Android tablets though :slight_smile:

The vast majority of the time involved is waiting for scans to run. I regularly used to play wow while minding several “work in progress” virus cleanups. Most techs have a dozen or so tricks up their sleeve that can make it far less annoying. Also once you know where things like startup tasks and services are and what the common and or critical ones are, you whip through them in a couple minutes each.

Yep. System restore might do it but when we had a nasty rootkit last summer (under my daughter’s user, non-admin rights, which limited the damage) Malwarebytes didn’t find it. I wound up using ComboFix and some other utilities under the guidance of one of those message boards which provides support (possibly it was the Malwarebytes site itself).

I would definitely suggest that you (or the niece) see about setting up the computer with an admin user (to which he doesn’t have the password, preferably), and his own user which does not have admin rights. Depending on the flavor of Windows, there is some parental control / filtering available which should eliminate some porn sites, but that started causing a lot of issues with ours a while back (Windows Vista) and we had to turn that off.

Oh - and the shit with DEMANDING a Mac? Yeah… Get him a big one. From a certain Scottish restaurant.

Drachillix - how well does InPrivate browsing work in IE9 to

  1. prevent malware when visiting dodgy sites
  2. mask the sites visited

I have a nephew that likely visits certain sites that he shouldn’t using InPrivate with Win7 and I lack the knowledge to check.

(Twin boys in the teenage years must be a handful. My girls are 7 and definately a handful).