So, I’m in the process of doing some tech support for a friend. His computer is full of viruses and spyware, so I’m giving it the standard cleansing outlined in the wonderful SDMB Computer Sticky. Unfortunately, the computer has so little available virtual memory that it can’t even successfully run these rescue programs. I’ve been trying to end processes that I know are malicious, but they seem to just spring right back up and continue to suck memory. What do I do?
Assuming this is a Windows machine …
If you have the installation disks for the O/S and software applications, and the ability to burn CDs:
- Burn the data to CDs.
- Wipe the hard drive and reinstall the O/S and only the antivirus and spyware killer programs. Do not connect the computer to any network and/or the Internet.
- Check the burned data CDs for viruses and spyware. Make note of which files are infected. Make sure you periodically recheck the computer itself for viruses and spyware during this process.
- Copy the infected data files to a specific area of the hard drive and clean them. Once you cleaned all the infected data files, burn them to new CDs.
- Now reinstall the remaining software applications.
- Reconnect the computer to the network (Internet).
Finally, destroy the original data CDs that contained infected data files.
I’m not skilled enough to wipe the entire hard drive from outside the OS. Is there a good walkthrough on this somewhere?
It’s buried in the sticky but have you tried booting up in safe mode first, running all the scans/parasite removal tools that you can? That may provide a better environment for the first pass of your cleaning process.
Have you tried going into safe mode (tapping f8 during startup) and then running the anti-spyware stuff? Once you get a HijackThis log you can post it on one of the anti-spyware forums or even here.
I missed that in the sticky and hadn’t even considered it – what a marvelous idea!
Thanks.
-
-
- Most spyware processes only become active if there is an internet connection present.
So what that means in plain English is this: you have to download your spyware-removal and antivirus programs on another computer, burn them to a CD and then install them in the infected computer when it is not connected to the internet. Many people expect that they will just be able to use the infected computer to get online and download whatever they need, when that is very often a losing proposition. It works very slowly, and if the virus/spyware is a more-devious type, they will block that from ever completing anyway.
…Of course if you boot in safe mode then networking is typically disabled, and it accomplishes the same thing–but often just disabling the internet connection physically (disconnecting the wire!) is enough to make a big difference.
~
- Most spyware processes only become active if there is an internet connection present.
-