Malware removal and iTunes

My daughter’s computer (Windows XP) appears to have a malware infection, possibly multiple ones. At any rate, it is behaving weirdly.

The main symptoms (that I know about) are:

  1. General slowness.

  2. Firefox won’t start up at all. (She tells me it has been this way for a while, and she had been using IE instead.) I downloaded Firefox to do a reinstall, but when I tried to run it it said the install file was corrupt. I deleted that and tried to download again, and now it won’t download Firefox at all! (I go to the download page, in IE, click on the link, and nothing happens.)

  3. Internet Explorer has a MyWebSearch toolbar, which she denies wanting or having deliberately installed. From what I could gather from Googling, this is fairly harmless malware that can be uninstalled simply from Add/Remove Programs. However, after I did that IE refused to start up at all (leaving her with no browser). I did a system restore and got IE back, but it brought the toolbar back as well (if it ever went away).

Perhaps I should add, however, that she has McAfee installed, and it does not appear to be reporting any problems (she says she lets it run its regular scans), and I ran Windows Defender and did not find anything.

Anyway, whether this is a malware issue or just a case of Windows being f****d, I am strongly tempted to do a complete system reset. (Her system came with the Windows XP install files on their own hard drive partition, and I believe that one can use this to reset the system to its initial, factory state, wiped of all personal files and programs, but with a clean version of Windows.) She is concerned, however, about losing her many iTunes downloads. I do not know much about iTunes or how it stores its songs. Is it possible to just back up the files onto a flash drive, or are they DRMed against that? Alternatively, will it be possible and easy for her to re-download all the songs she has bought without further payment?

Thanks for any help.

Have you run Disk Cleanup and Disk Defragment lately?

The songs can be saved to any drive, but if they have iTunes DRM they will only play back on an authorized computer. If it does become necessary to wipe this computer’s drive, iTunes will not recognize it as the same computer, so your daughter will need to log into her iTunes account and authorize it.

Thanks. So I should save the files to a flash drive and then get her to reinstall and re-authorize iTunes before copying them back to her C drive? Is reauthorization reasonably easy (she has limited computer savvy, and I have no clue about iTunes)?

Well, no. I don’t have regular access to the computer and I am sure she doesn’t do those things. Perhaps it might help with speed, but could that solve the other problems I am talking about, like Firefox refusing to run or download? (She does have loads of hard drive space, so I don’t see fragmentation as a likely issue.)

Disk Cleanup and Defrag won’t fix the problem (I’ve been working on PCs for twenty years and have yet to see Defrag fix any problem).

The trick is to get Malwarebytes. Copy it to a flash drive, plug the drive into your daughter’s computer, and install and run it. It should fix the problem. If not, there are other tools.

It is rarely necessary to reinstall Windows to fix this.

If the temporary file folders are full, it certainly will causes problems with browsers and downloading. Disk Cleanup will remove that as a possible problem. I prefer to start with the easy stuff, and if that doesn’t work, move on to more complex solutions.

I see no reason to conclude he/she has a spyware issue.

I’m not sure if it’s exactly the same on Windows, but on the Mac version of iTunes there’s an “Authorize Computer” command in the “Store” menu. All she’ll need is her iTunes password. With any luck, this won’t be necessary anyway.

Didn’t you see the part where she has the MyWebSearch toolbar on the computer? That right there indicates a spyware problem. Especially as she doesn’t want it and denies having installed it intentionally.

And while that appears to be uninstallable from the Add/Remove programs screen, it’s dirty – it will reinstall itself after that.

I did overlook that. But there are other issues occurring here that are not consistent with MyWebSearch, which, while a malware to be removed, is not the most pernicious nor destructive variety in the wild today.

In my experience, computer-novice relatives & friends don’t have a single piece of malware infesting their computer – by the time they notice it and ask for help, they have several such on their computer. I suspect that is the case here – MyWebSearch is the only one noticed on this computer so far, but there are probably more.

Thanks people. I will clean out the junk and give Malwarebytes a try, and see if that does the trick before I go nuclear. It occurs to me that reverting the machine will involve me in reinstalling all the Windows Updates and Service packs, which is not a prospect I look forward to.

I must say, though, that I lost a bit of faith in Malwarebytes recently when it totally failed to spot an infection on my own PC that both McAfee and Windows Defender spotted. (Although neither of them could truly remove it. For that I had to boot into a CD based environment and delete files, and also edit the registry directly. I am hoping not to have to go through all that again on my daughter’s PC.)

Before you do anything drastic check to see whether this is simply a Firefox problem. I had exactly the same symptoms with Firefox and it turned out to be a corrupted profile, easily solved by uninstalling Firefox (remembering to tick the box to delete the profile too) and doing a fresh install.

You can, however, deauthorize the computer before wiping it. Or if you forget, you can do a “deauthorize all” on the account which means that any authorized computer will forget it’s been authorized, the next time it connects. You can only do this once a year, and I think it may not let you do so unless you have all 5 permitted computers authorized.

But yeah - you can definitely copy songs from one computer to another using a flash drive. Itunes also has its own backup utility which burns CDs of the library (all, just purchased, stuff just purchased since the last backup) which works pretty well. I’d try restoring from that to another computer before you wipe the old computer, lest the existing malware cause that to be hosed somehow also.

If you do need to go medieval on the computer, there are some hints here from when I had to do this a few months back.

My experience wound up being a success all around. Things that had not been working (e.g. itunes updates, Palm desktop updates) worked perfectly.

I think the hardest individual thing was getting the kids (and Typo Knig’s) email accounts ported over - Thunderbird does NOT make it easy to figure out how to do that!

It’s extremely easy to re-authorize - double-click on the file to play it within iTunes. It’ll pop up a window saying your computer has to be authorized to play this file. Input her itunes account email address (it might prepopulate that) and pass word - and instantly, everything tied to that itunes account will work.

It’s extremely easy to re-authorize - double-click on the file to play it within iTunes. It’ll pop up a window saying your computer has to be authorized to play this file. Input her itunes account email address (it might prepopulate that) and pass word - and instantly, everything tied to that itunes account will work.

In addition to copying the files, I think she’ll need to “import” them into iTunes to get them recognized. That’s also easy (menu option). There may be a way to have that happen automatically by simply copying them to the correct directory but I can never remember that method.

Thanks, I will try that too. Would it cause the downloads to fail though?

Thanks for the advice on iTunes authorization too. I don’t think she uses iTunes on any other computers (just possibly one other), so it shouldn’t be a problem.

In addition to the previously mentioned Malwarebytes, you will probably want to install and run CCleaner. It will remove all of the garbage and temp files that have built up as well as the detritus that collects in the registry. The file cleaning and registry cleaning are two different options so make sure you run them both.