Some days ago one of my web clients calls and leaves and interesting message on my phone. He says that his hard drive has crashed and he’s lost everything that was on his C drive. The message asked me to call him as soon as possible.
by Tara Hunt via Flickr |
Of course by the time I got that message it was late, and I knew he went to bed early. I called him the next morning and throughout the day, as it was Saturday, and never reached him. So I sent him an email, which I knew he’d get on his phone, and told him to reach me Sunday. He did, we talked, and he brought his computer over and left it with me.
The first thing I did was to hook his computer to my monitor and other stuff. Then I disconnected my wife’s computer from the network and booted his up because I wanted to see what it would do. It booted up just fine, and when it was loading suddenly I saw this message saying the C drive had been compromised, and that he could buy some product to help fix the problem.
I’m assuming most people reading this blog know this already, but he had malware on his computer. The reason I disconnected my wife’s computer from the network up front is because I was betting he had malware. There’s no such message ever telling anyone that their C drive has crashed; it just doesn’t work that way. If it had crashed the computer wouldn’t boot up, instead emitting these little beeps that drive someone like me crazy because of their pitch.
How did he get the malware? I have no clue, and neither did he, but often I see this type of thing when someone goes to a website that’s been compromised, they get an initial warning saying something might be wrong with their computer and to “click here” to check it out, and there you go. The uninitiated will fall for it almost every time, and my client would truly be considered one of the uninitiated.
The trick then is to get rid of the malware. His computer couldn’t access the internet, as figures, so I went to my laptop and downloaded a copy of ComboFix, which works wonders with XP computers; there’s no equivalent yet for Vista or Win 7so I’d have had to do a search on how to get rid of it for his particular issue, but for XP ComboFix is the way to go. I loaded it, then it went online to look for updates and it was ready to go.
What you’ll sometimes see is it saying you have some kind of scanner or virus program running. In this case it said he was running Microsoft Essentials, but I know I’d turned it off and I’d also disabled it under msconfig, and rebooted before running the program, so I knew it wasn’t running. ComboFix will still run, but it’ll tell you that it might not work as well; so be it. The program will create a restore point, then do its job, which could take awhile or it might work fairly fast. In this case it took about 25 minutes, but it killed the malware.
The next thing I did was install CCleaner, which a few people mentioned in my post on clearing out browser history, and ran it in both ways. By that I mean I first ran it to look through all the browsers on his computer to clean things out. Good thing I did because it discovered two dormant viruses that it took care of. Then I ran a registry check and it found over 1,300 bad entries, which I cleared up and then ran it again to fix whatever was left.
After that I added an antivirusand a firewall. Thing is I thought I’d added it to his computer last year when I repaired it, then remembered that this was actually a new computer of only a few months that I hadn’t seen before.
What are the lessons here? One, if you get a warning on your computer and it’s not from a program you know you’re running, don’t click on it. Two, if the message belies the action, such as a message telling you that your hard drive has crashed and yet you’re computer is still running, it’s malware. Three, at the very least disconnect your computer from the internet (if you’re running cable like I am) to help keep things under control. Four, make sure your computer has antivirus and firewall protection.
Oh yeah, a number five; if you go through something like this and have to ask someone else to fix it for you, ask them to clean things out while they’re in there and don’t gripe about the price, since you should have asked up front what it might cost. Even though I didn’t just sit there watching stuff running, it did end up taking me 3 1/2 hours to clean out all the junk on his computer, including all these programs that were automatically running because they’d inserted themselves into his start up files, large temp files from software loads, etc. When he got his computer back that sucker was once again humming like it was new.
You’ve got to protect your hardware; you probably need your computer more than you think you do.
it’s a shame that most of the people who work on computers cannot handle their things. They don’t need to be nerds but the basic operation instructions should be known by them. And then maybe they wouldn’t be shocked when they see a malware on the screen:)
Cindy, I think it all comes down to what people care about noticing when they’re on their computers. We’re all kind of focused on our own thing, and few of us take the time to question why something weird happens. Lucky for me, I do.
A familiar story to many I’m sure, well worth you pointing this out for people. I have found Spybot Search & Destroy works well in these situations and it’s free too.
Matt, the problem was that in the past I’ve never been able to get any malware programs to run once malware was already on the system. This time around I didn’t even bother trying again because of history. After the face Spybot’s not so bad.
I do troubleshooting for friends now and then. What works for me is this– I have a usb boot installer for linux. I run the OS without installing, then run antivirus. Works all the time.
Kevin, I’ve never run Linux or even seen it believe it or not, so I wouldn’t even have it in my mind to try to use it. One of these years I figure I’ll see it in action.
Hi Mitch,
thanks for this story and for all your advices. I think that people who already use computers should take better care of them, concerning malware and all those malicious things. I personally, take a lot of care, i have antivirus programs, firewalls…hahaha…nothing can beat me 😉
Well Eleonora, it could beat you, but it’s much tougher with protection. Good for you. 🙂
I know how time consuming it can be trying to fix computer problems, especially when you’re computer dumb like I am. When I get rich I’m going to just hire a full time IT person to just tend to my computers.
Lee
Tossing It Out
Lee, when I get rich I’m going to have a full time masseuse on hand. 😉
Most likely, your client have had a virus. Malware wont block hard drive, in worst scenario a malware/spyware would feel the system cache and will lead to low memory, delay and freezes. A perfect combination is always antivirus, firewall (not the windows one) and mix of adware. Good combination of free software could be – Avira Free, Comodo Firewall, Spybot and Malware Bytes. When infected computer is scanned with all this and it shows clean, then it is definitely clean. There are some pretty smart combinations for malicious software – a malware or trojan download a virus and a virus download rootkit. This makes cleaning quite complicated as in most cases the exact software that can clean all this get blocked, but again it isn’t impossible.
So everybody must be aware of that and be prepared and have reliable software or package installed.
Carl, I know it was malware because of what was showing. It didn’t block his hard drive at all, just tried to get him to buy something he didn’t need. I tried Comodo and I think for a novice it ends up being a bit too complicated. I like Spybot and Ad-Aware at different times. I’ve never heard of the other two. Every once in awhile I’ll download the latest version of Stinger and run it just to see what’s going on.
Previous versions of Comodo were targeting ultimate security, asking for every application that try to access Internet. The latest one is really superb and work out of the box. Well, sure the is no perfect software that can protect PC, but with a bit precaution and good defense most likely just parts of virus/malware/adware can land to computer which may not cause much or any damage. Since 1996 my PC was crashed only once by virus and it was my fault, because I’ve tried to delete infected dll file manually, however at that time there was not enough information on Internet and anti-virus companies could be counted on one hand fingers.
Carl, it’s been awhile since I had a virus, but I always try the easy stuff first before going through all the motions, which I’ve also done in the past. Getting rid of that stuff can be a nasty proposition, which is why I’m glad I learned it because it’s paid me in fixing other people’s computers here and there.
I do also troubleshooting for myself and my friends but from time to time it becomes exhausting.
Radu, that’s why you have to be willing to charge something, so they appreciate you and you don’t feel like you’re being taken advantage of.
A bit of knowledge can certainly help you keep your PC clean, unfortunatelly most family and friends computers that I look at are just asking for trouble. It’s surprising how few have an upto date virus program installed or a firewall, plus most people I know will click on anything their computer tells them to.
I run avast antivirus (which is free) and have installed that on many friends and family’s computers, they’re really pleased when they realise they don’t have to fork out for something like Norton. On my PC I also run Sandboxie which creates a virtual environment for running applications or browsing.
Good stuff Beth. You know, I used to be surprised by how many people didn’t have either antivirus or a firewall, but when you see it over and over you realize that it’s probably more common than you’d hope it would be. I guess it’s like a car; if no one told you that you had to put gas in it you’d just drive until it stopped. lol
Glad you highlighted CCleaner Mitch; my favourite program when it comes to clearing out browser history, and the history of numerous programs. I also use the register cleaner of CCleaner – although it tends to take 2 runs before it clears all the bad entries. I must have used it one hundred times or more, and it has never damaged my Windows installation.
Same here Richard, though as I said, I always seem to forget about it. Probably need to add it to my quick launch toolbar one of these days.
Unfortunate I am one of those dumbo who have this experience. We all learn from our mistake. Thanks for sharing. I learnt something again today.
No problem Gordo; I hope it helps you out in the end.
Spyware and trojan horses can affect how a computer works in so many ways and that’s why we should make sure that our computer is always put at good health condition. Thanks Mitch for this awesome post 🙂
Thanks Olawale. Sometimes we need to be reminded of stuff we already know something about.