Utterly Boring dot com

That's a messed up system

A co-worker of mine wanted me to look at her computer as she complained it was running really slow and had a bunch of "illegal stuff" (they were windows Illegal Operation Errors) and had a bunch of porn pop ups.

After running SpyBot and AdAware, I found there were about 450 (no joke) entries found between the two programs. Ran AntiVir XP, found another 90 files infected with about a dozen different trojans. Ran Windows Update (which had downloaded all the critical updates in the background, but nobody bothered to install them) and got everything up to date, and now have an AV program running in the background (she had McAfee, but it was disabled for some reason). She already has a firewall on her dial-up setup (she's not on broadband -- thankfully, or this would be much worse), so I'm leaving that as is. I also told her to not let her friends touch the system, as she claims her boyfriend's friends were downloading porn or something. Based on the types of dialers and such that were on the system, I told her to keep an eye on her phone bill to make sure these things weren't "calling home". It was a mess.

But I have to say, in all my time that I've been working on systems, this is the messiest system I've ever come across.

Update on 1/14: Oh man is it so messed up.

OK, so I spoke too soon. I thought I had it all cleaned up, and life was good. Ran two different anti-virus programs and three different anti-spyware programs over and over, and the system came out clean. So I plug back in the 'net connection to install the various MS Office updates. Just for kicks, I ran SpyBot again, and it starts finding more stuff. "Oh crap" I thought. I look at the network activity in the XP Task Manager, and every few seconds, there'd be a large spurt of activity. I throw a packet sniffer onto the system, there's piles of HTTP requests going out to nasty sites and they're coming from explorer.exe.

Lovely.

So I open up the previously-emptied MSIE Temporary Internet Files folder, and the thing is loaded with cookies, graphics, and a whole ton of other crap.

From that I can tell, somehow explorer got over-written or hacked to include a virus that "calls home" the minute it finds an Internet connection. It's a mess, and every time the anti-virus software says it's cleaned it, it comes back and starts doing stupid crap again.

So what next? A reformat. There's no personal data left on the system as viruses gutted the My Documents folders for both the users on the system. So this weekend I'll be doing a low-level format and then use Dell's recovery disk to reinstall everything.

Man, what a mess.

Posted by Jake on 01/14/04 @ 05:45 PM
Posted in Geekdom | Permalink



2 Trackbacks

Where The Hell Did That Come From? from UtterlyBoring.com on 07/03/06 @ 04:18 PM:
I've written here a few times about the various times I've removed malware from various computers. Generally you don't hear about me actually having it on my system because I... (Read More)

"Why Is My Fan So Loud?" from UtterlyBoring.com on 02/11/07 @ 10:41 AM:
I do a lot of tech support during my day job, handling all sorts of random problems. I've posted about various spyware removal jobs I've had to do, along with... (Read More)

What are you doing down here? Don't you have something better to do? Like Go Back To The Top of the page, or even see who created this site? This site is © 2001 - 2017 by the Utterly Boring folks at UtterlyBoring.com. Steal my content, as I probably did, too, just link to my site or the original site. Batteries not included. One size fits all. Not for off-road use. Not for internal use. Do not taunt Happy Fun Ball.