Main Area and Open Discussion > General Software Discussion

Fixing an XP Laptop, when to give up?

(1/3) > >>

nontroppo:
I have a friends laptop who recently suffered a trojan attack (I suspect via an IE popup and user click but they are not computer literate and are not clear how). The thing was running only NOD32. It appeared to disable NOD32 (yikes!) and wireless stopped working (unintended side effect, NDIS user I/O is broken); system restore did nothing. I installed Comodo firewall just fine, and outbound attempts were coming from IE, which I locked down. As NOD32 was inoperative, I used autoruns to scan for anything in startup / services / IE helpers. Nothing. Process explorer shows no new process running. Rootkit revealer gives me reams of data but I don't have time to deal with that. Trying to reinstall NOD32 causes the installer to fail whenever it tries to copy the NOD executable to the install directory. Installing elsewhere does not fool it. Spybot fails install too, only teatimer.exe installs but disappears on reboot. Adaware installs and claims to clean one trojan, but the OS still can't install NOD after a reboot. AVG, Avast, Bitdefender, Antivir - none of them can install. Avast at least ran a system scan on reboot, cleaning three trojan files, but its windows executable disappears as it boots into Windows. Comodo's BOClean installs and claims there are no problems. What a mess, and a pretty scary testament to the ineffectiveness of security software.

Anyone have any other tips before a full HD wipe (this is a favour and I can't waste huge amounts of time on it), I suspect that somehow permissions have been reset which is why antivirus exe's can't install but permissions of directories look fine in explorer.

nudone:
i'd jump to the clean install as you may just keep finding one more problem after another trying to sort out the current situation.

a reinstall will probably be the quickest solution - and the one that will give you peace of mind. i've known problems that were fixed for friends only for them to tell me they'd reappeared a week or two later - not having done a complete reinstall to solve the problem just made me wonder if the problem had never been fixed OR was it their actions bringing the problem back.

best to cover you own back and know how things are for sure i'd say - wipe it and reinstall.

justice:
threatfire behavour blocking  -- http://www.threatfire.com/
it's a new program so might not be blocked yet. When active it blocks program based on behaviour (threatfire is the old Cyberhawk).

Apart from that you can look at housecall's online virusscan (although it downloads itsself through the browser)

I would recommend a clean install too though after any trojan attack, you don't want it to come back and its hard to tell when its really gone. I used process explroer to remove trojans by looking  at the dll handles of explorer etc but it still returned somehow.

Ralf Maximus:
best to cover you own back and know how things are for sure i'd say - wipe it and reinstall.
-nudone (November 19, 2007, 07:18 AM)
--- End quote ---

Yep.  Nuke the site from orbit; it's the only way to be sure.

nontroppo:
Ok thanks guys, nuke it will be. This I have to say is the best reason i can ever think to upgrade from XP to Vista for normal users, it is worth losing 50% performance for. I know users have some responsibility for keeping safe, but the level of threat and the ineffectiveness of security solutions for XP for users who don't really know what a trojan is is frightening.

Bah, and why the hell did MS shutdown Autopatcher!

Navigation

[0] Message Index

[#] Next page