Nightmare of Noobish Proportions

Right.. where to start.

I went to a friends house (a good 40miles away) over the weekend to help him clean his computer up and getting it running smoother so his gaming experience was what it should be. But things took a turn for the worse when I was just making some final adjustments when a nasty little pop-up jumped up on the screen and right where i was clicking and all of a suddon life took a terrible turn for the worse.

I dont understand how or why, but all of a suddon things stopped working. My AVG anti-virus stopped, windows firewall stopped (ironic as i was just about to install him sunbelt personal firewall), ATI Catalyst stopped & the IE brower started going real slow. My first thought was, damn these pop-ups, now i'm going to have to restart the computer.

This turned out to be a bad idea, when i restarted the computer and it came back up I was shocked to find that I had lost access to the task manager, msconfig, the run command & the "Shutdown" button. After 4 hours or surfing the web and hunting for fixes i found that it could be a multi-attack or something like that. Anway, I proceded to download a long list of fixes and spyware/malware programs. So, now I had (all up-to-date) AVG anti-spyware (formerly a commonly used anti spyware name something like erwillo i think), smthfraudfix, spybot s&d, AVG anti-virus and a few others.

These fixes cured the problems, the main fix being hijack this (showed up the permission change for the run command). But then I decided that it would be a good idea to check that everything was gone, so i did another scan with spybot and it found quite a few virus and loads of trojans. Uniblue (they pop up a lot when im looking for answers to these problems, and when i look for program names that i dont know, the websites saying they are viruses link to uniblue and no other site says they are malicious) and some other nasty ones.

So, i left him with a well oiled, working computer, graphics tweaked and working great, memory optimized and looking healthy. But I get home and get a phone call from him saying that everything has just stopped working. He lost his BT yahoo! Broadband files and his connection has stopped working properly. He is back on the web now but it is very slow. He got the 60 second authority shut down thing, but i found out how to stop this auto shutdown. Problem is that he is running his computer with a virus or a worm now (the 60 second shut down would lead to me to believe it is the W32.Blaster.Worm but non of the programs they associate with it are running in the processes) and i dont know what to do to find or fix it.

It has stopped access to programs such as Teamspeak and Swat 4 (game) and probably more. We have now got Sunbelt(formaly kerio) personal firewall installed now to prevent communication of the infection. We have been advised by a few people to just do a clean install, the problem being with this is that my friend is new to computers and didnt know he had to burn off a master copy of the computer himself as he didn't get any cd's with the computer so we dont have a windows to do a new install. He is running an E-Machine with a restore partition but when i tried to run this restore program it asked for a cd and again, there were no cd's with the computer so this seems pointless unless i mis-read it and it is asking for a blank cd to do a back up but i dont see why? I will google this myself but if anyone has any info on this E-machines restore program and partition then please get tell me what you know.

I appreciate any help, suggestions and even just plain insults at how much of a noob we both are (we know, that is why we are asking for help) and i hope to hear back from you soon. Thnx

Matt "Monkey" Bailey

When you first tried to fix the computer problems (Deleting the virus etc) Did you do so from "Safe Mode" ... If you didn`t it is more than likely they reinstalled themselves at the next boot.

To get into "Safe Mode" try tapping thwe F8 key while the computer is booting. Also ensure the System restore is also switched off prior to removing them.

Providing the XP is legit and it should be with Emachines try running a full system scan here. http://onecare.live.com/site/en-US/default.htm It is a Microsoft site so quite safe. The scan will take several hours to complete.

At first, i must admit that no i didnt do it from safe mode. But i soon realised that windows protects certain areas/processes from being scanned, so I did all the fixes again in safe mode.

Thank you for that link, i will get it to him as soon as I can, but could you explain to me what exactly this scan does (not for any reason except that im really nosey)?

Thnx again.

It is the Microsoft security center ... a full scan will check most things on the pc and fix them at the end. It also improves the pc performance.

I tend to run a scan once a month ... normally overnight ... been using a computer for 18 years and never had a virus or trojen .. they tried but never got through

Great. I appreciate the help as well.

It was my fault though, I should have made it my first call of duty to get the firewall downloaded and installed when i got there but I did it all the wrong way round. I will pass the link onto him in the morning.

I just remembered though that he has a program on his computer called "Big Fix" as well, he is going to try that first, then the link and then we are going to the last resort if this doesnt fix it... buying the recovery CD's off a website:

http://www.gennersales.co.uk/recovery/emachines.htm

and do a clean install of windows XP (media edition). Then the first thing he will install will be sunbelt personal firewall, followed my AVG anti-virus.

Then there will be monthly reminders to scan, defrag and tidy his computer. Thanks again for all your help.

Matt "Monkey" Bailey