Please register or login. There are 0 registered and 1425 anonymous users currently online. Current bandwidth usage: 326.30 kbit/s December 16 - 07:35pm EST 
Hardware Analysis
      
Forums Product Prices
  Contents 
 
 

  Latest Topics 
 

More >>
 

    
 
 

  You Are Here: 
 
/ Forums / Windows XP, 2000, 98 /
 

  Odd Software/Problem 
 
 Author 
 Date Written 
 Tools 
David Tran Oct 28, 2014, 03:36am EDT Reply - Quote - Report Abuse
Private Message - Add to Buddy List Replies: 4 - Views: 1373
My friend has a computer which has an odd malware or setting, or something, on it. It's using Windows XP Pro SP3
There is 1 harddrive, split into 3 partitions. The other partitions don't look like they have anything odd, just some photos, videos, music, games, etc.

So the problem:

When I install a program, after reboot, the program is gone
When I uninstall the junk that's on here, after reboot, it's back
When I update the anti-virus, or Windows Updates, etc, after reboot, it's back to the initial out-of-date state
When I try to change settings, like turning on Windows Firewall, after reboot, it's off again

When going into Safe Mode, there's two administrator accounts (Administrator and lEt'sgO!)
lEt'sgO! is the default user that the computer uses when running Windows normally.
I've tried deleting lEt'sgO!, after reboot, it's back, and it's the default user logged on to.

During boot, there are 2 options, Windows XP, and a Norton Ghost thingy - no idea how to use it or how it works (couldn't understand a thing when I tried going into it to see what it was)

I updated Avast and it found 2 items, but that didn't change again.
Spybot Search and Destroy found various things, but nothing changed

I am now going through all the various tools I can find to scan the system (https://forums.malwarebytes.org/index.php?/topic/159381-malwar...wnloading/).

Will this work? Or is there something else?

I really want to avoid having to reinstall Windows, but if that's the only option, then I guess it must be done.

Any ideas anyone?


Want to enjoy fewer advertisements and more features? Click here to become a Hardware Analysis registered user.
Rhort Oct 28, 2014, 04:36am EDT Reply - Quote - Report Abuse
Private Message - Add to Buddy List  
>> .
Have you considered trying a System Restore back to either:

1. A point that you know to be before the issues started happening
2. The earliest available point (might take you back to just after the initial installation of XP depending on how you have your settings)

There should be no reason that this would fail to work. If, however, it does, you're probably looking at an XP reinstall :| Personally, I would suggest grabbing a replacement HDD and installing on that, then running some hard core Anti-virus/Anti-Malware/etc on the current drive before accessing anything on it.

_________________________________________________________________________________
~ The manual said "Requires Windows '95 or better" ...so I installed Linux!
David Tran Oct 28, 2014, 04:48am EDT Reply - Quote - Report Abuse
Private Message - Add to Buddy List

Edited: Oct 28, 2014, 04:48am EDT

 
>> Re: Odd Software/Problem
Hi Rhort,

Thanks for the reply - I also forgot to mention that System Restore is not activated.

I had actually just found further information and was about to add it -

My friend got the technician to, in one sense, lock the computer, because she was worried that her children may install random things by accident and ruin the computer.

Running the anti-malware program, they did find some malware and some registry edits - but even after deleting and fixing these things, every reboot still ends up being the same.

So I guess a fresh re-install (because I don't trust the technician either since locking up the computer like this, you can't even update your computer to keep it safe... let alone the fact that there's a lot of random junk software installed on it) is the only way to go, unless you, or anyone, know of a way to reverse this 'lock' on the computer.

john albrich Nov 01, 2014, 07:22am EDT Reply - Quote - Report Abuse
Private Message - Add to Buddy List

Edited: Nov 01, 2014, 07:25am EDT

 
>> Re: Odd Software/Problem
.
Keep in mind that if the suspect HDD is infected with malware, simply connecting it to any other computer could infect that computer as well, and even other computers connected via network to that computer.

The key will be isolation and tight control over the boot process.

You might try using a system on which only a CD/DVD drive and the HDD are connected, and make sure BIOS boots off the optical drive into a reliable anti-malware program/suite. Then scan the suspect HDD.

Or, in lieu of an optical drive, a USB drive could be used as long as you can boot from it. However...in that case the USB drive should be one that has NEVER been connected to a computer in which the suspect drive was previously connected. It's one reason in such situations it can be preferable to boot from a CD/DVD ROM drive (one that can't write to optical media) so one can be absolutely certain the malware hasn't had a chance to infect it's content as well.)

If you don't have 100% complete control over the boot and read/write environment, some malware is sophisticated enough to modify any anti-malware programs so that they won't detect/fix and/or even report the malware.

David Tran Nov 01, 2014, 12:31pm EDT Reply - Quote - Report Abuse
Private Message - Add to Buddy List  
>> Re: Odd Software/Problem
Hm... Thank you for the information John - I'll look into it, to boot from a CD (though I may need to go the USB route as their DVD isn't working, will double check it)

Is using a malware to do this something normal for technicians to do? To block various uses on the computer so that people can't mess up the computer? Then, if the user wants to update, then they get the technician to do it?


Write a Reply >>


 

    
 
 

  Topic Tools 
 
RSS UpdatesRSS Updates
 

  Related Articles 
 
 

  Newsletter 
 
A weekly newsletter featuring an editorial and a roundup of the latest articles, news and other interesting topics.

Please enter your email address below and click Subscribe.