When a PC gets that bad the best option is to start again with a clean install, having first booted from a USB stick to get important data off, or what's left of it.
Windows Defender Offline: For PCs too hosed to go online
Microsoft has released a beta version of its Windows Defender antivirus tool that works even when computers are so badly infected that they are unable to fully access the internet. The program allows users to boot their sick machines from a CD, DVD or USB flash drive and use the most up-to-date definitions to fight the …
-
-
-
Monday 12th December 2011 10:31 GMT Fatman
clean install
I once saw this badly infected XP box with a BSOD, and the words 'Nuke Me!" scrolling on the screen.
I felt sorry for that PC, so I inserted an Ubuntu Live CD, and dis-infected it.
As I booted it from the hard disk for the first time, I saw "I am one with the Penguin" appear on the screen just before Ubuntu loaded. Infection cured.
(/satire)
-
-
-
Monday 12th December 2011 12:57 GMT Wize
"When a PC gets that badly infected its time to install a copy of Linux and move on."
When average Joe User installs Linux on their own machine, it will be the day the internet will be flooded with Linux viruses.
Remember, the average user won't have locked down the machine as tight as the experienced Linux user and will probably click on all those fancy popups and 'install me' links.
-
Monday 12th December 2011 19:52 GMT Anonymous Coward
@ Wize
"Remember, the average user won't have locked down the machine as tight as the experienced Linux user and will probably click on all those fancy popups and 'install me' links."
No, that WILL NOT WORK. You may (unlikely) hose the user account but the system files will not be replaced by malware laden fakes.
Why don't you people understand? NOTHING IS EXECUTABLE UNLESS YOU MARK IT AS SUCH.
Just having a file extension of .exe does not mean a damn thing on Linux or UNIX. Try to get your head around that.
-
Tuesday 13th December 2011 13:37 GMT Wize
@Craiggy
First of all, remember that not everyone uses Linux, so shouting and complaining that people cannot get their heads round something that they have probably not come across before is quite redundant.
Anyone who has helped relatives clean the spyware and viruses off a PC has seen countless programs downloaded and installed. It used to be fake copies of programs like bejeweled containing trojans but now there are 'boost your crops in farmvile' type nonsense around.
Having to click a few buttons extra to install won't stop your 'average' user with a set of instructions in big friendly letters beside the download link. Giving it rights to run as root will be part of it. Some will just do it. Others will with a bit of technobabble thrown at them.
A question to the people who think Linux is 100% idiot proof.
With key presses/mouse clicks from the person who installed the operating system, is it possible to run a downloaded program with full root access?
-
-
Monday 12th December 2011 16:35 GMT Anonymous Coward
Agree, clean rebuild even if it means...
...data loss because people are too lazy to have backups.
I too get called when friends and family PCs get infected. However, even when I think I can recover the PC I tell them it means a rebuild and if they don't know what data to backup then tough luck, I just format and re-install. The beauty of this hardline approach is that now my friends and family take far more care when it comes to downloading files and clicking on links they are unsure about. No pain, no gain.
-
Sunday 11th December 2011 21:33 GMT Si 1
Yeah starting again is usually the best option, especially if it's your own computer, but I recently had a problem like this with my aunt's PC. It had one of those anti-virus viruses that blocks all internet access except access to their site to buy their fake anti-virus product.
While I could have suggested a full re-install, she hasn't got a clue what files need backing up or where she keeps them on her computer and so I would inevitably get the blame for not backing up everything properly. Plus there's the onerous chore of waiting for her wheezing P4 to reinstall everything (assuming she can find the discs).
If MS can release something that will clean a system up to the point that I can get back on the internet and download other clean-up tools I think it will be my preferred route... because I'm lazy like that. ;)
-
Monday 12th December 2011 10:49 GMT Scorchio!!
Certainly it's not a good idea to mend what is broken. I keep images on a LAN drive, I keep them on backup drives that are not connected, and I have a number of Swiss knives in the form of bootable CDs and USBs. I tried the Acronis (Linux) confection, putting it on a USB which can live update. As has been mentioned elsewhere - possibly here also - it's good to rehearse strategies, but the only real test is a genuine emergency with a genuine infection.
-
-
Saturday 10th December 2011 01:08 GMT b166er
I hope this is a WinPE variant and we can therefore use GMER, TDSSKiller, ComboFix, MBAM, Rkill etc.
If it is, we can also take an image with ImageX.
AC #1 The only time I give up, is if there's a persistent rootkit that the above tools won't remove.
You could flash the BIOS, replace the MBR and start again, but I usually say nuke the fucker from orbit at that point.
Lately, it's been a great excuse to get some customers who desperately need it, to buy new PC's :D
-
Sunday 11th December 2011 21:10 GMT Anonymous Coward
If you will nuke it
If you've got users that are that much of a liability with the Internet, I think it's high time they were given a Mint pendrive and told it is a new version of Windows. It's not like they will know any better and it's going to save you/them an awful lot of heartache cleaning up after them by the sounds of it.
-
-
-
-
Monday 12th December 2011 01:35 GMT J. Cook
@Eddit Ito: boot into DOS...
I don't care if it boots into OS/2- if it'll clear off the bugs that are infecting the system and restore at least minimal functionality, or let me copy the files off the system onto a temp drive for later restoration, then it really doesn't matter what OS the offline boot runs.
-
Sunday 11th December 2011 21:12 GMT jake
Gawd/ess. The mind boggles.
Even Apple's OSX can go into single-user from the console to fix shit.
Earth to Dave Cutler, are you paying attention? I still run TOPS-10 and -20 on vaxen for a few clients ... but personally, I'll stick with Slackware & BSD (occasionally ecomstation) for the duration :-)
-
-
Tuesday 13th December 2011 09:43 GMT jake
@robj
I was at SAIL, and a DEC intern. We did weird stuff ;-)
Yes, today it's under emulation (Linux based, both on Celeron powered headless laptops with 256Megs of memory). One system runs about fifteen acres of greenhouses. The other runs a largish machine shop. The code I wrote over thirty years ago still works, and we see no reason to update it.
-
-
-
Sunday 11th December 2011 21:12 GMT koolholio
Jokes that aint funny!!!
You're joking, Microsoft would never think of a wise way of removing rootkits that they arent able to prevent in the first place! and definately never as technical as GMER, ComboFix, TDSS/TDL removal tools or even as simple as a portable edition of SFC with a cache folder
As for the EEPROM on the BIOS, or the MBR, well thats just asking for trouble if Microsoft were to incorporate that, no one would ever put their head on a chopping block.
Booting from removable media, provided you dont accidently boot into the OS and during its boot process it infects or corrupts the only removable media copy you have access to.
One word that I predict, I think the picture says it all...
-
Sunday 11th December 2011 21:18 GMT R 16
wasted time
It doesnt matter. Viruses disable antivirus. So what is the point of having one that would work when you cant get online?? Windows Defender wouldnt even work if the virus was strong enough to take the pc offline.
I would say you have a 1 in 100 chance of a computer actually being able to open Windows Defender if the virus was sophisticated enough to disable the internet. It would have already taken out Windows Defender.
-
-
Monday 12th December 2011 01:35 GMT Steven Roper
Erm...
Go and have a look at your local public library sometime. I know it's probably been at least a decade or two since you last visited it, and you might be surprised at some of the changes that have taken place since you were last there back in 1992...
There's also these shops called "Internet cafes" that now exist in most cities and towns, you might want to look one up near you and check out what they actually sell besides shitty coffee! ;)
-
Monday 12th December 2011 11:23 GMT The Original Ash
Trust a public computer, eh?
I've put an SD card into a photo kiosk before, and it came out with an MMO-credential stealing trojan. I wouldn't put anything into a public computer and bring it back home without it first being sheep-dipped, and if you have a computer to sheep dip your removable media, you can use that to disinfect the hard disk of your other machine.
-
-
-
Sunday 11th December 2011 21:25 GMT ZenCoder
Might save me some effort.
The best option isn't a clean install, its restoring from a recent full system partition backup, followed by extracting and disinfecting the user's files from a backup of the infected made prior to the restoration. Better yet the user has an external hard drive and software which syncs their personal files on a regular basis.
Unfortunately what I normally see is someone with no backup, who has critical software installed which cannot be reinstalled because they can't find the discs, and needs their PC up and running in about an hour because even though its been unusable for a week they waited until the day before their work assignment/homework/whatever is due to take care of it.
I normally try to boot into safe mode with networking with a fresh download of malware bytes on a usb stick. If that doesn't work I pop the drive into an eSATA dock and clean it up with from my PC.
Hopefully this will work in situations where booting from safe mode isn't an option or where I don't have access to a 2nd computer and the right adapter to connect a drive to it.
-
Sunday 11th December 2011 21:29 GMT John Tserkezis
I can't believe they offered this as an "option".
Perhaps it's just me, but if you're going to disinfect a box (or at least try), the *FIRST* thing you do is take it offline.
Bitdefender? Really? Your box is hosed to the point it can't connect and Bitdefender is going to save you? Good luck with that, as the saying goes.
-
Sunday 11th December 2011 21:36 GMT Doug Glass
Ubuntu
I was asked to help a friend with a computer so badly eaten up with malware it was essentially a non functioning boat anchor.
Booted using an Ubuntu LiveCD, copied off his data files, wiped his C: drive with GPartEd, zero-filled the drive with the maker's software and reinstalled his OS. Took maybe an hour.
It's just a waste of time to try and repair some computers.
-
Monday 12th December 2011 01:36 GMT Anonymous Coward
Astounding ...
It amazes me that people (especially those who call themselves IT experts) even accept or tolerate this sort of nonsense in the first place. No OS should be so defective by design as to even need this constant attention and mollycodling all the time, far less so *constantly* demand it. And Windows fans actually just shrug and regard this a a minor, quirky feature of their chosen OS -- and utterly fail to understand why this is -- babbling on instead about "market share" or "Windows has these problems because its so 'popular'"!
Microsoft needs to get acquainted with the idea of a *nix-style file system, users, groups, permissions and the true meaningful definition of the word "executable" in proper context -- then do some actual software engineering instead of popping out these useless, palliative measures which just annoy the user in the end and in the long run never even attempt to cure the underlying malady. It might "break" backward compatibility (actually I don't believe that) but would instantly cure a lot of the recurring problems associated with Windows. I speak as someone who has and still does write software for Windows and have done so since 1993 so it isn't even as if my opinion here is entirely baseless. This isn't MS bashing. I'm simply stating a fact.
If it were any other product other than software they wouldn't be allowed to sell it. It would be classed as dangerous.
Why so many people still go on just blindly and unquestioningly accepting that this product behavior is even remotely *normal* in software -- and then spend so much unproductive time patching and re-installing their crippled OS is utterly beyond reason. Its simply nucking futs!
Einstein, I think, said anyone who keeps doing the same thing over and over again, expecting a different outcome is insane. Gosh, it must be true.
-
Monday 12th December 2011 10:33 GMT Snapper
Could not agree more!
Windows users have been guilty of accepting Microsoft's marketing that 'every' computer system has viruses and that they should pay again and again for keeping their machines secure.
If Microsoft hadn't thrown in the towel security-wise decades ago, the whole computer security landscape would be utterly different, and people would gasp in amazement at the thought of a new virus, just like they still do when some security company tries to insist that there might be an Apple virus 'real soon now'!
-
Monday 12th December 2011 19:52 GMT Boris the Cockroach
Most of the trouble
has been caused by 2 m$ decisions
1. no seperation of user space and root space
2. embedding the browser in the system so deeply that any flaw in the browser becomes a way to infect and destroy the os.
I'd still like to know what the design justification for having the browser be able to run OS parts such as SVChost to read data attatched to a web page that runs a virus capable of accessing all files on the PC, not just the ones belonging to the current user.
That little 'improvement' to my system cost £60 to have fixed as well as 3 days downtime.
Thank gawd for the linux partion I could use to scrape all my non-infected files off the doomed windows partion.
-
-
Monday 12th December 2011 10:58 GMT Ian Ringrose
I have often in the past be asked to sort out friends and family PCs when they don’t have the OS disks – people just can’t see to understand that the “un-interesting” disks that come with a PC are of value!
They also often believe that there life depends on some fee game that they have downloaded from the internet, but don’t know where it come from – very likely some of these got them into the problem in the first place.
So a reinstall is often not an option!
I am starting to like closed systems (e.g. the IPad) a lot more!
-
Monday 12th December 2011 11:24 GMT graeme leggett
And these days...
Where are the install disks?
Either its on a partition on the already defunct computer or the user was supposed to make a DVD after setting it up for the first time.
Most people, ie the ones that need the help in the first place:
don't make regular backups of their data
don't know where their software install disks if they ever had any
don't know where their licence keys are (probably in an email on their computer)
can't actually remember all the programs they had installed.
have lots of websites with "remember me" ticked and haven't written down their logons (though they probably all use the same password)
have a desktop setup that is like an old friend to them.
In which case getting the ailing PC back into operation sufficiently that these things can be located and backed up before doing a reinstall is worth an attempt if the user/customer is happy with the time it will take.
-
-
Monday 12th December 2011 16:33 GMT Robert Jenkins
Microsoft years behind as usual.
As others have said, there are already some very good, free tools for cleaning badly infected machines offline.
My favorite is the DrWeb live CD - that's assisted in repairing several machines people have brought me that would otherwise have needed a re-format.
I wonder if the Microsoft one will actually disinfect executable files, or just delete them & finish wrecking the OS itself, as so many typical antivirus programs do...
(Another reason to like the DrWeb one).