Monday, May 20, 2013

Virus Removal: Part 2

Well this is part two, which is unfortunate. As I feared might be the case, we did not get all of the viruses on my relative's computer (see part 1). The next morning after I turned controls back over to my relative, we got a call. Something called Amazon Cloud Drive came up.

Well I can handle this, get in the car and drive over. Turns out Amazon Cloud Drive is not the problem, not even close. Some "mysterious" entity had broken the internet and the sound drivers. More snooping, the Windows Security Service that handles firewalls and such things (I gathered that is what it did) would not launch. Things were going haywire. Well fantastic.

Not having time to deal with it just then I kicked off a virus scan and left. On the way home I made a quick call to my brother. Though it is not his field, he has more experience at virus hunting than I do. He was quite encouraging (NOT). Basically, he suggested the problem was what I had already suspected but had not wanted to concede. He decided it was likely that she had a rootkit.

Well that is bad news. Malwarebytes had "removed" rootkit.0Access the day before, but at this point I felt pretty stupid for believing I had beaten it. His suggestion, reformat the drive with an external program and rebuild the computer from the ground up. "Scorched earth." Right. Well I had not conceded that fully yet.

1. Run Malwarebytes Anti-rootkit BETA. I don't work for them. I promise. I just happened to have seen this feature in the previous days and tried it ( from safe mode). It found a rootkit. I "removed" it. Yeah. Right.

2. Run Bitdefender Rescue CD. Well the Trend Micro rescue disk didn't find it last time, but we'll try it. It booted from Linux and scanned the drive. Interestingly, the internet works when booting from Linux. Yep. Virus.

3. Restore System. After much deliberation it was decided that we should restore the system. This basically resets the computer to an image on a hidden partition of the hard drive. Even if we got the virus, the internet and sound drivers as well as who knows what else were hosed. Yes we probably could fix it, but all she does is use it for email and news. We'll just restore it.

We tried to do this through Windows. No dice. Next, reboot and hit alt-f10 to do it outside of Windows. This took several tries for some reason, but eventually we had success. We did the one that saved her documents. For those that are wondering how long this will take (like we were), it took over an hour.

4. Reboot and reassess  Everything that looks good. Reinstall all the antivirus software. Scan the Backup folder where all her old documents were stored. It found something. Delete that and scan again. Then full system scan.

Now we put the computer back together again and hope for the best. Here's to hoping there is no part 3.


No comments:

Post a Comment