Frank's Blog

And I thought I could avoid Windows Vista by using mostly Mac OSX and – for special things – my old XP.
Far away from this!
Not having totally finished the Thinkpad T61 story a mostly unusable Vista was given to me by a friend asking for help.
So, without promising anything I took a look.
The Windows started normally but then it stuck, neither explorer opens, nor task manager. Just the installed Symantec Personal Security Scanner popped up and found 42 threats, here are some of them:

Sorrily the application didn’t want to cleanup the system, it was just a kind of evaluation, for full power… please insert coin.
:-/
I tried to access the files as shown in the scan, but wasn’t able to even find the folders where they should be. Seems, they hide themselves very well. Anyway, I had a special, bootable cd for cleanups like this, it’s called desinfec´t (a project from the german computer magazine “c´t”), Therein are three virusscanner free to use: Bitdefender, Kaspersky AntiVirus and Avira Antivir.
Good moment to give it a try.

Although there is a grafical desktop there is just the need to doubleclick the programm icon which starts a menubased script in a terminal. I used the wizard to scan relevant files and found them:

~ition/7.5/Quarantine/0D840000/4FC621EC.VBN INFECTED Trojan-Spy.Win32.Zbot.ahwn
~STA/Users/user/Pictures/Setup_364s1.exe INFECTED Trojan.Win32.FraudPack.atdy
/media/sda1-VISTA/Users/user/Pictures/Setup_364s1.exe INFECTED

Reviewing the scanner logs I found an error with the Avira Antivir, it was not running. Doing a quick search in the magazines forum of the desinfec´t I found a solution (copying the avguard to the upper folder).
Next step was running the scan with placing the malware in a quarantine directory. You may ask “why not deleting directly ?”. Simple answer: I like to collect them to analyze them later.
Okay, the cleaning up ran through and after a reboot the Windows came up with “new features”. There were ducuments on the desktop ! The explorer came up, so the task manager did !
Ah, and also the Windows update wanted to install 17 updates, and later the service pack 2 and some more things.
Not to mention the new Java version or the installed Symantec endpoint protection.
I installed clamwin as free virusscanner and after a reboot I let it scan the whole disc, also the Symantec tool.
Both didn’t find any threats.
Cool.

Of course, there is always the risk that important windows system files are infected and windows cannot boot after the cleanup. This didn’t give me headaches for two reasons.
First, I did a backup of the user data before cleaning up (carefully with it, there were infected files within).
Second, there was a recovery partition of 30 GB to restore to factory defaults which didn’t seem to be infected (I ran scan on it also).
So after some hours of work (and let the laptop work) the system seems to be clean.
Oh, did I mention that I also install firefox and recommended it to the owner ?
Let’s see, if/when she comes back with new (or old ?) problems.