Spyware and Virus got you down? Well, I mean - got your computer down? Look no further.....
Search For Spyware and Virus Related Help

Sunday, December 18, 2005

Saturday, December 17th, 2005

Yesterday I got a call. The problem: client could not open QuickBooks nor print from any application. The computer: Dell Inspiron 5100 - laptop, dialup connnection. No firewall running, AVG AntiVirus not updated, Windows running SP1 only!!!

I logged on under the default user - no password protection. After Windows came up I began to see SpyBot Search & Destroy warnings popping up stating that uwtrevuxuunh.exe was trying to add itself to the startup menu. A quick Google Search resulted in no information for that particular file. As I denied the action another would popup, each time changing locations as well as file name. The CRASH!!! - Memory Dump error – blue screen!!

I booted to safe mode using F8. I was able to log in under the admin account.
Started Microsoft AntiSpy – found 148 registry keys infected, 43 files and 19 different viruses, adware and spyware running. A few of the culprits were:

- Rbot
- Delfin.Media
- Adware.PEDev
- SdBot.tsecure worm
- 180Solutions Search Assistant
- Media Motor
- Ist.SideFind
- WebHancer
- Shop At Home
- Trojan.Startup.NameShifter.BT

Removed all of them.

Rebooted, same SpyBot warnings. Ran AVG AntiVirus – blue screen error - CRASH again!!! IRQL_NOT_LESS_OR_EQUAL was the specific error.

Rebooted to safe mode
Ran msconfig edited the startup menu - removed 3 entries
Ran AdAware found – 40 items

Ran SpyBot Search & Destroy - found 42 problems including registry settings to disable AntiVirus, Firewall, SP2, etc…rebooted

Ran in safe mode – removed Temp Internet Files, cookies and history
Ran AVG AntiVirus – no infections found
Turned on Automatic updates
Ran SpyBot again – found 10, removed 5, needed to reboot to remove others
Rebooted – SpyBot ran found 16 problems – removed 10
Rebooted – still getting errors
Rebooted – msconfig – removed 1 entry
Rebooted – blue screen
Last Known Good Config – rebooted – errors
Booted to safe mode installed updates for Ad-Aware and SpyBot
Ran AdAware – found 87 problems removed
Ran SpyBot – found 20 – removed 16 – 4 resident in memory must reboot
Rebooted – SpyBot ran found 6 problems removed 2 could not remove 4
Rebooted – Safe Mode – stalled
Rebooted – Safe Mode – tried to backup Quickbooks to ThumbDrive – failed
Rebooted to blue screen
Ran chkdsk /f – in safe mode found error rebooting to fix
Rebooted tried to run QuickBooks in safe mode – got blue screen
Rebooted – safe mode – ran QuickBooks – blue screen
Might have been able to backup QuickBooks to Thumb? but no way to verify data....
Rebooted several times more – blue screen
Booted to safe mode -
Ran QuickBooks - created a backup - was able to save to the Desktop and then drag the file to the thumbdrive!!!
Client is going to neighbor's house to install QuickBooks on their computer, then she will try to restore QuickBooks using the thumbdrive backup file. If this works and all data is current I will pickup the laptop and reinstall the OS. Four hours spent on this one so far. I will wait until tomorrow for the call. I hope the data is verified as the most current!!
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)