De-Screwing my bro's PC

[robphelan]

Running WinXP SP2.

Well, my brother called and said he was having a bunch of issues.. being the family geek, I was obliged to try to fix it.

turns out there are numerous viruses running around in there.

I've begun by running a2(squared), AdAware, & SpyBot S&D several times.

things were looking really good while in safe mode, but appear to start up again when I reboot to normal mode - which indicates not ALL of the viruses/malware are gone.

One thing I did notice is that it created an "Administrator" user that does NOT show up on the log on screen (his 2 users, brother & niece, do show up).

I found this "Administrator" user only in the safe mode login screen - I go to User Groups to delete it, but that user does not show up there.

I think this is the key - i need to get rid of that user somehow but can't seem to do it. Any ideas?

thanks.

 

[bsobel]

Since you obviously have a system as well, slave the drive to yours and run a real av/as tool and just clean the system up.

 

[Ewat]

I'd just wipe the drive clean, reinstall windows, and call it a day

 

[John]

1) The "hidden" Administrator account is by design and perfectly legit.
http://windowsxp.mvps.org/admins.htm

2) See my sig for malware removal advice. Do not slave the drive since you will need the tools to clean rogue registry entries.

3) Some malware attaches to Windows system files. One example is a spambot that infects ndis.sys so that when you delete the offending files the ndis.sys drops them back in place.

 

[robphelan]

Originally posted by: John
1) The "hidden" Administrator account is by design and perfectly legit.
http://windowsxp.mvps.org/admins.htm

2) See my sig for malware removal advice. Do not slave the drive since you will need the tools to clean rogue registry entries.

3) Some malware attaches to Windows system files. One example is a spambot that infects ndis.sys so that when you delete the offending files the ndis.sys drops them back in place.

thanks for the info on the admin account. that was worrisome.

i was going through your guide yesterday.. excellent info. i'm going to give it a go tonight (tomorrow night's the spurs game so i'll be busy then:thumbsup.

 

[John]

Any luck?

 

[robphelan]

Originally posted by: John
Any luck?

unfortunately, I didn't have any time last night to do anything other than to d/l all the software onto a thumb drive.

hopefully tonight i can find the time during timeouts and halftime of Game1!!!!!!

 

[robphelan]

gave up... the PC kept closing down all my windows before I could get to the folders to install the anti-spyware software.

i went ahead and formatted/re-installed. since it wasn't my PC, i was a little less willing to spend the time trying to recover.

thanks for the input.
rp.

 

[mechBgon]

Originally posted by: robphelan
gave up... the PC kept closing down all my windows before I could get to the folders to install the anti-spyware software.

i went ahead and formatted/re-installed. since it wasn't my PC, i was a little less willing to spend the time trying to recover.

thanks for the input.
rp.

security ideas for the future :light:

 

[robphelan]

thanks for the link.. i went ahead and setup a limited account - my bro only uses it to stream NPR & play music.. and my niece uses it for IM/school work.. it should work fine for them.

 

[mechBgon]

Originally posted by: robphelan
thanks for the link.. i went ahead and setup a limited account - my bro only uses it to stream NPR & play music.. and my niece uses it for IM/school work.. it should work fine for them.

sweet :thumbsup: