1. DLP Flash Christmas Competition + Writing Marathon 2024!

    Competition topic: Magical New Year!

    Marathon goal? Crank out words!

    Check the marathon thread or competition thread for details.

    Dismiss Notice
  2. Hi there, Guest

    Only registered users can really experience what DLP has to offer. Many forums are only accessible if you have an account. Why don't you register?
    Dismiss Notice
  3. Introducing for your Perusing Pleasure

    New Thread Thursday
    +
    Shit Post Sunday

    READ ME
    Dismiss Notice

Ten year old used my PC - What do I do?

Discussion in 'Tech Support' started by Styx0444, Apr 19, 2011.

  1. Styx0444

    Styx0444 Minister of Magic

    Joined:
    Feb 11, 2010
    Messages:
    1,217
    Location:
    Between here and there.
    My Dad let his girlfriend's grandson get onto this computer on Friday, and in a grand total of five hours the little brat managed to fuck shit up. I've spent the last two days deleting all the viruses and malware I could find, as well as some stuff he installed to get free games :mad:. So I'm dealing with a few issues I would love some opinions on, if anyone could spare the time.

    1.Every time I do a search using only the address bar (in firefox) I'm sent through something called 'mywedsearch' instead of Google.

    2.The first thing I did was run a scan with Spybot - Search and Destroy. It found some stuff that it had to restart the computer to find, but I was busy with other things and couldn't afford to take the time to do it right then. I told it to run another scan on the next startup, and went about my business. Next time I started the computer up, it started the scan, but ended up getting canceled because my Dad wanted to look something up. I ran Spybot again after updating it, and although I found a fuckton of viruses and spyware, it said nothing about having to restart the computer to delete some things. Is this a problem?

    3.I typically use two different antivirus programs, Spybot and Avira personal. After the most recent Spybot scan came up clean, I did a scan with Avira just in case. It didn't find any viruses, but it did find fifteen hidden objects it's calling rootkits. I have absolutely no idea what to do about these. Any advice?

    Thanks!
     
  2. Xiph0

    Xiph0 Yoda Admin

    Joined:
    Dec 7, 2005
    Messages:
    9,498
    Gender:
    Male
    Location:
    West Bank
    Have Avira delete them. Also try downloading Clamwin and using that as well, it'll catch things Avira doesn't. And FFS, let Spybot do it's work.
     
  3. Wasteland

    Wasteland Second Year

    Joined:
    Jul 31, 2006
    Messages:
    67
    Location:
    Australia
    Malwarebytes is a very good free program for finding any malware on the system.

    The default search engine for firefox can be changed by typing in "about:config" into the address by of firefox and find the browser.search.defaultenginename and change it to "google". You might be able to see if anything else looks weird while you're there, but caution is advised when changing the settings

    Good Luck
     
  4. Xiph0

    Xiph0 Yoda Admin

    Joined:
    Dec 7, 2005
    Messages:
    9,498
    Gender:
    Male
    Location:
    West Bank
    It's not like he can mess it up more.
     
  5. Styx0444

    Styx0444 Minister of Magic

    Joined:
    Feb 11, 2010
    Messages:
    1,217
    Location:
    Between here and there.
    It didn't give me the option to delete them, and they don't show up in quarantine.

    No shit, mywebsearch was the source of four of the trojans I found came from.
     
  6. Manatheron

    Manatheron Headmaster

    Joined:
    Dec 12, 2006
    Messages:
    1,166
    -Snorts-

    My cousins did that one to me a couple of months ago.

    Best advice? Take anything you want to keep, put it on a disk or external device, and wipe the fucker. Re-install from the ground up. it'll save you time and energy in the long run.
     
  7. Styx0444

    Styx0444 Minister of Magic

    Joined:
    Feb 11, 2010
    Messages:
    1,217
    Location:
    Between here and there.
    I wish I could, but I don't have the system disc anymore. I moved, and it was one of the things that vanished. I'm going to be able to get a new PC in June, but until then this is all I got. The PC I had been using got hit with a nasty virus I haven't even been able to touch yet, nothing I use in safe mode can find it and logging in normally I have ten seconds before it locks me out of everything and starts fucking around with directory files.
     
  8. Xiph0

    Xiph0 Yoda Admin

    Joined:
    Dec 7, 2005
    Messages:
    9,498
    Gender:
    Male
    Location:
    West Bank
    It should say something like delete, repair, or something. Click that.
     
  9. LT2000

    LT2000 Heir

    Joined:
    Jun 5, 2005
    Messages:
    2,706
    Yeah, I'd go with Malwarebytes. Spybot is pretty garbage and oftentimes gets corrupted by malware itself.
     
  10. Rahkesh Asmodaeus

    Rahkesh Asmodaeus THUNDAH Bawd Admin DLP Supporter

    Joined:
    Apr 3, 2005
    Messages:
    5,128
    Location:
    Atlanta
    This is why I always put a password on any computer I own.

    And yes, malwarebytes fucking rocks.
     
  11. Militis

    Militis Supreme Mugwump

    Joined:
    Jun 24, 2008
    Messages:
    1,683
    Location:
    Online
    Pro Tip for next time (because no matter how hard you try, there always is a next time): Make an unprivileged account and always use that, no matter what. If you're on Vista or Windows 7, it will ask you for your administrator account's password when you do anything system-changing. That way little snots can't wreak your shit.
     
  12. Styx0444

    Styx0444 Minister of Magic

    Joined:
    Feb 11, 2010
    Messages:
    1,217
    Location:
    Between here and there.
    The only options I'm given are 'End' which just closes the window, and 'Report' which gives me a text file account of all the shit it did. Report gave me the locations of all the hidden files, so I suppose I could try and fix it that way, except that a couple of them were in system 32 (don't know enough to like messing with that one) and another couple were in Hkeys. I have no idea where Hkeys is.

    I'm grab Clamwin and Malwarebytes tomorrow and see what that gets me: It's 3 AM here and I've got school, so I'm gonna crash.

    Thanks for the help, guys. I'll give an update after I've done that.
     
  13. Hero of Stupidity

    Hero of Stupidity Villain of Sensibility ~ Prestige ~ DLP Supporter

    Joined:
    Oct 5, 2010
    Messages:
    342
    Gender:
    Male
    Location:
    Hungary
    High Score:
    3,172
    For trojans I use the aptly named TrojanHunter.
     
  14. Lindsey

    Lindsey Chief Warlock DLP Supporter

    Joined:
    Dec 1, 2010
    Messages:
    1,560
    Gender:
    Female
    Location:
    Seattle, WA
    The best way to remove malware (or viruses) is to restart your computer in Safemode with networking. After logging in, install malwarebytes, then run it. This will normally allow the program to remove the files without having the virius/trojan try to corrupt the program in the removal period.

    Afterwards, restart and hopefully everything is fine.
     
  15. yak

    yak Moderator DLP Supporter Retired Staff

    Joined:
    Jul 28, 2007
    Messages:
    4,001
    Location:
    Australia
    You don't password protect your computer? LOL.

    Rootkits? If you really have rootkits, then your system is pretty much boned. They aren't viruses or any ordinary type of malware. Anti-malware programs have a great deal of difficulty even detecting rootkits, let alone attempting to remove them. When it comes to rootkits, you can never be sure that you've got rid of them, nor that you're even aware that they're there. I'm honestly surprised that Avira managed to detect so much evidence of rootkits on your system. It's not designed to counter rootkits, and I wouldn't be at all surprised to discover that it missed other rootkits on your system.

    I know it's a bit of a joke to advise people to format their computers over trivial technical problems, but in this case that's your best possible course of action. The time, effort, and skills required to attempt to cleanse a rootkit infection would be much better invested in formatting.

    Here's some snippets from Wikipedia on Rootkits:
    tl;dr: Removal of just one rootkit is a PITA, and perhaps impossible. Prepare to format if you want to be sure.

    tl;dr: Your system, and all anti-virus, anti-rootkit, etc. software that you run on it can not be trusted. You have to run such software from a NON-infected machine to scan the infected machine. The rootkit has "root", meaning that it owns the box it's on.

    tl;dr: Fuck Avira and Spybot right off. If you're going to attempt to cleanse your system anyway, then these are the tools to start with.

    tl;dr: You can try the various anti-rootkit software if you want, but it isn't a sure bet. Even if the machine scans as clean afterwards, it's still not certain to be so.

    Formatting your computer may be a bit of a headache now, but it's going to save you from a potentially very nasty future.

    Disclaimer: I did clean-up rootkits on an [XP?] system once, but it had been pwned by viruses and keyloggers and so much other malware, so frequently in the past, that I figured that any of the sensitive information that they had on there [billing, credit card info, address books, etc.] had been thoroughly compromised in the past so many times that it honestly didn't matter too much if there were still hidden nasties on it afterward. So long as I got rid of the visible symptoms [at least until the next inevitable virus infection] they were going to be happy.

    If that doesn't sound like you, then format. This might be a good time to upgrade to a much better designed OS, like Win 7 while you're at it. It's quite a bit harder for Win7 to be taken advantage of like your system was. I assume you're on Vista or XP at the moment.
     
    Last edited: Apr 20, 2011
  16. Styx0444

    Styx0444 Minister of Magic

    Joined:
    Feb 11, 2010
    Messages:
    1,217
    Location:
    Between here and there.
    [​IMG]

    Fuck.

    Firstly, I do password protect my computer. Except that this isn't really my computer, so I couldn't do that. It's a bit complicated, but I suppose the easiest explanation is that it's the 'family' computer. I referred to it as mine because I'm pretty much the only one that uses it, aside from my dad who uses it to look random shit up.

    Like I said before, I can't reformat this computer. Aside from having a shitload of important stuff stored on it (not information, though I do have some info I'd rather not lose), I don't have the disc for it, and I'm literally out of cash at the moment. I'm going to get another computer in June, but until then I'm pretty much stuck with this. I have a laptop, but the internet on it refuses to work (At all. I can't get it to set up.) and my brother's PC, which has a virus I'll have to go into the directory to get rid of, if I can even manage it then.

    You're right, I do have XP on this one.

    Thanks for the info, I was entirely unaware of most of that.
     
  17. Red Aviary

    Red Aviary Hogdorinclawpuff ~ Prestige ~ DLP Supporter

    Joined:
    Mar 25, 2008
    Messages:
    538
    Gender:
    Male
    High Score:
    2,757
    There's only one thing to do: sacrifice the child. Maybe its blood will appease the computer.
     
  18. Styx0444

    Styx0444 Minister of Magic

    Joined:
    Feb 11, 2010
    Messages:
    1,217
    Location:
    Between here and there.
    No good, I already sacrificed him to gain the blessing of Cthulu :facepalm

    EDIT: Used Malwarebytes and got rid of a shit load of stuff the others didn't find, including two of the hidden items. Then half way through a second scan (I always scan twice to be on the safe side) Avira caught something messing with me called TR/Trash something or other. I stopped it, but my system ended up crashing because of the two antiviruses working at the same time. Went back and did a scan with Avira, and found five of those trojans and my system is running slower. My guess is that their replicating now, so I'm in for a fun day tomorrow.
     
    Last edited: Apr 20, 2011
  19. yak

    yak Moderator DLP Supporter Retired Staff

    Joined:
    Jul 28, 2007
    Messages:
    4,001
    Location:
    Australia
    If you have to live with your system, can't format, and don't have a clean PC to work with, then...

    Use the safe mode technique as Lindsey described.

    Once in safe mode, you should tackle the rootkits first. Use Blacklight, Rootkit Revealer, Sophos Anti-Rootkit, etc. to progressively scan and kill rootkits. Don't use these programs at the same time; run each one after the previous one has finished. It's going to take a long time to do all of this, so I hope you've brought a book or something, because you won't be surfing the net.

    Stay in safe mode. Start the more generic anti-malware programs, like Microsoft's Malicious Software Removal Tool, Malware Bytes Anti-Malware, Avira, etc. Again, use them one-by-one, not together.

    In my limited experience, rootkits often act as gateways into your system for other malware. Rather than do nasty things themselves, they'll act as a devious sewer pipe and direct filthy viruses and other malware straight into your computer and then keep an eye on that malware to keep everything running how it likes. If you kill VirusX, then the rootkit will just re-install it again and there's nothing you can do to stop it except perhaps to unplug your net connection. Your rootkits might not work like that, but from your description it sounds like that's what they're doing.

    That's why I'm suggesting that you do your best to kill the rootkits before tackling the malware. You may have to do a quick sweep of the general malware first to get some resources and functionality back to your system, but I'd recommend dealing with the rootkits first if you can. In safe mode it should be harder for an ordinary piece of malware to re-install a rootkit, than it is for a rootkit to re-install a piece of malware.

    Once you've hit the rootkits and malware, do another rootkit scan with whatever anti-rootkit gave you the best results the first time. If that's good, then shutdown safe mode and reboot your PC. Go straight to safe mode again.

    Scan your PC for root kits and other malware again. If your comp is still clean, then reboot again, and this time launch XP nomally.

    Scan your PC for root kits and other malware. Purge them as best you can.

    If your PC is still coming up as infected, then go back to safe mode and scan from there again.

    If you're still having trouble, then my last piece of advice is to run HijackThis! Take your HJT logs to bleepingcomputer.com and throw yourself on their mercy. Be sure to read this first: http://www.bleepingcomputer.com/tutorials/tutorial94.html

    Just as a general note, this strategy I've outlined won't work against the best malware. It also won't work against the newest malware, or older malware with the newest [0-day] exploits. All rootkit authors are aware of Blacklight, Sophos, Rootkit Revealer, etc. so they've probably taken steps to defeat such anti-rootkit software. But those same security companies haven't been standing idly by.

    What we're hoping is that the anti-rootkit definitions and detection methods employed are newer and more current than the rootkits that are infecting your machine. Make sure to do an online update of every anti-rootkit [and anti-malware] scanner before you use them.
     
  20. Styx0444

    Styx0444 Minister of Magic

    Joined:
    Feb 11, 2010
    Messages:
    1,217
    Location:
    Between here and there.
    Alright, thanks. I'll give that a shot, though actually doing it will probably have to wait a couple days. I'm unfamiliar with how safe mode works, for the most part, so I should probably ask: Do I need to have the installer for all of these programs on a USB drive, or can I get them from the site while in safe mode?