PC cleanup tools

[pejsaboy]

Unless he has specific windows only programs he needs to use, take a linux livecd over there and switch him over. If he can get linux infested with adware/spyware/virii i'll be impressed.

Wrong answer.

Linux doesn't fix anything.

While dumping Linux on someone that only web browses is an okay idea as long as they're open to the idea of it being a little different than Windows, it's definitely not the answer for this situation. First of all, my experience in linux is limited enough that I'd rather get called back to fix more spyware issues from lousy browsing habits than have to fix something in a linux environment that I may not be up to. Or possibly not being able to track down a driver. It's gotta be a reliable fix when you're getting paid. Plus if I have to go back to fix new infestation, I get to charge him again I'm going to leave Ad-Aware and Avast! installed when I'm done, as well as suggesting Firefox over IE, so if he screws it up again he'll deserve another cleaning charge.

 

[deadlysyn]

Don't forget about Noscript and AdBlockPlus. Noscript will help keep the nasties out to an extent, unless he figures out how to disable it.

 

[g0dM@n]

I just got into a tight spot myself.
I've tried numerous things for a client of mine. I've been trying to clean up his machine remotely as he's 30min away and over a bridge.

What you see in RED (see below), I cannot get rid of. I ran malwarebytes, virus scan, ccleaner, restored all default settings in IE, reset it, etc. I cleared the history, as well as the fill-in history and everything goes away... the next time I start IE8, it comes back.

One of this guy's buddies was showing him some nasty stuff and my client wants me to get rid of it no matter what the cost....

 

[deadlysyn]

I just got into a tight spot myself.
I've tried numerous things for a client of mine. I've been trying to clean up his machine remotely as he's 30min away and over a bridge.

What you see in RED (see below), I cannot get rid of. I ran malwarebytes, virus scan, ccleaner, restored all default settings in IE, reset it, etc. I cleared the history, as well as the fill-in history and everything goes away... the next time I start IE8, it comes back.

One of this guy's buddies was showing him some nasty stuff and my client wants me to get rid of it no matter what the cost....

Try running Hijackthis, and post the output log into this webpage: http://www.hijackthis.de/en

Are you running these scans locally or over a network? I just noticed Logmein sitting up there on the top of the pic.

 

[g0dM@n]

Try running Hijackthis, and post the output log into this webpage: http://www.hijackthis.de/en

Are you running these scans locally or over a network? I just noticed Logmein sitting up there on the top of the pic.

Like I said, I did it remotely... I have logmein with the majority of my clients.
I remember seeing a site like that... thanks for the link!! I totally forgot about that!!

OP... pejsaboy... you should do this too!!

 

[deadlysyn]

I also forgot to mention that you may have to look for manual removal instructions for the files that site points out. It's been a while since I have had something so bad, that I actually needed to use it.

 

[conway]

maybe this has changed? i run it in normal mode all the time - installs recoveryconsole/updates just fine.... just gotta make sure to follow its warnings and disable your antivirus. one of my favorite tools. ive seen it kill a machine or 2

Still works fine in normal

 

[pejsaboy]

Like I said, I did it remotely... I have logmein with the majority of my clients.
I remember seeing a site like that... thanks for the link!! I totally forgot about that!!

OP... pejsaboy... you should do this too!!

You referring to the hijackthis, or the logmein? I assume the HJT.

Anyhow, I spent a couple of hours on the guy's pc yesterday. I'm not sure what the problem use to be, but after running ClamWin and malwarebytes [once in safe mode, twice in normal, once being a full scan], there really weren't any nasties to be found. Mwbytes found a total of like 16 items between all three scans. He couldn't replicate the problems he was having while I was there, so I told him to write down or print them if it comes back.

I did notice something that's really odd, however. When I was looking through the Windows folder in his XP install, there's a lot of folders that are named $ntuninstallKBxxxxxx, or something similar [where the x's are numbers]. Well, most of the entries in that folder have (2) or (3) after them, with the un-numbered folders having been hidden. I also noticed in safe mode it stated he was running service pack 2, but there were sp3 files within the Windows folder. Specifically, I think sp3.cab

 

[TollhouseFrank]

probably just an SP3 install that borked. You can always download the whole SP3 and install it for him.

Or, as I do here, I have an WSUS Offline Updater dvd (well, 2 of them). I have one with all the patches/updates/SP's for windows xp - 7 (32bit) and one for XP - 7 (64bit). The 64bit one does take a dual-layer dvd....

but if i don't have time to spend hours downloading the security updates... i just pop it in the drive, set it to auto-reboot and continue installs, and between 30 minutes and 2 hours later, it's done and they are updated without being online once.

 

[pejsaboy]

Is the WSUS dvd something that I'd have to create and update periodically, or is there somewhere that I can download it? I've been considering making a slipstreamed xp sp3 disc for a while, but there are still other updates that I'd have to manually install after that so it isn't really worth it since I keep a copy of the sp3 network install file.

EDIT: nevermind, a quick google lead me to it. Man, this is got to be the most time saving program ever. I'll never manually update another fresh install again!

 

[TollhouseFrank]

enjoy!