28 August, 2008

Calling on the Computer Gurus

My stepmother's computer could use a diagnosis, if anyone's so inclined:
Seems like I am constantly getting the little grey box stating Microsoft has encountered an error and must shut down, blah, blah. Then my internet window will just disappear. Then if I am not on the internet, no window opened, a “voice” will come over my speakers, some ad. If I open Internet Explorer, I right click to start without add ons. It seems that is the ONLY way I can stay on a site without it closing. I have compressed, de-fragged, removed unnecessary programs, spyswept, and virus scanned constantly and I have no virus’, no spyware that is not quarantined and I am still having problems. I still have 89% space on my computer, so it is not as if that is a problem, but if I have more than 2 applications running, then I have a bubble that shows up that says my virtual memory is low and to close not needed applications. The guys who built my computer state that my Norton Systems works uses a lot of memory when in use but my computer should handle it. What a pain.

'Tis indeed. Any ideas? I wouldn't ordinarily beg like this, but damn it, she can't send me photos of the kitten, and he's growing fast. The situation is critial. This is the last I saw of my baby brudder:




Need more kitteh. Help!

Muchos gracias in advance!

13 comments:

george.w said...

That computer is severely compromised. Step one is stop using Internet Explorer. Use Firefox instead. IE is an 'internal application' - that is, it is part of the operating system. Ffox is an 'external application' to a much greater extent and thus a bit more secure.

Step two is realize that computer must NOT be used for any banking, credit card transactions, etc.

Only way to fix it for sure is to erase the hard drive and rebuild, which is a daunting project for most. If you are a bit geeky, consider losing the Windows and installing Ubuntu 8.04. It is immune to most of that crap. (still requires regular patching of course)

Keep us posted.

bzyglowi said...

I agree with george.w in that the computer probably needs a reformat... but it shouldn't be that hard. If she's got a Windows XP disc the reformat/installation really pretty much runs itself. (If Vista is on the computer already, it gets a little more complicated.)

After that, definitely stop with IE and go with Firefox. I've never had those pesky little 'Microsoft crash' boxes since I did.

Other than that, though, I don't have much advice. ):

Efrique said...

It is compromised indeed. It will likely be rescuable without erasing the whole thing, but you need someone who knows what they're doing to do it.

Your registry and bootup will both have been affected, and you probably have rootkits as well.

Anonymous said...

Agreed on the Firefox switch.

Also, try spybot http://www.download.com/Spybot-Search-Destroy/3000-8022_4-10122137.html
and HijackThis
http://www.download.com/Trend-Micro-HijackThis/3000-8022_4-10227353.html

If you don't want to click the links (as a good paranoid would not) you can find them on cnet's download.com.

I find those 2 the most effective at finding the junk on the system.

However, a reinstall and changing all passwords for banking, amazon, anything financial would be mandatory.

Les said...

I'll third what George W. said. If you want to be absolutely sure it's clean of anything naughty it's best to reformat and start from scratch. It sounds like she may have a rootkit or two on there and those are exceptionally hard to remove even by folks who know what they're doing.

RickU said...

About the memory problem...she's looking at hard drive space not the RAM which is important.

There are 2 ways to fix not having enough RAM.

The first way is to buy more ram. A vista machine should generally have 3 gigabytes, an XP should have at least a gigabyte, preferably 2.

That's the best solution...the second part is to to check the virtual memory settings.

Generally this number should be 1 and 1/2 times the amount of physical RAM you have.

To get to that setting, right click on my computer and go to properties. Then go to advanced.
Under the performance area hit the settings button.

Then go to the advanced tab.

You're now in the right area to find and change (if necessary) the amount of virtual memory or paging file space (they're the same thing)

Mechalith said...

9 year tech support vet, adding my voice to those before. Whoever told her the PC is virus-free is clearly short of neurons. Best approach is backup data, FFR (fdisk, format, reinstall), don't ever use IE again.

See above me for variations on the same advice I would give. The system is irredeemably compromised.

Also, get a new 'computer guy', the current one is worthless, and dangerously so.

Woozle said...

My reaction to George W.'s post was "yessss!" (we are almost Windows-free over here, and have so far managed to avoid anything past Win98 -- though that may yet change) -- but in view of the fact that a reformat/reinstall is probably an Option Of Last Resort, I do have one more thing you might try.

We have found that the only way to reliably catch spyware is to run these two spyware-removal programs: AdAware and
SpyBot.

If this doesn't clear up the problem (or if you want to be thorough), another thing you can do is install ZoneAlarm and see if it detects any applications trying to use the internet. If it does, that can be of great help in tracking down which .EXE or .DLL files have been infected. You can then replace these from uninfected sources (if they're Windows files, then replace them from the Windows install CD; if they're part of an application, uninstall the application and don't reinstall it until you're sure the computer is safe).

Hope this is helpful.

Efrique said...

Definitely agree on Adaware and Spybot. I have used them for several years and wouldn't be without them.

Rootkit Revealer might help find a rootkit, but I'm not an expert on those and there may be better tools.

But even so, at this stage don't rely on just these tools - you need to take some serious precautions.

Anonymous said...

Just a note of caution, firstly the Hijack This option is a good one, run it and then post the text file it will output on these forums
http://www.winextra.com/forums/index.php?board=18.0 (Winextra Forums, a place full of very knowledgeable and friendly people. Registration required, but the owner is a long time personal friend and he won't spam) they will help decode the hijackthis file for you and tell you what the real problems are. secondly, while a applaud the call to Ubuntu 8.04, firstly your stepmother has to sit down and work out just what she uses the computer for, email and web surfing will be a snap on Ubuntu, downloading photos from her camera might be a sicking point, a small trick with devices that you are a bit iffy about when installing Ubuntu is to have them plugged in and turned on while the OS is installing, it should recognise it, find drivers for it and then install them. conversly she could install Ubuntu from within windows as a trial by using Wubi (http://wubi-installer.org/) it will install it into a folder on her windows system and when she reboots there will be an option in her boot menu to run Ubuntu or Windows, choose Ubuntu and have a play, is she likes it and it plays nicely with all her hardware then backing up her important info and formatting and making it permanent is easy, if on the other hand its problematical, or there are some Windows apps she just needs (and this varies from person to person) its easy to go back into her windows install and remove it via the "Add/Remove" panel. it will just be removed like it never existed. Also there are friendly Linux groups all over the place who will be only too happy to help get her up and running with open source alternatives to just about everything she has or wants. a quick search through the intertubes will find one close to her :-)
If you have any other questions, you know my email :-)

george.w said...

Atheist Chaplin, it is a good idea to trial-run Ubuntu for sure. But it's doubtful that a computer running as badly as the one described here could successfully install it. Probably easier to live-boot from an Ubuntu CD to try it out, no changes made to hard drive.

Considerable difference of opinion exists as to whether Ubuntu is "mom-ready". I'm still learning it myself, but so far I like it.

And since no no one else said it, "Awwww... kitteh!"

Anonymous said...

george.w

an install disk of Ubuntu has wubi on it and I believe it can be run from boot. and even so, even though it sounds like the computer is full of trojans and other nasties that are probably looking for anti spy-ware and AV programs wubi only uses 8 meg of memory when its running so even on a system that's running out of memory, it has a better than average chance of working because most of the heavy lifting is done from the re-boot :-)

Dana Hunter said...

You guys are all overwhelmingly awesome! Muchos gracias! My stepmother will love you all!