Most of the time people know that when you are offered something for nothing there is a catch, and almost every time there is
a catch. I like free things as much as anyone else, but I don’t expect to get anything actually free. When someone offers me something I didn't earn, I start looking for how they are going to make me work and/or pay for it later.
The internet seems to be immune to this rule of thumb in people's mind for some reason. People think nothing of the potential cost of 'free' things on the internet. In fact, a lot of people expect everything on the internet to be free.
Some money on the side
Someone brought me their kid’s computer to clean up again. I don’t really mind, it gives me a little extra cash on a regular basis. It can be frustrating at times though trying to chase down various problems, but I like a challenge too.
About two months prior to this, his mom had brought me this same machine still in the box so that I could make sure that it had all the proper antivirus and antimalware stuff he needed in addition to some basic productivity stuff so he could use it for school work.
Oddly enough it was in pretty bad shape despite the fact I had made sure he was fairly protected not that long ago. It had somewhere in the neighborhood of 15,000 various viruses, trojans, and assorted malware infections.
I was really curious to how someone would go about getting so many nasty infections in such a short amount of time, despite all the protection stuff I knew
it had. I found that the antivirus application I had installed on it was gone and had a somehow popular Internet Security Suite installed on it. I think that came from a disk that came with the computer, I knew I should have shredded that disk. Also the anti-malware program I put on hadn't been updated or run since I installed it.
I dug though some of the internet history files. I found that the kid frequently visited sites featuring standard porn, hack & crack stuff, and game cheats. He also had a number of Peer-2-Peer (P2P) applications for music, video and miscellaneous file sharing.
Obviously this kid went looking for, and found free stuff he at least thought he wanted. Unfortunately it was a package deal and he got a lot more than he expected.
Removal & Restoration
Removing all the 'free' nasties consisted of the following;
Booted machine with PE disk.
Since the machine wouldn't boot fully to the desktop even in safe mode, I had to use a Pre-installation Environment (PE) Disk with some utilities installed on it. I used Bart's PE Builder
and built my own, but there are others available. With this disk I was able to clean up some of the worst viruses with a licensed copy of ESET NOD 32 Antivirus
installed on it, enough to be able to boot it in safe mode.
I started the machine in safe mode and cleaned up some junk programs.
I deleted some files and program folders that I knew were viral. Note:
You have to be careful with this and make sure only to delete the ones that it is safe to do so. You can find the right ones listed when you search for specific viruses you know are present. There are too many to list here however.
I uninstalled the P2P junk like LimeWire and other useless applications associated with spyware stuff, like Alexa toolbar.
Installed and ran the following programs in the following order.
- Freeware optimization and cleaning tool. Used mostly to clean out temp files and useless stuff from registry. It makes the other scanners run a bit faster by removing junk before the scans.
b. a-squared Anti-Malware
- Anti-malware that kills trojans, viruses, spyware, adware, worms, bots, keyloggers, rootkits and dialers. I mainly ran this one first because a lot of nasties will block the download and install of the next one.
- A tool that can identify and remove malicious software from your computer. A secondary scanner to catch the stuff the first one didn't. Also, most of the time you cannot have more than one anti-malware program without them fighting or slowing down your system, but Malwarebytes and a-squared seem to play nice (or did so at the time of this writing anyway).
d. Auslogics Disk Defrag
- A disk defragmentation utility. Major infections typically fragment hard drives badly, which degrades system performance. This program also has the option to remove temporary files before defragmentation, some of which CCleaner misses occasionally.
Repaired the damage.
The damage done is usually unique to each situation, but here are a few common fixes.
Run 'detect and repair' or 'reset to default' on any app that has that option, like MS Office and internet browsers.
A lot of fake anti-virus applications will damage parts of the registry making it not be able to run .exe files after removal. There is a registry fix you can download that will cure that here
Fortunately it doesn't take a lot of time to install and start these applications, but does regularly take a long time to let them run.
The high cost of free
The cost of removing the various nasties and recovering as many of his personal files as I possibly could was $150 and the loss of the machine for the better part of a week. Not to mention some of his music was infected and could not be recovered, that is assuming it ever was an actual music file. That doesn't even take into account whatever punishment his mom imposed for whatever activities he was engaged in to get the machine to that state.
Not exactly what I would call free.
The moral of the story
If you go looking for something for nothing you will get more than you bargained for… and keep service people like me in business.