Trouble doing a remote virus cleanup
Posted on 2009-07-16
I got online with a distant customer, with them saying they were getting "weird stuff" on one XP computer. The first thing I saw was "Personal Antivirus" giving some "infected" messages. They assure me they never installed that, and, guessing it might be bogus, I removed that from the startup in msconfig.
Next, I transferred the spybot installation program from my computer to theirs, but after I installed it, it failed when it got to the point where it requires that it needs to be able to download updates, and thus made me cancel the install. So, I had them go into safe mode with networking so they could go through the full install, and it did finish. Then they rebooted into normal XP, but spybot would not run. In task manager it would show that it was running--repeatedly if they tried to run it more than once--but it never would "run" on the screen like normal.
So, then I transferred the install for Malwarebytes and tried to install that one, but it would never even run the install.
I'm wondering if this might be that virus from not too long ago that prevents the user from connecting with helpful sites (such as Norton, Trend Micro, etc.), because I did notice that their AVG free edition has a warning that "the connection failed" for the update manager component. Yet they do have some internet connectivity, evidenced by the fact that I'm still able to access the computer remotely. However, just now I tried to get on some generic sites (like google, etc.) and noticed that it will no longer connect to any site, and as it is trying to connect, it shows the word "Blocked" for a few moments in the upper left area of the screen.
Finally, I ran a full scan using their resident free AVG Antivirus, and it found these two problems in the \Temporary Internet Files\ area:
Trojan horse Rootkit-Agent.EA
AVG is still running, but I'm assuming that AVG alone is not going to be able completely "fix" my problems once it is finished.
So is there some good software I can use to solve their problems? Since their IE will no longer let me go to any page, I'm wondering if there is a product that I can download to my computer, then transfer the installation .exe to their computer---and expect it to run correctly (unlike spybot or malwarebytes).
Any suggestions on what I can do to help them from a distance will be appreciated! TIA