You're sitting in front of your grandmother's Windows XP machine that has the worst infection you've ever seen. Safe mode? No dice. Restore points? They're compromised. Even worse, all of the files are hidden and none of the executables will run! This leaves her computer in a bricked state. Without some serious CPR, it will be lost to you. Sure, you could just reinstall the system, but then you might lose all of that valuable data.
Before you reach for that install disk and start the formatting, let's take a better look at the issues here and see if we can make sense of them. Hell, we might even fix them!
If you talk to some folks, they have the understanding that any and all computer problems must be caused by a virus. "Modem not working? I bet it has a virus." That would be the answer you might get from them if asked. However, we know, that is not the case and the answer is a little more complicated. Before we start smashing evil code, let's see what kinds are out there today.
Spyware is trying to steal your browsing habits and perform targeted ads with that knowledge. Generally, spyware is not as intrusive as a virus, and its main purpose might even be to not be found. Usually, these are smaller in memory footprint and resource usage, but once a system becomes infected by many, it can pose a real problem. These are commonly spread by user downloads and XXS.
A virus is a little bit more of a problem, usually because of its ability to self-replicate and spread. This ability varies depending on the purpose the virus is needed to perform. Honestly, these are not as common as they once were with the trend moving to stealing information.
Scareware is that annoying antivirus that pops up out of nowhere. You know, the one you never installed. It locks down your system and prompts you to buy a "full version" to clean up errors that don't even exist. It's the bane of grandmothers everywhere, as it can look legit at times, therefore it will be clicked/bought/installed. In fact, pushing and creating scareware is a multimillion dollar industry today.
I will say this right off the bat—the best anti-malware today is small and free. That's right folks, quit paying the Geek Squad over at Best Buy for their overpriced and bloated "security software". You don't need it.
Microsoft Security Essentials is a great program, and this is coming from a guy who generally dislikes Microsoft and the vast majority of their products. After you take the time to toss out all that Norton trash, this should be the first program you install.
Malwarebytes is the other choice selection for this problem. This is a fast and free program that does a great job at sniffing out malware, all while keeping a light system footprint. Use this. In fact, it might even be worth paying for the full version, though I just pirated it.
Now... back to your grandmother's computer, sitting there blinking at you.
Scareware has a few reasons for doing it, but what's a better way to strike fear into the hearts of unsavvy computer users than to hide every single file on the hard drive? This usually empties the desktop of all icons and results in mass panic among the unknowledgeable. Thankfully, that's not us, because we can make all of those hidden things reappear!
You want to bring up the Windows terminal to get to the command line interface. Usually, this is accomplished with a Start > Run > type "CMD" > click OK, or something to that effect.
Now we simply type:
attrib -s -h /s /d *.*
This has the effect of setting the attribute flag to un-hide and using the wildcards ( * ) tells Windows to target every file on the drive.
This is another common scare tactic infection files will use to prevent cleaning them up. Obviously, if you can't run any other programs, it makes flushing out the bad stuff that much more of a pain. But worry not, we have a quick solution to run critical programs and it is a simple one, I don't even need to boldtext it here.
Rename the files to a .bat extension. Simple. You'd see that AntiVirus.exe will not work, but that AntiVirus.bat will.
Often, the file association settings in the registry are all dorked up and this is what is (usually) stopping you. A .bat file is also executable, and 9 times out of 10, this will allow you to start a browser or an antivirus program, allowing you to start scanning and removing the offending software.
The steps above should get you out of most malware jams you find yourself in, as the hardest non-network problems stem from hiding system files and blocking file execution. Grandmother will think you're a pro, then she'll get back to playing on Pinterest all day long.
Do you have any other tips for the community? What was your worst infection you needed to clean up? How did you go about it?
Leave us a comment below or visit our forum and start up a thread!
Follow us on Twitter!
Want to help support Null Byte and start making your own money as a white hat hacker? Jump start your White-Hat Hacking career with our 2020 Premium Ethical Hacking Certification Training Bundle from the new Null Byte Shop and get over 60 hours of training from Ethical Hacking Professionals.