cancel
Showing results for 
Search instead for 
Did you mean: 

How would you tackle this?

Community Veteran
Posts: 14,353
Thanks: 700
Fixes: 10
Registered: 01-08-2007

How would you tackle this?

Hi all
A friends laptop has landed on the desk to fix. It's absolutely fubar. Well hardware wise it's fine (ish) but software wise... it's horrible.
I'm not allowed to reinstall windows unless there is no other option and even then I have to save around 80GB from the damn thing.
Now I knew that it was virus ridden but not the extent. Malwarebytes has picked up over 1044 wonderful lurkers to deal with. On top of that the thing is running so hot that the fan is constantly on FULL all the time and it's a noisy one that becomes very irritating after a while.
So I'm in a pickle. I've dealt with machines like this in the past but the owner is adamant that I don't reinstall windows unless I really must as she doesn't want any loss of her data (understandable).
So.. if I let malwarebytes do it's work and remove over 1k infected items, I may end up with a crippled OS that can't boot or do anything useful. End result is the files are possibly lost unless linux can read the disk but I don't have an upto date linux live CD (and frankly I could do without the hassle of creating one too). Next up is the over heating and fan noise. It takes malwarebytes over 3 hours to do a full scan and thats a lot of heat and a lot of noise to put up with. I've been OK'd to look at that and having done a bit of resarch it's a thermal paste / heat transfer issue on the CPU which means taking the thing to bits to sort - something I'm not keen on doing to be honest. Unless I have a quiet fan though, there isn't much I can do with this machine but at the same time I need copies of all her files *just in case* which will take an age to get off it. Seems like a vicious cycle here.. rock, paper, scissors type thing.
How would you deal with this one?
I need a new signature... i'm bored of the old one!
28 REPLIES
Highlighted
pwatson
Rising Star
Posts: 2,468
Thanks: 8
Fixes: 1
Registered: 26-11-2012

Re: How would you tackle this?

I'd deal with the overheating first - Check the fan and heatsink for fluff buildup
Community Veteran
Posts: 3,188
Thanks: 20
Fixes: 2
Registered: 31-07-2007

Re: How would you tackle this?

If its so badly infected only safe way to be sure its all gone is a reinstall, so give it back as you can't do the job with a no reinstall restriction.  A lesson for her to not visit those sites.
Unvalued customer since 2001 funding cheap internet for others / DSL/Fibre house move 24 month regrade from 8th May 2017
gtowen
Rising Star
Posts: 354
Thanks: 9
Fixes: 1
Registered: 05-05-2013

Re: How would you tackle this?

If you haven't got one I'd invest in a usb enclosure
http://www.ebay.co.uk/itm/DYNAMODE-2-5-SATA-IDE-ENCLOSURE-USB-HD2-5SI-NEW-/200944087582?pt=UK_Collec...
The above allows for any laptop drive whether pata or sata. I'd remove the hard drive and install in the enclosure, then connect it to your pc.
Then I would make an image of the hard drive before trying to clean it. That way if things do go wrong you still have a copy of all the os/data.
Then clean with malwarebytes and any other virus/malware cleaner you have.
Meanwhile you can work on the hard ware and fan issues without suffering the noise of the fan Smiley
Community Veteran
Posts: 14,353
Thanks: 700
Fixes: 10
Registered: 01-08-2007

Re: How would you tackle this?

Quote from: Gus
A lesson for her to not visit those sites.

lol
Actually she's the victim.. it's her boyfriend who's trashed it!
I need a new signature... i'm bored of the old one!
Community Veteran
Posts: 17,553
Thanks: 1,527
Fixes: 18
Registered: 06-11-2007

Re: How would you tackle this?

If you need to "get at the innards".... regarding the fan..( clean out any dust and fluff )... or heat paste job,.... have a look on YouTube for vids for that particular model of laptop....
I needed to change my keyboard ( cost me less than a tenner inc p&p) and looked on youtube for how to dismantle and do the job.... excellent vid on there.... ran that on my second laptop, and stopped and started the vid. as I followed and progressed....
without that ...... I would not have had a clue how to change the keyboard and it would have cost me about fifty quid to get an "expert" to do the job.... It took less than 10 mins to do from start to finish and back working....
Making a Linux Live CD is a piece of cake.... just download the ISO file and then burn it......
Community Veteran
Posts: 3,380
Thanks: 4
Registered: 18-01-2013

Re: How would you tackle this?

The first thing I do when I get a machine to "recover" is to do a clone to an image file with Clonezilla.
That way at the least, if you mess things up, you can put the machine back to how it arrived.
I also have a fairly powerful server which I run Virtualbox on - I had an old Pentium 3 machine in the other day which needed data recovering from. It was so slow it would have taken days. I created an image and restored it to a VM then worked on it - the original machine was a P3 1.0Ghz with 256Mb RAM while the VM was probably in the region of 100x that speed.
If the data is of significance and they want you to recover the system then I'd image the drive, put a spare drive in and restore it, work on the laptop with that drive until you either fix the issues or kill the OS then dependent on the outcome, reimage the drive and restore back to their original machine.
Yes the above takes time but being able to fall back to square one if things take a turn for the worse is reassuring. I've also had a drive fail on me shortly after taking the image - the customer was over the moon when I told her that her data was all still safe.
Community Veteran
Posts: 6,773
Thanks: 257
Fixes: 20
Registered: 16-02-2009

Re: How would you tackle this?

To get at most M$ data, any recent (in last 5 years) Linux distro will do, no need to burn a new one.
Otherwise I would probably go with taking the disk out, usually quite easy on laptops and work on it on your pc, but watch for virii trying to escape  Cheesy
Honestly I would say to them ok if you don't want a re-install then you are talking in the region of £100, if I re-install more like £30. Even it it is a friend, when it gets to that state your time is money.
80Gb will not take long to backup to a usb disk, but again clean it as it goes.
As to the fan running flat out, you will probably find it is running at 100% processor and so the fan is on full to try and cool it, once you boot a live cd it should slow down, unless it is the heatsink getting a poor connection.
CX
Grafter
Posts: 745
Thanks: 2
Registered: 16-09-2010

Re: How would you tackle this?

+1000000000 for making a full disk image first. That way, you can be sure that you can always go back to the infected-but-all-data-there state.
Community Veteran
Posts: 4,852
Thanks: 121
Fixes: 24
Registered: 14-07-2009

Re: How would you tackle this?

I'll cast another vote for 'disk image'.  I use True Image under Windows but I had to buy my copy.
It is perfectly possible to disinfect a heavily virused computer.  The problem is that the viruses may have trashed the Windows settings so the computer does not work properly afterwards.  But perhaps not; if it was some peer-to-peer thing that decided to populate the repository of shared material with virus-infected files you might find you have only the one active virus and 1043 lurkers.
Then there is the overheating problem.  I would see what you can do with an air blower and/or a vacuum cleaner but you'll be very lucky to find the cooling system readily accessible and disassembling a laptop should be left to the professionals, in my opinion.   
Community Veteran
Posts: 14,353
Thanks: 700
Fixes: 10
Registered: 01-08-2007

Re: How would you tackle this?

Hi all
Forgot to mention that windows explorer was also crashing lol. Anyway a phone call to the owner today and she's now decided I can reinstall windows so it's all been put on a usb drive and thats also being backed up.
Unfortunately I don't have the hardware or money to get the usb thing suggested above and I couldn't really create a 200GB+ virtual machine either lol.
I need a new signature... i'm bored of the old one!
pwatson
Rising Star
Posts: 2,468
Thanks: 8
Fixes: 1
Registered: 26-11-2012

Re: How would you tackle this?

I humbly repeat my advice to sort out the overheating first...  The 1000 items reported by malwarebytes isn't good but many of them may be reports of cookies etc that won't actually harm the PC.
Highly unlikely to be anything to do with the heat paste between the CPU and the heatsink.  Much more likely to be fluff in the heatsink making the air flow inefficient.  Do you feel much airflow around the exhaust vent?  Does the fan run fast and is the machine unreliable when in safe mode?
What's the processor utilisation like?
Community Veteran
Posts: 14,353
Thanks: 700
Fixes: 10
Registered: 01-08-2007

Re: How would you tackle this?

The over heating is next on my list of things to do. Reinstalling windows can wait as far as I'm concerned I just want to have two copies of her files before I start dismantling the thing.
Now I'm allowed to reinstall windows I'm in a better position to sort things out. Tomorrow I'll start dismantling the thing and dealing with the cooling problem. As for the processor utilisation its low - typically 15% which is why I'm rather concerned by the heat issue. When I'd got all the files off it onto my usb HDD I turned it off and the bottom of it was boiling.
I need a new signature... i'm bored of the old one!
Community Veteran
Posts: 1,136
Thanks: 2
Registered: 30-07-2007

Re: How would you tackle this?

If it were me, I'd clone the disk and let Malwarebytes run and do its thing, and run a couple more times. I've never had MB trash a running install.
The overheating is probably being caused by 1k nasties trying to fight for resources at the same time, once that's cleared up that problem should go away, but as has been suggested a good blast with some compressed air or suck fro a vacuum cleaner will also do it no harm.
Once MB has stopped picking up new things, I'd run a virus ( http://housecall.trendmicro.com/uk/index.html‎; ) and rootkit ( www.sophos.com/products/free-tools/sophos-anti-rootkit.html‎; ) scan on it too just to be sure.

F9 member since 4 Sep 1999
F9 ADSL customer since 27 Aug 2004
DLM manages your line the same way DRM manages your rights.
Look at all the pretty graphs! (now with uptime logging!)
Community Veteran
Posts: 4,852
Thanks: 121
Fixes: 24
Registered: 14-07-2009

Re: How would you tackle this?

Quote from: avatastic
I've never had MB trash a running install.

I've come quite close a few times, with the computer not managing to load Windows after running Malwarebytes and letting it delete what it found.  This usually happens when it misses a component of the virus or removes the file but fails to correct the registry settings.  I have always found a way back, however.