Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Windows Expansion System
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Other forums
- :
- Tech Help - Software/Hardware etc
- :
- Re: Windows Expansion System
Not applicable
Windows Expansion System
04-04-2011 10:05 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
As in the title, has anyone seen this spyware and if so, how have they treated it? I have a friend's computer here and it has been infected (don't know how).
It is a real pain - can't get anything to work. Task Manager won't come up, MBAM won't execute, Lavasoft Ad-Aware which is on the machine won't scan.
Avast will scan but reports all clear. Have found website with the registry keys to delete and the files in Programmes but have opted to try Kaspersky Rescue disk.
Have downloaded and burnt it to CD and have booted up the computer with it so am now scanning. The threats have been detected so am waiting for it to finish to see what to do about it. Hope that it will clear it up. Just interested to know what the professionals do to treat this and if there is any other advice.
BTW it is an elderly Dell desktop (XP) and have tried to get into safe mode by pressing all the appropriate keys (tried F8 F10 and Delete) but it just reports a keyboard malfunction when I try. I did get to boot from disk with F12 but how do I get it to go into safe mode?
It is a real pain - can't get anything to work. Task Manager won't come up, MBAM won't execute, Lavasoft Ad-Aware which is on the machine won't scan.
Avast will scan but reports all clear. Have found website with the registry keys to delete and the files in Programmes but have opted to try Kaspersky Rescue disk.
Have downloaded and burnt it to CD and have booted up the computer with it so am now scanning. The threats have been detected so am waiting for it to finish to see what to do about it. Hope that it will clear it up. Just interested to know what the professionals do to treat this and if there is any other advice.
BTW it is an elderly Dell desktop (XP) and have tried to get into safe mode by pressing all the appropriate keys (tried F8 F10 and Delete) but it just reports a keyboard malfunction when I try. I did get to boot from disk with F12 but how do I get it to go into safe mode?
7 REPLIES 7
Re: Windows Expansion System
04-04-2011 10:18 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Best thing to do is take the hard disk out and connect it via adapter/caddy to a "known clean" system then scan it with everything you can at the most detailed level.
I would use at least:
Malwarebytes
Trend Housecall
Microsoft Security Essentials
I would use at least:
Malwarebytes
Trend Housecall
Microsoft Security Essentials
Re: Windows Expansion System
05-04-2011 12:30 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Repeatedly pressing F8 is the usual means to get into Safe Mode. I think "keyboard error" when trying this means the key has been pressed too early in the start sequence. To fix this I believe it is necessary to start again and wait a little longer.
David
Not applicable
Re: Windows Expansion System
05-04-2011 6:50 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Thank you very much for your interest and help. This computer is riddled with Trojans and I understand why HP recommends taking the drive out etc. However, this is far beyond my limited capabilities. I have run the Kaspersky rescue disk and it has dealt with some of the infections but there are some that are greyed out, therefore it cannot deal with them and there are only two actions - delete the entry or skip. Not knowing what the former would do I just skipped. WES stops everything from running including Firefox, MBAM, firewall etc so it must also be preventing Kaspersky from dealing with these remaining problems.
I read up about manual removal i.e. renaming files and deleting registry keys but I just could not find the offending file/s and I don't want to be messing with the registry as it did say that this should only be done by IT experts.
If it were my machine I would just reformat but I don't know if he has backed up his stuff so I don't really want to start all that. I have decided to leave it to the experts and suggest that the owner takes it to the computer shop nearby. He may well suggest reformat too so will wait and see. I did a lot of work on this elderly computer a good while ago and got it running fine. I am afraid that I am a bit irritated because for it to be so badly damaged there has been a lot of rubbish downloads going on to it. I noticed Limewire had been installed.
Spraxyt - your advice was sound - I was pressing too early and I did get it into safe mode but WES was still running and wouldn't let me do any more than I could when it was fully booted. I am glad that I learned that as it was something I didn't know.
I read up about manual removal i.e. renaming files and deleting registry keys but I just could not find the offending file/s and I don't want to be messing with the registry as it did say that this should only be done by IT experts.
If it were my machine I would just reformat but I don't know if he has backed up his stuff so I don't really want to start all that. I have decided to leave it to the experts and suggest that the owner takes it to the computer shop nearby. He may well suggest reformat too so will wait and see. I did a lot of work on this elderly computer a good while ago and got it running fine. I am afraid that I am a bit irritated because for it to be so badly damaged there has been a lot of rubbish downloads going on to it. I noticed Limewire had been installed.
Spraxyt - your advice was sound - I was pressing too early and I did get it into safe mode but WES was still running and wouldn't let me do any more than I could when it was fully booted. I am glad that I learned that as it was something I didn't know.
Re: Windows Expansion System
05-04-2011 8:57 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Quote from: poppy However, this is far beyond my limited capabilities.
You'd be amazed how easy it is. If you can rewire a plug you can do this.
And an adapter can be bought very cheaply on eBay - once you know for sure what type if disk it is: IDE or SATA.
Not applicable
Re: Windows Expansion System
05-04-2011 12:04 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Just taken a walk to the computer shop and the owner had this Trojan too. He was just downloading Windows updates on Friday and on boot up on Saturday morning it was there so he is assuming that it came on the back of this update. He uses the full Bullguard security suite. He spent hours trying to get rid of it including HPs solution. However, it just kept coming up again, renamed. It is obviously very pernicious. It just stops you from doing anything at all including loading browsers. In the end he has done a reformat so I reckon that this is what we will have to do with the Dell. What is concerning me now though is that if we transfer files to a USB stick will they reinfect the machine if transferred back?
It is all very worrying - am thinking that I will have to use my Ubuntu partition more!
It is all very worrying - am thinking that I will have to use my Ubuntu partition more!
Re: Windows Expansion System
05-04-2011 7:14 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
I think it is possible for malware to transfer via USB stick by exploiting the autorun facility. AV would have to be on the ball to detect and trap it. And from what you described it doesn't seem something to give in easily.
Google came up with this Panda Security "usbvaccine" tool to block autorun which should prevent infection. However I emphasise I haven't tried it.
Google came up with this Panda Security "usbvaccine" tool to block autorun which should prevent infection. However I emphasise I haven't tried it.
David
Not applicable
Re: Windows Expansion System
05-04-2011 7:28 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Thank you for that spraxyt. On my own machine I have auto run disabled. It is one of those things that Kaspersky flags up in the vulnerability scan so you just click fix and that's it. Also, when I put a drive in the slot Kaspersky comes up to ask if you want to scan it. However, I am thinking that it wouldn't be any good because it wouldn't neutralise the Trojan on the rescue disk. I have posted on their forum to find out what they are doing about it but no replies so far. At the moment I think it would be best to leave the stuff on the USB stick until better methods of treating the infection it are developed.
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Other forums
- :
- Tech Help - Software/Hardware etc
- :
- Re: Windows Expansion System