Bizarre Virus Problem

I am the resident 'geek' for one of my friends' home office. She got the GAObot virus a few weeks ago. When I got to her puter it was running REALLY slow, so I checked her resources, and her CPU was running a constant 100%. I d/l new virus definitions from Norton, restarted in Safe Mode, and did a full system scan. It found the virus, but said it couldn't clean it, so I deleted the file (think it was winhlp32.exe), and went to the registry and deleted all references to the file in the Run and Run Services sections of HKey_local machine and rebooted.

CPU acted normally, but as I was checking out her system, numerous different virus warnings started popping up from Norton. Some I found in Temp Internet Files and deleted. I then installed Spybot Search and Destroy to insure that some ad or spyware wasn't calling out through a compromised port, cleaned a few files and cookies that showed up in her system, and Immunized. Ran through the whole shut down/scan/clean/delete process again and rebooted. System acted normally for a few minutes, then numerous viruses (one was MyDoom I believe -- it has been a few days, as she went out of town) started popping up again, and her CPU also started being hit a constant 100% again! At this point I had to leave and meet my kids school bus.

My friend is now after me to come over and 'fix' her system. She has a COMPAQ 1.8GHz system running XP. She blames ME, because she bought the puter whenI said I could no longer make her 8 year old Pentium II 266 running Win95 with an 8MB hard drive and a dialup modem that never got above 31.2kb, handle her office email. I got her to connect through a DSL from SBC. The only firewall she has installed is whatever the DSL setup came from, so maybe she is getting compromised that way - but at this point I am clueless, and thinking about recommending that she reformat and use her System Restore CD. Does any have any other ideas?

Thanks,

SW

 

After you cleaned the system, did you do the Windows update to make sure that all the patches are up to date? We were having problems with a recurring virus because we didn't have the patches applied.

 

Maybe, since my doom is a version of an "old" worm Stinger or so big stopper or Mydoom remover might help getting rid of the bug. Definately get the latest service packs/critical updates from MS. A firwall is a must. Try, maybe zonealarm free or zonealarm pro (costs)

 

re: sys restore (and login problem)

Sorry, I must have made a booboo in doing my profile, because I can log in as songwright, but I can't post or edit my profile. Maybe you can tell me how to fix that?

Yes, I disabled sys restore before I booted to safe mode and did the scan/repair -- re-eabled sys restore after I rebooted to a normal login. I know lots of folks have issues with Norton, but I have used it for several years and never gotten infected or had any problems, so I hate to change. Also, I use Norton Internet Security because it provides the best program access control for my kids (Kazaa and others have to be directly stopped or they will bypass your filtering). I will try getting a copy of Avast and running it the next time I go over to her house.

Thanks

SW

 

Windows Update

Never got a chance to do that. Didn't have time considering that her puter was running S L O W due to maxed out system resources. I will remember to do that first thing when I go back over. Thanks

SW