Back to the occasionally/repeatedly affected machine itself... Could it be a decent opportunity to offload any valued data[1] to a memory stick, go through the Factory Restore process[2], and start again from scratch?
You see, I reckon you probably picked it up from some web-page (or farmed-out advertising-like frame) on a not-necessarily-dodgy website that just happened to be compromised. And given I remember no mass outcry against bay12forums being that website, by any of us on here who are tech-savvy enough to have forensically traced whatever they managed to get (or avoid getting) infected by, I'm going to say it weren't this place, guvvnor, sure as pears is pears.
It'll have been a chance thing, and it'll have some sneaky backdoor still set in there, and a backdoor-keeper, if I understand you. If it were in front of me, I'd run half a dozen of the software tools that I personally tend to use on the system, at various levels of boot, and I'd perhaps be pretty confident that I'd squashed the blighter dead and your machine healthy (take two
iPadstablets, and call me in the morning), but without that surety I'd really suggest you think about doing a Spring Clean (despite Winter[3] being still 28 hours away, astronomically speaking at least) and while you're at it take the opportunity to reorganise your little electronic workspace.
If it came with something like Norton/McAfee pre-installed, that licence is probably expired now, so prep for that by downloading their removal tools (to a second stick, from another machine, because I'm going to suggest you scan the first stick at some point, anyway, just in case you are going to reintroduce an install program that's your original trojan-vector, or something), so that once you get back to a known-clean setup[4] you can get that effectively expired trial-version off, and get yourself Avast, AVG, Avira... hell, whatever you're happy using (doesn't have to begin with the letter 'A', even!) on there. Make sure that (whatever it is) that it's up-dated, get Mbam on (you can install it without desktop/start menu icons, if you don't want to admit to having installed it, if your parent's mis-aimed paranoia is going to be a problem) and updated
in advance and then you have a nice clean system that you'll probably also find refreshingly free of all the little slow-downs from the bits of software you installed once for a printer you haven't used in a year, but left behind a management icon in the systray for, etc, etc...
Just put back what you actually need. (For example, you probably don't need that software supplied for any camera, mobile phone or MP3 player[5], unless you actually are rather partial to the 'holdy-handy' transfer program that scans every memory stick or CD you put in and says "Hey, there are pictures here! Do you want to download them!", because without that you can just deal with your media devices as the external hard drives that they essentially are, even if you have to go into the DCIM directories/etc, and make your own decisions about whether you're moving or copying the files out of them...) And if there's anything you're not sure about, run the AV/Mbam over the install program and then run it again after installing it.
Pictures and other media, obviously, don't need much scanning. I'm pretty sure the market for macro-viruses within office-style documents is also pretty much gone, but anything (non-conceptual) that
could be in them is going to be found by scanning that backup memory stick.
Anyway, I'm sure you have 'temporary' text files, paintbrushed images, spreadsheets or other detritus sitting around your [My] Documents area, and now is the time to decide whether to move them back to your machine (perhaps into a dedicated project folders, representing what you'd hoped these things would end up becoming[6]) or keep it on the stick as a "Just In Case", but effectively you know you don't need them cluttering your drive again.
And then you're browsing again. (Oh, getting your Windows Updates sorted is also a high priority, but if you're only going to AV sites or using their software to contact their update servers, it doesn't matter massively which order you do this[7], as long as it's before the more indiscriminate browsing.) And with a system you're sure doesn't have "Disable the alert about inactive/out-od-date antivirus" switch not switched in the registry, or all those little tricks that some bits of malware try and use.
And it'll all be a learning process.
I admit, though, that it's not a walk in the park. Especially if you no longer have the install discs for some software you used to use, but that's
usually because you were lent them (whether or not they were even legit in the first place, but I won't go there). However, make sure you've got any actual registration numbers that you might need again for the (frexample) Trial version of MS Office <whateveveryear> to become the proper version of MS Office, if that's part of the laptop setup. Copy your Favourites/Bookmarks/whatever for your browser(s), export your email (if you're not using webmail but an actual client), make sure you haven't had your website passwords saved for many months and thus forgotten what they actually
are... All those little things you need to know (or at least have noted down) to get back to what where you are now. Only cleaner.
Or,
do get Malwarebyes (and if it it refuses to update, check what the error message means, in case you're being proxied or it's otherwise being manipulated by your on-again-off-again malware), and/or use HiJackThis/whatever on top of your existing active protection. Hunt down your threat. In Safe Mode [With Networking], ideally, if that's an option for you and your system. But absence of evidence not being evidence of absence, I still think you should go for a full-factory-restore. (I could, at this point, invoke the quote from Alien, but I've no idea if you're of an age to appreciate it, or actually more my age and consider it clichéd... Though I suspect the former is more likely, given the situation described...
)
TL;DR; Doing a factory-reset is good for blowing the cobwebs away, but needs a lot of effort. If you you still have a virus sitting around, though, it's a pretty sure way of resolving that, as opposed to never quite knowing.
[1] Essentially "My Documents"/"Documents" stuff, and all that jazz, but you know if there's anything else, I'm sure...
[2] Laptop, didn't you say? Usually there's a factory restore process with a hidden partition. Unless it's one of those that you got some free writable CDs/DVDs with it, only to find that it expects you to use them to make your own discs. (YeahIknow...)
[3] s/winter/summer if you're an upside-down person...
[4] I'm going to assume that you've not got a factory-restore repository as easy to infect as System Restore Points are...
[5] Apple products excepted, perhaps, because I've a feeling you need a snazzy intermediary for DRMable media on them. BICBW, or it might not be relevant to your use
[6] I find it's useful to append the date to the name of such folders. Update it whenever you actually
do something with it. Good for seeing what you haven't worked on for a while and thus either
should, or should re-archive elsewhere. My trouble being that I have many grand plans (including one of organisation), and not necessarily the commitments to fulfill so many of them (or, indeed, keep everything organised from the start!).
[7] The exception being if another machine in your local network (e.g. your Dad's) is not only infected, but actively probing similarly attached machines for the back-doors... Not something I see a lot of, these, days, but perhaps a good idea to get your machines various MS updates pretty sharpish, regardless.
Author
Topic: Sigh... My dad and viruses. (Read 8636 times)