Laptop – Virus Removal (‘Win 7 Total Security’)

I’m putting a fair bit of time and effort in to advertising now. I’ve been posting leaflets through doors (takes me back to when I helped a friend do his paper round) and I’ve also just signed an agreement to advertise in “What’s On Magazine” (www.whatsonmagazine.net), which is dished out up at Xscape. That’s costing me about £95 (exc VAT) for 3 months, so it’ll be interesting to see if it’s worth while.

All that considered it’s VERY nice when someone find their way to this webpage just from google, after all that’s one of the reasons I set it up. And that’s exactly what happened with this job.

I was called about a laptop, located in Pontefract, that was showing all the signs of the “Windows 7 – Total Security” virus. Having a free evening that night I thought I’d head there straight after work (I work a full time job and do computer repair usually in evenings/weekends), which means straight from an 11 mile bike ride. 

In future I need to make a point of going home first, freshening up and getting changed, I was not looking my most professional.

Anyway, I arrived and had a look at the laptop, it definitely wasn’t well. The virus launched itself immediately on start-up and refused to let any other programs run. Very, very similar to the desktop I looked at a couple of days ago. Checking running processes didn’t reveal anything overly suspicious, and the virus had blocked access to regedit and msconfig. It also associated the running of .exe files with itself, so when they were launched it would just pop up a window saying the file was corrupt.

Booting in to safe-mode (or at least Safe Mode with Networking) and things were little better, the virus launched here too. Very crafty. I logged on as a seperate admin account in “Safe-Mode with Command Prompt”. At last, some success. From here I was able to launch Msconfig and remove all dubious items from startup and stop all non-essential services from running. I cleaned up the PC quickly with Malwarebytes at this point too.

After booting windows back up again and logging on as the main user all seemed well… until I tried to run something. Executable files were now unassociated and it was asking what program to use to open them. Regedit was also still disabled, as was MSConfig. At this point I could have edited the registry and restored the .exe association and removed the msconfig/regedit issue, but I couldn’t be sure nothing else had been changed that I hadn’t spotted. As a safety measure I created a new account. This time I set the user up with “Standard” permissions, instead of administrator permissions. The advantage to this is (by and large) if the user gets infected by a virus whilst browsing the internet the virus doesn’t have full reign to do whatever it likes. If it attempts any admin-like activities then the user will be asked for the administrator account details, alerting them that something is wrong.

When I’d set up the new user account I copied over all the documents/settings/music from the old account, and removed it (keeping a backup of the files, just in case). To keep things ticking over nicely I installed AVG and Google Chrome to make browsing the internet a little safer. Why Google Chrome instead of Firefox? It’s just a personal preference really, both are about as secure but I find Firefox to be a little bit of a memory hog.

Finally I gave the machine a reboot and all is well.

My Fee: £20
Parts: £0

Total: £20

Why £20 instead of £15 when the previous desktop job was pretty much identical? The travel to Pontefract. With the previous job I was already over in York, this time a drive specifically to Ponty was in order. I’d prefer to have just asked for £15 but after travel, Tax and National Insurance I don’t really see a lot, and I have to eat.

Leave a Comment