Laptop – Virus Removal

My first paying customer since setting up this website, hurrah! Thank you! Now, the problem. Laptop infected with a virus which has (for some strange reason) deleted all of the user’s desktop icons AND their start-menu items. It’s a bit of an odd one. It’s also messed around with Internet Explorer a bit and is preventing net access.

A quick look in msconfig shows up some pretty obvious culprits. When they have filenames like quhsdf.exe it’s fairly clear they’ve been generated and are up to no good. A reboot to Safe Mode command prompt, deleting these files and getting rid of the start up registry entries sorts out the main problem but it doesn’t get the desktop icons or start menu back.

System Restore usually does the trick in these circumstances but it’s just reporting back an error, so that idea is out the window. More investigation is required! After a bit of scrutiny it seems the virus HASN’T deleted all of the users start menu files, it’s just hidden them. No idea why but it’s good news, i’ll just unhide them. Now to check it hasn’t done anything else untoward.

It has.

After logging on to my own wireless network and trying to download Malwarebytes I’m getting a dodgy redirection error. It seems the virus has blocked certain websites, or at least redirected them to websites that look vaguely similar but offer up malware. Very sly. To get around it I’ve downloaded malwarebytes on my desktop and copied the file over to the laptop.

Whilst running Malwarebytes I’ll check how everything else is looking. Firefox is configured to use a proxy on 127.0.0.1 (local) preventing access to the net, changing this allows it to connect but it suffers much the same redirection fate as Internet Explorer.

By this point Malwarebytes has finished running and found 42 nasty infections, including a number of root kits, best get rid of them! Excellent, Internet Explorer and Firefox now appear to be running as they should, but something is still blocking windows from checking for updates and Malwarebytes from updating. A quick reset of the Lan settings in Internet Explorer and a restart and all seems good.

One final run with an updated version of malwarebytes and the system is clean. Now to remove the non-functioning install of Norton and put on AVG instead. That just about wraps this laptop up. That is until I run AVG and it picks up a couple of more threats… crcdisk.sys is infected, a rather essential windows file and AVG refuses to clean it for this very reason. A quick solution in situations like this is to take a clean copy from the driver file repository and replace the busted one. That seems to have done the trick, one final scan to make sure everything is clean and….

Success! All sorted.

Parts: £0
My fee: £15

Total: £15

Leave a Comment