I had one client that keep complaining that his computer is very slow, plus it cannot access any Microsoft or anti-virus website. A quick search on the internet suggested that his computer has already been infected by a virus called Conficker, once a very serious virus in computer network, and of course still infecting numerous of computer around the world. My previous experience with Conficker virus seems to be a little bit different, with registry editor and folder option in Windows disabled by the virus. But it doesn’t seems to be the case for my client computer. Of course, ideally, formatting the computer will be the best solution, since the computer has been badly infected (I am pretty sure it is not only the conficker viruses inside), as the anti-virus software installed was disabled by the virus as well. But he insist that the computer is best not to get formatted, as it has some very important networking and printer sharing. So to make him happy, I try to solve the viruses instead of doing a clean install of Windows.
Problem met during recovering process
So, knowing his computer infected badly by viruses, he bought a new Kaspersky Internet Security 2010 license for me to do the installation. And guess what, the viruses in the computer stopped the installation, even in the safe mode. Same goes to the Panda Free Anti Virus. As well as Windows XP SP2 to SP3 upgrade. So without hesitate, I look for information on how to solve the problem encountered. I once used a tool called Combofix by sUBs to remove Conficker viruses previously, so definitely it is my first tool to use to remove all the viruses.
All went well with bunches of infected files and viruses removed by Combofix. The log generated by ComboFix surprises me. But what surprised me more is that the problem still not able to solve: KIS 2010 or Panda still unable to get installed. So I go on ahead to download Microsoft® Windows® Malicious Software Removal Tool and have the Windows updated with Microsoft Security Bulletin MS08-067, as per recommended by McAfee in removing Conficker viruses. Once again, everything just went pretty smooth, with the Microsoft Windows Malicious Software Removal Tool (weirdly) reported nothing found.
Eventually Panda AV installed, but there was still much problem lies in the Windows. Panda AV seems cannot be started, and I keep on getting some error related to ‘msnw32.dll’ (hope I didn’t remember wrongly). KIS 2010 still unable to launch the installer after the extraction, and I am kind of upset that none of them can be installed in safe mode. So I thought, ‘why not give Malwarebytes Anti-malware a shot, it might detect something else’. So I proceed by installing it and run it, and guess what, it captured quite a lot of malwares – including the problematic ‘msnw32.dll’ that I encountered.
After a final restart, no problem encountered so far, with KIS 2010 and SP3 upgrade all installed correctly and run pretty well. Though I am not sure whether there is still any hidden viruses/malware/adware in the computer, but at least the computer now run smoothly again and all the websites can be accessed again. And of course, my client is happy again. 😀
Below consists all the tools I used during the removal:
Combofix (Kind of risky to use this, but if there is no other choice (eg. format), you can always give it a go.
Microsoft Security Bulletin MS08-067 (Update)
Malwarebytes Anti-malware (might have nothing to do with Conficker though)
A very hard time trying to remove all the viruses from the computer. I am actually kind of surprise that there is still many computer user unaware of the risk having viruses installed in their computer, and some even doesn’t have any anti-virus software in the computer. If you wanted to use your computer for long term without formatting, anti-virus software plays a very important role in computer maintenance. So if you are affordable, go ahead and purchase a good anti-virus or internet security to safeguard your personal information, and improve your computer and internet experience. I would strongly recommended NOD32 ESET and Norton, or Kaspersky if for the cheaper price.