Creeping Death

I gave The Swede a ride home last night after I halfway finished a project that was given to me 40 minutes before quitting time. Had he given me the project on a Monday or on a day that I had not promised to give someone a ride, I would have stayed to complete the job properly, but what I did sufficed. Poor planning on your part does not make it an emergency on my part. Anyhoo the swede thanked me and told me his wife had a gift for me. I told him it was not needed but I am sure those words will fall on deaf ears.

I got home and my wife informed me that the PC I was supposed to look at was in her van so I got it out for her and put it in my office. It was fend for yourself night with regards to food, so I opted for a roast beef Po' Boy from Kroger ($2.99 and it has almost a half pound of beef), a bag of Zap's Crawtator chips, and a AriZona blueberry green tea while I looked at the PC. My wife was going to work out and then to the store so I had 3 hours or so to get this done.

I turned the PC on and I swear I have never seen a 2.2 gig machine with 512 meg RAM run so slow (It took about 5-7 minutes to become stable enough to work on). I knew something was up, so I grabbed my USB stick with Adaware, Spybot, and Avira on it and started to work. I went to the process manager and found svchost taking 80-90% of the CPU power. As I was cleaning I found 10 instances of spyware/malware and two viruses. One of the viruses had turned off the anti-virus that was installed (actually, there were THREE AV's installed, none of them had been updated or were working at all). I removed all three AV proggies and installed Avira Anti-vir, cleaned about 1000 entries in the registry caused by AOL, ran every update that was required by windows, updated and ran Windows Defender and the malicious software removal tool from Microsoft. but before I could do that, I had to repair the TCP/IP stack...it was corrupted and was not allowing ANY TCP/IP traffic at all. MS does not allow the TCP/IP stack to be removed from XP since it is "a core component of the operating system" so I had to use the script that comes buried in the OS to repair it. One would think that this script would be included in the options to repair a network connection, but it is not. Instead you have two commands to run, then reboot:

netsh winsock reset log_file_name.txt
netsh int ip reset reset_log.txt

You have to put a name for a log file or the tool does nothing that I can see. You can call the file anything you wish.

I was very surprised that you could not remove the TCP/IP stack, but XP is "different".

The original complaint was that the family could dial-up to the internet (yes...dial-up) but could not get any web pages. The asked another guy from our church to look at it and he tried all kinds of things: Installed a new modem, tried another phone line, another ISP (AOL ... grrrrrrr) but failed to run a spyware check or a virus check. When he told me he could not get the PC to connect to his network (Fiber Optic from Verizon), I was sure it was a TCP/IP issue. The people called me up and I looked at it but it ran so slow that I could not get it to do much. They said the slowness was new and that she was sure she had a virus but a third guy who looked at her PC said there was no virus on the machine (I found two). The reason why he did not find a virus was that he used the AV tool installed on the machine which had already been disabled by the virus not to detect any. That is why I run a spyware check (ad-aware and spybot) THEN my AV from my USB stick.

This morning while I was getting a shower and reading my bible, I ran the last two scans (Windows Defender and the malicious software removal tool) and declared the machine clean. I cannot test dial-up (the original complaint) because I do not have a phone line, but Windoze and the modem are communicating and the machine's TCP/IP stack is repaired. The family should be happy because I did not have to re-roll the machine like I had originally thought. The virus was contained and the spyware removed.

I hope to give them back the PC tomorrow or Sunday. I still have at least 2 more machines to do (one re-roll to Windoze and a fresh install of Linux (Ubuntu), and the possibility of 1 more to set up and desk to assemble.