Today I had to troubleshoot a virus infection on Windows XP for a relative … the virus stopped any executable file from opening and also disabled Antivirus software, made changes to Automatic Updates, Firewall and proxy settings.
The first thing that I did was to run a virus scan using an Ubuntu Live CD as detailed here.
The scan cleaned some files but alas the infection remained.
So I downloaded the free version of Malware Bytes on another computer and copied it to a jump drive. Because the infected computer would not open .exe files I changed the file extension of the Malware Bytes setup file to .com by renaming it.
I had to open My Computer and then click Tools, Folder Options followed by the View tab and then un-check the Hide extensions for known file types check-box to be able to change the file extension:
With the Malware Bytes download renamed I could install it on the infected system.
I then had to change the file extension of mbam.exe located in C:\Program FIles\Malwarebytes’ Anti-Malware\ to mbam.com to run the software.
This helped deal with the infection quite well but the browsers had proxy settings that prevented them from connecting to the internet.
In Firefox 4.x I clicked Options, Advanced, Network [tab] then the Settings [button] followed by the No proxy radio button.
In Internet Explorer I clicked Tools, Internet Options, Connections [tab] then the LAN settings [button] followed by the Automatically detect settings check-box. I also unchecked the Use a proxy server for your LAN check-box.
The next issue to deal with was the Windows Security Center alerts for Windows Update and the Firewall – both of which were set to be monitored by the user.
Security Center told me that Automatic Updates are not yet configured for this computer and when I clicked on the button to enable them I was told We’re sorry. The security center could
not change your automatic updates settings.
I changed the settings through the Control Panel but the Security Center alert would not go away. I found the solution here – simply click Start and then Run and enter the following one at a time and then click OK. Wait for the confirmation before entering the next command:
This took care of the alerts for Automatic Updates – the next step was to re-enable the Windows Firewall.
To do this I clicked the Recommendations button under Firewall in the Security Center. I then unchecked the I have a firewall solution that I will monitor myself button and clicked the Enable now button for the Windows Firewall.
I also reinstalled AntiVirus software (which sadly was not enough to prevent the infection in the first place).