Need Geek help, please

[skymama 37]

Yesterday, my nephew used my work computer (my Dad let him!) and he installed 19 questionable programs from gaming sites, 2 trojan horses, 2 viruses and 4 adware programs. I've spent all morning cleaning things up, but there are things I can't seem to get rid.

(I have already removed everything that was new and seemed suspicious in the "add and remove" programs. I've run AVG and Malwarebytes and restarted multiple times. I have Windows XP.)

1. In Firefox, when I open a new search tab I see "Delta Search" on the tab. When I go to the "add-ons" list, I don't see it listed to where I can disable it.

2. In IE, there's a new search toolbar by "mysearchresults.com". I've removed it numerous times in the add-ons list, but it comes back every time I reopen IE.

3. In IE, in the toolbars and extensions list, the option to disable "DefaultTab Browser Helper" by Search Results, LLC isn't available. It's located in C:\Documents and Settings\user\Application Data\DefaultTab, but my access is denied when I try to delete it.

Any suggestions as to how to get rid of these? Thanks if you can help!

She is Da Man, and you better not mess with Da Man,
because she will lay some keepdown on you faster than, well, really fast. ~Billvon

[theonlyski 8]

I'd love to help, but I'm not a geek.

Oh wait....

FIRST OFF, DO NOT PLUG IT INTO YOUR WORK NETWORK!!!

Let's get the easy ones first. In Firefox, it's probably a browser home page hijack. Usually configurable in your FF settings. (Firefox>Options>Options)

ETA:oops, forgot no inline attachments in BF.

Change it to whatever you want, close the browser and re-open it, see if it stayed set to what you wanted.

"I may be a dirty pirate hooker...but I'm not about to go stand on the corner." iluvtofly
DPH -7, TDS 578, Muff 5153, SCR 14890
I'm an asshole, and I approve this message

[theonlyski 8]

2: Sounds like you might have a deeper bug in your IE. I'll PM you info on how we can work this one out. I don't want to put it out on the forums cause you can _really_ screw up a computer using the tool the wrong way.

"I may be a dirty pirate hooker...but I'm not about to go stand on the corner." iluvtofly
DPH -7, TDS 578, Muff 5153, SCR 14890
I'm an asshole, and I approve this message

[theonlyski 8]

3: When we get number 2 situated, you should be able to remove it, then delete the folder (you'll have to take ownership of the folder most likely, then delete it... not difficult though).

"I may be a dirty pirate hooker...but I'm not about to go stand on the corner." iluvtofly
DPH -7, TDS 578, Muff 5153, SCR 14890
I'm an asshole, and I approve this message

[skymama 37]

I was able to reset my home page already, so that is fine. This Delta search comes up when I click on the (+) tab to open a new page and it says "Delta Search-Mozilla Firefox" at the top of the page.

She is Da Man, and you better not mess with Da Man,
because she will lay some keepdown on you faster than, well, really fast. ~Billvon

[theonlyski 8]

Ah, okay...

In your address bar, put in "about:config" (no quotes). There is probably going to be some warning saying you have to promise to not break anything. Once you agree to that, look for something along the lines of "browser.newtabpage.enabled".

If it's set to true and you don't want any page (just a blank page) to show up, disable it.

If you want to change it, look for "browser.newtab.url" and I bet it's probably the crap site that's redirecting you. Change it to whatever you want. I would delete the entry either way and set it to about:blank.

"I may be a dirty pirate hooker...but I'm not about to go stand on the corner." iluvtofly
DPH -7, TDS 578, Muff 5153, SCR 14890
I'm an asshole, and I approve this message

[skymama 37]

Quote

If you want to change it, look for "browser.newtab.url" and I bet it's probably the crap site that's redirecting you.

That worked! You're doing great so far, Smarty!

She is Da Man, and you better not mess with Da Man,
because she will lay some keepdown on you faster than, well, really fast. ~Billvon

[yoink 321]

skymama

Yesterday, my nephew used my work computer (my Dad let him!) and he installed 19 questionable programs from gaming sites, 2 trojan horses, 2 viruses and 4 adware programs.

sorry, but ! Teach that kid some basic internet best practice, stat!

I'm sure others here will help you remove the remaining bits and pieces - they don't sound too world-ending!

For the future, what I often recommend to friends with young family members is to give them their own non-admin profile on your computer just in case they ever want to use it (even if you think they never will!)- that way you can limit the access they have and the damage they can cause, while also having the conversation about 'this is a work computer so I'm trusting you with a login.. OK?'

[normiss 891]

You need a geeky boyfriend.



Who doesn't sleep all day.

[theonlyski 8]

Well hell man, now she knows you're awake.

Sucker.

"I may be a dirty pirate hooker...but I'm not about to go stand on the corner." iluvtofly
DPH -7, TDS 578, Muff 5153, SCR 14890
I'm an asshole, and I approve this message

[wmw999 2,583]

My solution to getting my son more aware when he was young was to make him do the calling when a shared password was compromised. He's more paranoid than I am now.

I'd have your son doing all this... Maybe with your father there to "help" him. They'll never touch your computer again!

Wendy P.

There is nothing more dangerous than breaking a basic safety rule and getting away with it. It removes fear of the consequences and builds false confidence. (tbrown)

[NewGuy2005 53]

Password protect your work computer and NEVER let a kid touch it.

I learned that the hard way.

[skymama 37]

Quote

Password protect your work computer and NEVER let a kid touch it.

I'm not allowed to. I work for my Dad at his house and he wants the grandkids to be able to use the computer when they visit. I keep telling him to get a computer just for the kids. Maybe he will this time now that I've lost an entire day of productivity having to mess with this.

She is Da Man, and you better not mess with Da Man,
because she will lay some keepdown on you faster than, well, really fast. ~Billvon

[skymama 37]

And just for the record, I think Robert has managed to fix the issues. I take back all the bad things I've said about him.

Seriously, I appreciate the help. He's all right!

She is Da Man, and you better not mess with Da Man,
because she will lay some keepdown on you faster than, well, really fast. ~Billvon

[Southern_Man 0]

skymama

Quote

Password protect your work computer and NEVER let a kid touch it.

I'm not allowed to. I work for my Dad at his house and he wants the grandkids to be able to use the computer when they visit. I keep telling him to get a computer just for the kids. Maybe he will this time now that I've lost an entire day of productivity having to mess with this.

Seriously, give them a non-administrator account that they can use. Much, much better even if it doesn't solve all problems.

"What if there were no hypothetical questions?"

[theonlyski 8]

skymama

Quote

Password protect your work computer and NEVER let a kid touch it.

I'm not allowed to. I work for my Dad at his house and he wants the grandkids to be able to use the computer when they visit. I keep telling him to get a computer just for the kids. Maybe he will this time now that I've lost an entire day of productivity having to mess with this.

I've been doing this crap long enough that I've ended up with a small collection of laptops. Whenever ANYONE needs to use 'my' computer, I let them use one of them. Much easier than trying to unscrew my main computer every time.

skymama

And just for the record, I think Robert has managed to fix the issues. I take back all the bad things I've said about him.

Seriously, I appreciate the help. He's all right!

I'm sure many of them were true anyways.


For what it's worth: I didn't fix anything, you did. I just told ya how to.

"I may be a dirty pirate hooker...but I'm not about to go stand on the corner." iluvtofly
DPH -7, TDS 578, Muff 5153, SCR 14890
I'm an asshole, and I approve this message

[normiss 891]

Dad still has the old laptops....

[skymama 37]

I think they are SO old, no one will use them.

She is Da Man, and you better not mess with Da Man,
because she will lay some keepdown on you faster than, well, really fast. ~Billvon

[Andy9o8 2]

Quote

I've spent all morning cleaning things up, but there are things I can't seem to get rid.

Get rid of the nephew.

[ChrisD 0]

Portable hard drive, and if you have spent more than a coulple of hours on something, another portable hard drive.

If you have solved your problems, then I am happy for you, many don't after this kind of organized attack from the North Koreans,...

Err,...sombody tell Trevor and Tara to take it easy with the definition of two fingers,...

Anyways: (lecture coming fair warning,...)

They frequently leave stuff behind, not always malware, but stuff designed to make it easy for "them" to reinstal their products and to spy on you, etc,... If this is a recurring issue I reccommend reformat >>>> clean install.
This is not what most people want to hear! Due to the amount of time it takes. These types of programs leave huge amounts of stuff on the drive, stuff that sometimes gets called, stuff that just sits there,...

I can't stress multiple backups enough, the systems I used to be involved with frequently break down and the data is unrecovorable. Due to hard drive physical failures.

Good luck,...
C

But what do I know, "I only have one tandem jump."

[skymama 37]

Quote

Portable hard drive, and if you have spent more than a coulple of hours on something, another portable hard drive.

We have a server and it's backed up on Carbonite also. Think that's enough?

She is Da Man, and you better not mess with Da Man,
because she will lay some keepdown on you faster than, well, really fast. ~Billvon

[Remster 30]

skymama

Quote

Portable hard drive, and if you have spent more than a coulple of hours on something, another portable hard drive.

We have a server and it's backed up on Carbonite also. Think that's enough?

What's a server?

Remster

[Machupo 0]

skymama

Quote

Portable hard drive, and if you have spent more than a coulple of hours on something, another portable hard drive.

We have a server and it's backed up on Carbonite also. Think that's enough?

If you've got space on the server, might be useful to image your local machine to it (Acronis or some other software if you have server-specific stuff) so you can just go scorched earth and restore from the image when this happens again :)

γνῶθι σεαυτόν

[wmw999 2,583]

Quote

What's a server?

Last time I went out to eat, Chris was our server

Wendy P.

There is nothing more dangerous than breaking a basic safety rule and getting away with it. It removes fear of the consequences and builds false confidence. (tbrown)

[theonlyski 8]

Remster

***

Quote

Portable hard drive, and if you have spent more than a coulple of hours on something, another portable hard drive.

We have a server and it's backed up on Carbonite also. Think that's enough?

What's a server?

http://dilbert.com/strips/comic/2001-10-13/

Sadly reminds me of one of my higher ups.

"I may be a dirty pirate hooker...but I'm not about to go stand on the corner." iluvtofly
DPH -7, TDS 578, Muff 5153, SCR 14890
I'm an asshole, and I approve this message