I have found many helpful solutions on this site, but this is my first post. so forgive me if im posting in the wrong section.


I'm a tech by profession and work mostly on virus/spywar. Normally that's no problem i can use various tools and edit them out of the registry no problem. however, yesterday i had an HP Pavilion a518x come in that was beyond my control. to the point even in safe mode with 512mb of ram it took ten minutes to get into the log in screen. that's fine i waited it out and plugged in my thumbdrive with a-squared2, avg antispy, and Analyze This on it. they all installed but i decided to run the Analyze This before the scans. i checked off 68 very obvious things that shouldn't be present and clicked fix. no luck, after 5 seconds i got an error from Analyze this not even "windows" and the program shut down. so i restarted and ran the other programs i had installed, got rid of a few thousand problems that way, but not enough. off the top of my head i know there was WINDOWS ANTIVIRUS 2006, WINDOWS ANTIVIRUS 2007, WINDOWS ANTISPYWARE 2007, ERROR CHECK, ROGUE SUSPECT(three diffrent downloads of smitfraud, that i have used on other machines would not run), STARWARE, and the fake windows security alert/notifier. many, many more to.

still after running those programs with system restore off i could not get into a regular log in and safe mode still took an eternity and wouldn't even let me into the administrator profile. there was no password it just shut down. so, as i normally do i ran a dell system C.D (the user didnt have his discs) on it and did a repair. i was prepaired to have to reactivate windows etc afterwords. now, it gets me to the regular log in page and when i click to log in sure enough i need to activate before i log in. ok, great except when you click yes to register the computer restarts itself. i have tried this numerous times with the same result. and you cannot register in safe mode.

so my question is "now what?" the customer has numerous costly programs.. word, quicken, picasa, photoshop and more and no disks. so a reformat is a definite last resort, even if i saved all of his data and found all of his outlook, quicken etc he would have to go out and buy all new disks or risk getting himself infected agian by trying to pirate them. which he proved he is not capable of. any help would be GREATLY appreciated.


reposted in virus/spyware forum, my bad

Wow, thats one hell of an infected system.

As a person interested in becoming a technician, does this kind of sever case happen often?

It's prolly time to recognise that the system was given to you more-or-less beyond hope of recovery. Then the Dell recovery trick, the activation issues and so on only serve to muddy the already murky waters.

You could always slave the HDD and look arond on it in another PC for clusters of DLL/SYS/EXE/DAT files with strange names that appear with the same date and time of creation from around when infection might first have started. I posted a full methodology on this on around 25-Aug in the Spyware section. I guess you'll find the lurkers that way.

This seems to be a definite reformat. Even at my rate, the time spent to repair this machine would cost as much as new Dell.
If he doesn't have install disks, he almost certainly "borrowed" all his "costly" software.
I'd even be uncertain about saving the data, as it may contain the infection.
Copy the data, reformat and reinstall and let him know the data may be infected. A good scan should be run before installing the data.
I've had to give up on a few machines due to time/cost restraints, and it may be the best answer in many cases.

Well said, though poor old Tabby8 is in the unenviable position of having to face the customer!

thanks for all the responses so far! normally when i get a computer that badly infected i'm able to go around in the registry and tweak it enough to be able and do a repair to continue on. if i had an hp c.d or an actual XP cd instead of just dell i probably would have been alright since i wouldnt have had to reactivate. but you do what you can right?

i saved his ended up having no choice but a reformat and saving the system files. even doing that i had to continue the cleaning afterwords but not to nearly the same extent.

i honestly don't think this guy was bright enough to find working versions of the programs he had to steal them. it takes a truly "special" person to be able to get THAT infected before realizing there was an issue or maybe that you should get your machine fixed. even in safe mode disconnected from the internet he had three diffrent security alerts going down in the corner and constant pop ups from games, spyware programs, you name it.

in response to Omni, in the last year i've only worked on hmm under 20 computers that were this badly infected, most of them can be fixed with a few scans and a little common sense. i'm sure the amount you get depends on where you live tho, i live in Hawaii and am one of 3 techs on the island so i get quiet a few from my small customer group.


dealing with the customer wasn't so bad because i explained what i did and what i could have done along with the charges for both. showing him he wouldve bought a brand new top of the line computer for the amount of hours it would've taken me to clean it. normally when a customer comes in they're just dumbstruck that a woman is going to fix their computer.


so no one knows anyway to get around activating huh? i know you get 30 days but what about when you dont have the ability to activate it? wont let you log in, no internet, etc?

There's a phone number you can call. Fairly painless.

I'm hot footing it to Hawaii, with my system disks an' all!

As a professional, you should really have a set of disks for repair.

On the activation question, nobody here is gonna give you any advice on how to break Microsoft's rights. Your customer could contact Microsoft using the sticker that's on his machine and see what they say. But I reckon the customer is gonna have to buy a copy of Windows. You could have this in your terms & conditions as a last resort measure 'cos you wouldn't want Microsofty coming down on you.

Good luck and see ya there!

I too, find it strange that one of 3 tech's on the island doesn't have his /her own winxp cd install disks. I'am a backyard computer fixer and i have copies of legit xp pro and home,for just the problem you are having .