Larz said:
My mother has a compaq destop MS-Windows based PC that
is maybe 4 years old and has Vista or some such for an OS.
Everything was fine, but the free antivirus I had on there
seemed to stop working and it appeared she had a virus
because when she tried to sign into AOL mail it didn't look
right and the clock went back to 2007.
I installed norton antivirus which removed 3 viruses and a
bunch of spyware. I packed the thing up and brought it back
over to her house, but when I set it back up the mouse no
longer worked. Any old USB mouse doesn't work either.
I opened up device manager and there is no category even listed for
mouse drivers or any such thing. What should I do ?
In terms of tools you can use, if the computer wasn't crippled,
you'd try MBAM first.
If the computer is unusable, but the file system is still mountable,
you'd use Kaspersky offline scanner. Bitdefender may have made one like
this as well. At one time, F-secure made one, I used to use it, but
it never seemed to detect anything (never any hiccups). At least
Kaspersky pretends to find stuff, like adware in one package I downloaded.
So Kaspersky gives the impression it's actually scanning. I've had
other packages (Trend Micro online scan???), where the tool appeared
hopelessly confused, and getting no traction at all. Some scanners
are so bad, all they do is throw up error dialogs - even when the
system isn't compromised.
This is a 237MB download. You prepare a CD by using a burning program
like Nero or the free Imgburn. Imgburn knows how to convert an ISO9660
file, into a bootable CD. Then, you tick the boxes in this tool,
to have it scan the partitions and report what it finds.
http://support.kaspersky.com/viruses/rescuedisk/main?qid=208286083
Kaspersky also has the odd little gem, like this one for a particular
rootkit. But we don't know you've got this. Rootkits are good at
hiding themselves, so that you can't "see" the installed files they use.
http://support.kaspersky.com/viruses/solutions?qid=208283363
Rootkit scanning is sometimes combined into AV products, so you
don't necessarily have to run one of these separately.
http://en.wikipedia.org/wiki/GMER
*******
It would be fun, to try a few tricks to get the mouse back,
but my guess is, you're still infected, and any attempt to
fix it, is only going to be resisted by the infection.
If this was a working machine, and the mouse was USB, you
could try blowing away the USB stack with "devcon".
http://www.robvanderwoude.com/devcon.php
You change the file type to .bat, to run this. It uses the
devcon download, to do the equivalent of some Device Manager
operations. So all of this can be done directly in Device
Manager, but generally has to be done in a particular order
(or you might lose keyboard and mouse before you're finished).
http://www.robvanderwoude.com/files/renewusb_2k.txt
Now, normally, this would allow the hardware to be detected
all over again. But we don't know what has disabled the mouse,
and whatever it was, could do it again.
On one of my older OSes, you'd remove everything below the
ENUM registry key, and then the OS would rediscover all the
hardware. The devcon method is a bit more civilized.
Older OSes allowed you to define a "new profile", which showed
up at boot time. The purpose of that, was to support
"docked" laptops, which had differing hardware configurations.
Doing a "new profile", was one way to have the hardware
detected all over again. My Win2K install has four profiles
in it for example. And they show up during the boot process,
in a black window with a menu. That is the equivalent of
deleting the ENUM tree.
*******
If you taught mom how to do full system backups, then her
bacon is saved.
*******
The Compaq should have a "nuclear" restore option, and that
will return the computer to factory condition. *Don't* do that,
unless you copy important data files off the machine first.
Computers in the present day, have less "nuclear" restoration
options, but the older computer would just trash everything
(pictures of the kids, email, address book, bookmarks). Which is
why, when you own a pre-built computer, you really need a full
backup strategy.
If you're back home again with the computer, you can pull
mom's hard drive, plug it into your computer, and
copy the important files from it that way. Your AV should be
pre-armed to scan the hard drive, when it shows up.
But if I had a drive like that, I'd probably want a Linux LiveCD,
and then unplug anything else until I'd had a look. I'm not
really fond of the latest versions of distros like Ubuntu,
but you can still find older versions. These run from the CD
while you're working. System RAM is used for temporary storage.
You can copy files while using this.
http://www.oldapps.com/linux/ubuntu.php
These are from my collection of Ubuntu CD images. The string on
the left, is the MD5sum of the downloaded file. The ones marked
with arrows, might be easier to use and understand, for file copying.
I've included file sizes as well, just for fun.
d2334dbba7313e9abc8c7c072d2af09c *ubuntu-7.10-desktop-i386.iso
66fa77789c7b8ff63130e5d5a272d67b *ubuntu-9.04-desktop-i386.iso
8790491bfa9d00f283ed9dd2d77b3906 *ubuntu-9.10-desktop-i386.iso
d044a2a0c8103fc3e5b7e18b0f7de1c8 *ubuntu-10.04-desktop-i386.iso <---
59d15a16ce90c8ee97fa7c211b7673a8 *ubuntu-10.10-desktop-i386.iso <---
8b1085bed498b82ef1485ef19074c281 *ubuntu-11.04-desktop-i386.iso
c396dd0f97bd122691bdb92d7e68fde5 *ubuntu-11.10-desktop-i386.iso
d791352694374f1c478779f7f4447a3f *ubuntu-12.04-desktop-i386.iso
11/03/2007 07:19 AM 729,608,192 ubuntu-7.10-desktop-i386.iso
06/29/2009 10:20 PM 732,909,568 ubuntu-9.04-desktop-i386.iso
11/21/2009 06:39 AM 723,488,768 ubuntu-9.10-desktop-i386.iso
06/16/2010 08:45 PM 733,419,520 ubuntu-10.04-desktop-i386.iso <---
10/29/2010 12:43 AM 726,827,008 ubuntu-10.10-desktop-i386.iso <---
06/15/2011 12:08 AM 718,583,808 ubuntu-11.04-desktop-i386.iso
10/29/2011 09:26 AM 729,067,520 ubuntu-11.10-desktop-i386.iso
04/27/2012 12:29 PM 735,358,976 ubuntu-12.04-desktop-i386.iso
If you can't find a copy of MD5sum, then the Microsoft fciv
program can be used. If you get the same value I got, then
you know your download matches mine (which I got from ubuntu.com
at the time).
http://www.microsoft.com/en-us/download/details.aspx?id=11533
When that CD is booted and running, the partitions (the source
partition, the destination partition), should be in the Places
menu. You click on each partition, to mount them. The opened file
window, is where you do the copying. When you're finished, select
shutdown from the menu in the extreme upper-right (looks like
a power button of sorts). The shutdown menu, should cause the
partitions to be unmounted first. Or, you can right click on each
disk icon that appears on the left, and unmount it yourself.
Don't just turn off the computer power, that would be bad.
http://www.wizardjournal.com/wp-content/uploads/2011/02/ubuntu-10-10-operating-system.jpg
*******
In terms of backup tools, there are better things now than we had
in the past. You could use a copy of Macrium Reflect, and the purchase
of an external USB hard drive, as a start at keeping the computer
backed up. Tools like Macrium will insist you make a recovery CD,
and that's what you boot the computer with, when it is time to copy
the contents of the external drive, back to the internal drive.
A backup is for when you've given up on ever repairing it. So
that would be a plan for the future, after this mess is cleaned up.
Paul
