You know that old saying… “I thought I’d seen everything”
As any computer repairer/technician will attest, computer users and what they can manage to do to their machines never ceases to amaze. I’ve come across some pretty strange happenings in my time, real head scratchers, so far out of left field that the words “how on earth did you manage to do that” are out of your mouth before you even realize it.
My previous record for numbers of infections detected on a single machine was a tad under 4000. A large number, yes, but little did I know…
So, I’m lounging back in my recliner at home watching nothing in particular on the idiot box when a knock at the front door arouses me from a mid morning stupor. There stands a tall indigenous man, roughly my own age (old), with a laptop tucked under his arm. I knew the face from our local watering hole but the name escaped me. Turns out I was recommended by a mutual acquaintance and the laptop belongs to his wife. I invite him in and we settle at the breakfast bar, laptop plugged in and ready to go.
He informs me that his wife is going through severe withdrawals, seems she is unable to connect through her Facebook app. I am inwardly dumbfounded that anyone could get their knickers in such a knot over Facebook while outwardly suitably sympathetic. Sure enough, clicking the Facebook app’s tile/shortcut does nothing. I’ve been working with the machine for only about 30 seconds or so before I recognize that this thing is seriously infected. “You’ll have to leave it with me” says I, “I’ll need to run scans and see what we are up against”.
So to work. One of the first things I had noticed was a McAfee antivirus icon sitting in the system tray. A quick check confirmed my worst fears, the trial period had long expired. I check Windows Defender and not only is it still switched off but also inaccessible, so these people have been running an unprotected system for goodness knows how long. The operating system is Windows 8 so I’m guessing at least 3 years. This is one of the things I hate about manufacturer’s and their damned trial antivirus software.
To compound the issue, I go to Windows Update only to discover that the system has never been updated in its life, not a single security patch has been installed. Oh my! In fact, Windows Update tells me that I don’t have permission to apply updates even though I am logged on via an administrator account. I soon discover that Internet Explorer is also broken, along with most other functions. So I download Malwarebytes Anti-Malware on my own machine and install it on the laptop’s broken system via USB flash drive.
A full scan and around 40 minutes later the horrible truth is revealed… 9008 infections flagged. Never in my wildest dreams did I anticipate anywhere near that monumental number, I am amazed the system is working at all. Admittedly, the vast majority were PUPs (or grayware) along with a handful of truly malicious items but even PUPs/grayware in that sort of quantity are going to cause significant harm. So Malwarebytes quarantines all the suspect items but the damage to system files has already been done and I’m getting nowhere fast.
At this stage I am thinking clean install. However, before I go through the laborious process of downloading an ISO, identifying the license key (there is no sticker on the laptop with a product key number), and re-installing, I decide to try a few simpler possibilities:
I try running sfc /scannow via elevated command prompt but it won’t run at all. Next I try running the Dism /Online /Cleanup-Image /RestoreHealth command but it just keeps throwing up error messages as well. Long story short, after the Acer recovery software failed, and the keyboard shortcut to restore to factory settings failed too, I was fast running out of options. I had one last straw to clutch, the Windows 8 Reset feature. Considering the damage to the system, with many more functions broken than working, I was not exactly brimming with confidence. To my surprise, and relief, the Reset function appeared to be working okay. Just over an hour later and it was confirmed, I am now looking at a brand new Windows 8, all fully functional and in good working order. A quick run through sfc /scannow to double check reveals that all is indeed good.
I was very fortunate with this laptop, the female owner did not have any third party programs installed at all, seems all she uses the machine for is connecting to Facebook and emailing via Gmail. So the Reset didn’t really change anything except undo all the damage and restore the system to good working order. With Windows Update now fully operational, I install the myriad of outstanding updates. Next I upgrade the system to Windows 8.1, and finally to Windows 10 – as per agreement with the client following a quick telephone call.
Overall it took me 2 days, off and on, but I tell you truly, when I gave that laptop back to its owner it was really flying. Minus all the manufacturer’s bloatware, probably even better than when brand new.
Can anyone beat 9008 infections on a single PC? If not, I’m claiming a record. 🙂
I had 5,939 on a computer I was repairing this weekend. This was the highest number I have ever seen in years. You win hands down with your number. I can’t even imagine that many on a system.
Well done Jim,
O O O
O O
Five rings and a medal for the winner in the Olympic Computer Fix Games.
Jonno….;-)
highest I’ve had with a computer in the same situation as yours, was in the mid 5000s… she wins hands down from me (and wow… that was astounding!)
should of just wiped, it, if it had win8 the product key is in the bios, u can download the iso with mediacreationtool provided by MS and it will reinstall the OS without asking for the key and be activated once online
What do think a Reset does genius?
1) The PC boots into the Windows Recovery Environment (Windows RE).
2) Windows RE erases and formats the hard drive partitions on which Windows and personal data reside.
3) Windows RE installs a fresh copy of Windows.
4) The PC restarts into the newly installed copy of Windows.
And you don’t have to download or activate anything.
10084 of malware and also an actual virus Poweliks
WOW! Okay Todd, you are officially the new current record holder. 🙂
Never had one with that many infections, but I had a persons’ laptop with 2G of temp files. She couldn’t understand why it was running slowly. I install CCleaner on all my customers PC’s now and have it run at startup. Thanks for the great article, Jim.
Found 19617 with Malwarebytes had to take a screen shot because I figure no one would believe me. Ended up trying combofix and reinstalling windows just to be safe
Well, my niece managed to get 18 pieces of malware/adware installed in less than 1 day on her new laptop.
I worked on one PC that had 65,000+ user temp files that shut down WinXP.
Amazing stuff guys. Thanks for your input.
I shakes me head in wonder.
Thank goodness for Macrium Reflect and the latest Windows PE. When their are that many infections, I try for a reinstall. After cleaning and or reinstalling someone’s PC, I always show people how to use Macrium. It has saved my own bacon several times. I even used it back in August going from Windows 10 back to Windows 8.1 until the last November update.
My very first computer, Windows Vista Pro, 500 GB. Shortly after buying the PC, I logged in one day and my Firefox browser was basically telling me to scan my computer. I had uninstalled Norton and replaced it with AVG free edition. My scan revealed 25,000 infections. Long story short….it also eventually revealed a untrustworthy boyfriend who claimed the computer infected itself. I had my parentals set to make porn sites difficult to surf. He, using Internet Explorer managed to find an alternate browser (I can’t remember the name) that is malware in itself, that will ignore all parental and security settings and took him to every porn site ever created on the internet. I had to go through a whole bunch of stress and crap from the Microsoft support as Windows Vista doesn’t offer the disk, and my warranty was still good. I had no clue that all the porn site were neatly stored in Hosts file which I could never access but I’m certain the support tech saw them all when he remotely entered my PC. Anyway, after receiving the correct software in the mail, I had to restore my corrupt PC to factory settings four times before it would work properly. Who do you think hold that world record now?