You know that old saying… “I thought I’d seen everything”
My previous record for numbers of infections detected on a single machine was a tad under 4000. A large number, yes, but little did I know…
So, I’m lounging back in my recliner at home watching nothing in particular on the idiot box when a knock at the front door arouses me from a mid morning stupor. There stands a tall indigenous man, roughly my own age (old), with a laptop tucked under his arm. I knew the face from our local watering hole but the name escaped me. Turns out I was recommended by a mutual acquaintance and the laptop belongs to his wife. I invite him in and we settle at the breakfast bar, laptop plugged in and ready to go.
He informs me that his wife is going through severe withdrawals, seems she is unable to connect through her Facebook app. I am inwardly dumbfounded that anyone could get their knickers in such a knot over Facebook while outwardly suitably sympathetic. Sure enough, clicking the Facebook app’s tile/shortcut does nothing. I’ve been working with the machine for only about 30 seconds or so before I recognize that this thing is seriously infected. “You’ll have to leave it with me” says I, “I’ll need to run scans and see what we are up against”.
So to work. One of the first things I had noticed was a McAfee antivirus icon sitting in the system tray. A quick check confirmed my worst fears, the trial period had long expired. I check Windows Defender and not only is it still switched off but also inaccessible, so these people have been running an unprotected system for goodness knows how long. The operating system is Windows 8 so I’m guessing at least 3 years. This is one of the things I hate about manufacturer’s and their damned trial antivirus software.
To compound the issue, I go to Windows Update only to discover that the system has never been updated in its life, not a single security patch has been installed. Oh my! In fact, Windows Update tells me that I don’t have permission to apply updates even though I am logged on via an administrator account. I soon discover that Internet Explorer is also broken, along with most other functions. So I download Malwarebytes Anti-Malware on my own machine and install it on the laptop’s broken system via USB flash drive.
A full scan and around 40 minutes later the horrible truth is revealed… 9008 infections flagged. Never in my wildest dreams did I anticipate anywhere near that monumental number, I am amazed the system is working at all. Admittedly, the vast majority were PUPs (or grayware) along with a handful of truly malicious items but even PUPs/grayware in that sort of quantity are going to cause significant harm. So Malwarebytes quarantines all the suspect items but the damage to system files has already been done and I’m getting nowhere fast.
At this stage I am thinking clean install. However, before I go through the laborious process of downloading an ISO, identifying the license key (there is no sticker on the laptop with a product key number), and re-installing, I decide to try a few simpler possibilities:
I try running sfc /scannow via elevated command prompt but it won’t run at all. Next I try running the Dism /Online /Cleanup-Image /RestoreHealth command but it just keeps throwing up error messages as well. Long story short, after the Acer recovery software failed, and the keyboard shortcut to restore to factory settings failed too, I was fast running out of options. I had one last straw to clutch, the Windows 8 Reset feature. Considering the damage to the system, with many more functions broken than working, I was not exactly brimming with confidence. To my surprise, and relief, the Reset function appeared to be working okay. Just over an hour later and it was confirmed, I am now looking at a brand new Windows 8, all fully functional and in good working order. A quick run through sfc /scannow to double check reveals that all is indeed good.
I was very fortunate with this laptop, the female owner did not have any third party programs installed at all, seems all she uses the machine for is connecting to Facebook and emailing via Gmail. So the Reset didn’t really change anything except undo all the damage and restore the system to good working order. With Windows Update now fully operational, I install the myriad of outstanding updates. Next I upgrade the system to Windows 8.1, and finally to Windows 10 – as per agreement with the client following a quick telephone call.
Overall it took me 2 days, off and on, but I tell you truly, when I gave that laptop back to its owner it was really flying. Minus all the manufacturer’s bloatware, probably even better than when brand new.
Can anyone beat 9008 infections on a single PC? If not, I’m claiming a record. 🙂