StarDestroyer.Net BBS

My in-laws have a Dell Inspiron 560 (Win7 Home). Somehow, my father in law managed to get the computer infected even though he rarely surfs the internet other than to deal with his buying and selling coins on ebay, reading his email and dealing with paypal.

This virus has corrupt the services.exe and has prevented MSE, Windows Update, Defender, Firewall and a couple of other things from working properly. I tried removing MSE and re-downloading it but that ended up crashing services.exe, creating an almost endless loop of rebooting. Managed to stop the cycle by quickly stopping MSE and then uninstall it.

I've instead downloaded Spybot and AVG. They've done wonders on the computer except for the services.exe file. AVG won't touch it as it is a vital component to Win7.

So, how do I go about fixing services.exe file without needing to nuke it from orbit and start over again? Can I just copy mine and paste it over? Could Combofix repair the damage?

Help?

How the hell does he constantly infect the computer? He's got the same amount of protection on his computer as I do since I'm the resident comptech. Yet, despite me going to more websites than he'll ever visit, I've probably had one or two trojans which I've managed to quickly eradicate, while his simple surfing has netted him dozens of viruses and trojans. Also, how does a man accumulate over 40,000 emails in a span of a few short weeks? GAHHH!

Malwarebytes. Malwarebytes is always my first option for dealing with infections.

Combofix. Give it a try, sometimes it can replace files that've been subverted/replaced by viruses, sometimes it can't, but it's worth a shot. As for replacing it from another system, ONLY if you have the same version (Windows 7, never mind home/pro, the file's the same, but 32/64-bit matters in most cases). Be prepared to use a Linux boot CD/flash drive or an OS CD recovery console if you need to get access after the OS has finally shit itself to the point of non-bootability.

I believe I got it fixed. A simple copy of the services.exe from my computer to his did the trick. So far so good, the computer is clean. I just hope it stays that way.

How the hell does he constantly infect the computer? He's got the same amount of protection on his computer as I do since I'm the resident comptech. Yet, despite me going to more websites than he'll ever visit, I've probably had one or two trojans which I've managed to quickly eradicate, while his simple surfing has netted him dozens of viruses and trojans. Also, how does a man accumulate over 40,000 emails in a span of a few short weeks? GAHHH!

Likely he uses it for more than he tells you. And as everyone less-than-tech-savy he easily falls prey of bullshit you laugh at.

If you are in for a change, you can try a linux distro, which is notoriously less-susceptible to malware as-is (and is a breeze to reinstall).
Puppy is tiny and runs from USB as well as live-cd.
Zorin OS is the one with GUI closest to Windows I've seen. I think it can go from liveCD as well.

Enigma wrote:How the hell does he constantly infect the computer? He's got the same amount of protection on his computer as I do since I'm the resident comptech. Yet, despite me going to more websites than he'll ever visit, I've probably had one or two trojans which I've managed to quickly eradicate, while his simple surfing has netted him dozens of viruses and trojans. Also, how does a man accumulate over 40,000 emails in a span of a few short weeks? GAHHH!

If you don't keep auxiliary programs that have browser plugins (such as Java, Flash Player, Adobe Reader, Shockwave Player, Quicktime and others) updated, you might as well uninstall any AV software on the computer and surf the web on a naked PC, because your protection level will be essentially the same.

Your AV software is like a guard dog outside your front door, with enough chain to cover the front of the house. Your auxiliary programs and their security flaws are very much like the back door and windows of your house and if they aren't updated to plug the holes, it's like the back door is wide open for burglars.

Also, installing all sorts of dodgy toolbars and other add-on shit on your browser is a surefire way to either seriously degrade computer performance (especially wrt net surfing) or open up more security holes (or more likely both).

I see this shit every day at work. Every single day.

I do keep them updated but whatever my father-in-law did to get the virus it knocked down every defense the computer had in one go. This was akin to a burglar shutting down the main power source that is powering all of the houses defenses. Corrupting services knocked out MSE (why oh why should it be tied to it?), Windows Update, Firewall and so forth. Now that his computer is clean, I'm not going to have him switch back to MSE. AVG is doing fine as it is and it won't be affected by a corrupted services.exe file.

Curiously, before doing that simple swap, I tried Combofix and it didn't continue past the extraction phase. After extracting it simply stopped.