For this Retro Friday article we’re going to take a trip into the danger zone and I’m going to talk about how to deal with old viruses/malware/spyware on older computer boxes.
Fact: Older PC boxes with Windows XP that haven’t been used since 2008 are usually loaded with viruses and spyware.
Since the release of Service Pack 3 for WinXP in mid-2008, just about everyone runs the built-in software-based Windows firewall protection (in addition to having a hardware-based firewall via your router).
If however you have a PC with XP on it where it hasn’t been used since 2008, it can be assumed that the Windows Firewall is off, and that the OS has viruses and spyware on it aplenty.
The safe maneuver would simply be to "blow away" the operating system and start fresh before using that old computer box again, but sometimes that’s not an option. Maybe there’s some apps installed on it that prevents you from reinstalling the OS. Or maybe you don’t even have a copy of the old OS anymore; there are any number of reasons.
How do you deal with situation where you want to "revive" a PC with old Windows on it that’s potentially already compromised? Here’s the quick rundown on that.
Booting the box with the network unplugged and examining what you’re dealing with
The box can’t do anything nasty if it has no network connectivity. Since most older viruses/spyware completely rely on a live internet network connection, all you have to do is boot the box and just let it sit there for a half-hour to see if any network errors happen.
At this point you just wait to see what happens. Some of it will be things you can fix easily, while others will be obvious viruses/spyware.
Old printer software suite notices
Old printer software suites as far as I’m concerned are spyware, even though they’re not identified as such. Certain suites from the early-to-mid 2000s are notorious for launching useless resident programs/services, then popping up an advertisement screen saying "Hey, buy these printer accessories! You know you want to!" No, I don’t want to, thank you very much.
Easy fix. If you don’t own the printer anymore, go into Add/Remove and uninstall all printer software. Every trace of it.
Old digital camera/camcorder software suites
These can be just as bad as old printer software suites if not worse as they do the same crap, except with even more attempts to hock products at you. Uninstall the same way you did the printer software.
Random IE pop-ups / network errors
Don’t be surprised if after getting to the desktop that you see random IE browser windows open (and fail since there’s no network connectivity). That’s a telltale sign there’s some spyware on the box; this is especially true if you’ve already uninstalled all the stuff for the hardware you don’t own anymore.
You may also see random network errors happen as well; this is indicative there’s some spyware running in the background. You’ll have to launch the Task Manager and examine for odd-named programs.
Toolbars, toolbars, toolbars, oh my
I hate browser toolbars and believe they should be banned like asbestos. But anyway, you may have several toolbars installed in the IE browser. Some can be removed from Add/Remove. Others hide themselves away and can only be uninstalled from the Start menu. And others really hide themselves and can only be uninstalled from the IE browser itself.
The ones that can only be uninstalled from IE itself and dig themselves deep are the toughest to get rid of. You have to go to IE’s View > Toolbars menu and see if there’s anything hiding there. If so, you select to view the toolbar, click its menu and maybe it will let you uninstall it. Maybe.
The absolute worst of the lot with toolbars are ISP-branded ones, such as an IE that’s been "Enhanced by Verizon" or "Enhanced by Comcast". It is exceedingly difficult to "debrand" an IE that’s had an ISP’s meat hooks dug into it.
Other resident crapola
Depending on what you used to do with your old PC, you may encounter a sea of taskbar icons next to the clock running all kinds of crap.
I don’t suggest immediately going to Add/Remove to get rid of all that stuff in a normal Windows session, because it probably won’t uninstall correctly. I’ll tell you how to do it the right way in a moment.
Is it worth saving?
Some older installations of Windows are so wrought with viruses, spyware and other crap that they’re just not worth saving.
You will have to make a judgment call on your own concerning this. This call is fairly easy to make. If after boot of the OS you have the sinking feeling of, "Geez.. this is going to take a while to clean this thing out", then don’t bother because it’s not worth your time.
If on the other hand you feel you can save the box with the existing Windows on it, see below.
Saving XP (or at least attempting to)
Unplug the network connection if it isn’t already unplugged.
Boot the box and start pressing F8 right after power-up. Elect to boot into Safe Mode.
Login as Administrator or an account with Administrator privileges.
Go into Add/Remove and remove anything you don’t need, including all IE toolbars, "Helper" apps, old printer software suites, and so on.
Examine the Start menu for any programs you don’t need that list uninstallers for what wasn’t listed in Add/Remove. If you find any, uninstall them.
If there are any anti-virus/malware/spyware suites installed, UNINSTALL THEM. They’re all old. And yes, this may require several reboots (all into Safe Mode/Administrator) to get it done.
Click Start > Run, type winver and click OK. The dialog that pops up will tell you which Service Pack you have installed, if any. If it’s not, you’ll need to get it (explained below).
Shut down the PC.
Don’t have Service Pack 3?
Go to another computer, and go here: http://go.microsoft.com/fwlink/?linkid=183302
Download SP3 and burn the file to CD, or copy to USB stick (the SP3 installer is under 320MB).
Go back to your old computer box, boot into Windows with no networking (meaning cable still unplugged) and run the SP3 installer off the USB stick.
Shut down the PC after successful SP3 installation.
Firefox
It’s assumed the old XP box you have has an outdated browser, so you’ll need to install a new one.
On another computer, go to www.firefox.com, download the latest version of that browser and copy the installer file to a USB stick.
Go back to your old computer box, boot into Windows with no networking (meaning cable still unplugged) and run the Firefox installer. After install there will be page-load errors since there’s no network connectivity currently, but that’s fine.
Shut down the PC after successful Firefox installation.
Boot up, get MSE, install it
Plug in the network.
Power up the computer, tapping the F8 key.
Launch XP into Safe Mode again and login as Administrator.
Launch Firefox and go to http://windows.microsoft.com/mse to get the latest version of Microsoft Security Essentials, and install it.
Get CCleaner, run it
Go to www.ccleaner.com, install and run it.
Important note: INSTALL THIS SLOWLY. Don’t just rush through the menus during initial install, because you will be asked if you want to install Google Chrome. If you don’t want it, don’t elect to install it.
Run both the cleaner and registry utility several times until no entries show up.
Are you done?
Again, this is your call to make. The box at this point should be usable and should be cleaned out of any nasty stuff – especially with MSE monitoring everything.
You could optionally boot from a Linux LiveCD and run ClamAV on the primary hard drive just to be on the safe side, but only after you’ve performed all the other steps above first.
Why do the Linux ClamAV thing last? To prevent an older XP installation from becoming inoperable on its own. Certain spyware and viruses dig so deep into Windows that a Linux ClamAV scan could inadvertently delete critical XP system files, so you’re better off going the long route by doing the uninstall/SP3/MSE thing first.
The PCMech.com weekly newsletter has been running strong for over 8 years. Sign up to get tech news, updates and exclusive content - right in your inbox. Also get (several) free gifts.
Funnily enough, I keep a copy of XP for posterity. One day, perhaps, I will put it on a custom-built machine but with no intention to go online, just to run some legacy software. A nice guide, anyway!
You could also use Microsoft Defender Offline [http://windows.microsoft.com/en-US/windows/what-is-windows-defender-offline], which is available in both 32 and 64 bit versions. It installs to a USB Flash drive, which you boot from, and it updates itself via internet. It is safe because the original and possibly infected XP installation is not booted. Instead, it boots a self-contained version of Windows similar to that used in Windows installations. It can be a life saver.