I got a virus. At first it appeared when Microsoft Security Essentials found it and deleted it. Then it showed up again on the next scan and grew to two and four and more on each consecutive scan.
Next my desktop icons disappeared. I managed to find them and bring them back for a day or two while I worked to clean my computer of the virus. I tried to run disc cleanup but that disappeared from system. Next all my programs disappeared and now I can't access the internet. I tried working in safe mode but I cant even find any of my programs. I tried to dump the computer and re-install XP but nothing works.
- Follow via:
- RSS
- Email Alert
Question
Answers (15)
0
Votes
some steps i would try as a last resort
depending on the infection, what might have happened is that when the virus was zapped, the infected system file(s) were also zapped, which may have caused your system to become unstable. the problem with most anti virus programs is that they can zap the infection but cannot restore the original files before they were infection.
the xp disk can help you restore the corrupted or missing system files. however, the xp version on the computer must be identical to the version on the xp set up cd. so in order to execute a repair installation, you would have to downgrade your system and uninstall the sp updates from the computer.
but on the other hand, there is a method to restore system files via system restore from the disk prompt.
what i would do is to boot up with the xp cd and initialize the recovery / repair console in order to get you to the disk prompt.
afterwards, i would execute a old system restore point which should re-instate a stable registry hive and copies of system files before the infection occurred.
personally i would choose the oldest point, which would guarantee that the infection did not exist at the time. but the restore point is your call. in any case, the instructions can be found here:
http://pcsmarties.wordpress.com/system-restore-via-disk-prompt/
but before doing the above, do a quick check disk to ensure that the master file table and the file system and index's are in sync and not corrupted.
if after you do a system restore and the machine is bootable again, boot into safe mode and disconnect the internet cord from the machine and also execute a clean boot. "or" you can choose to uninstall the sp updates via control panel, if you prefer to execute a repair install with your xp disk.
in any case, if you decide to boot back into normal mode, be sure to disable all browser extensions and add-ons and delete all cookies before reconnecting the internet line, as they may have also been the entry point of the infection.
the xp disk can help you restore the corrupted or missing system files. however, the xp version on the computer must be identical to the version on the xp set up cd. so in order to execute a repair installation, you would have to downgrade your system and uninstall the sp updates from the computer.
but on the other hand, there is a method to restore system files via system restore from the disk prompt.
what i would do is to boot up with the xp cd and initialize the recovery / repair console in order to get you to the disk prompt.
afterwards, i would execute a old system restore point which should re-instate a stable registry hive and copies of system files before the infection occurred.
personally i would choose the oldest point, which would guarantee that the infection did not exist at the time. but the restore point is your call. in any case, the instructions can be found here:
http://pcsmarties.wordpress.com/system-restore-via-disk-prompt/
but before doing the above, do a quick check disk to ensure that the master file table and the file system and index's are in sync and not corrupted.
if after you do a system restore and the machine is bootable again, boot into safe mode and disconnect the internet cord from the machine and also execute a clean boot. "or" you can choose to uninstall the sp updates via control panel, if you prefer to execute a repair install with your xp disk.
in any case, if you decide to boot back into normal mode, be sure to disable all browser extensions and add-ons and delete all cookies before reconnecting the internet line, as they may have also been the entry point of the infection.
Updated - 15th May 2012
Replies
I appreciate your response databaseben. However; at this point any BOOT attemp is futile as I have tried everything I can think of and the computer is non-responsive.
I tried to follow your instructions but Iwhen I tried to BOOT with the re-install XP disc it gives me the option to strike F1 to reboot or F2 for set up utility. pressing F1 just repetes itself, F2 will take me to the setup utility.
What's next to try?
Thanks in advance for your help.
I tried to follow your instructions but Iwhen I tried to BOOT with the re-install XP disc it gives me the option to strike F1 to reboot or F2 for set up utility. pressing F1 just repetes itself, F2 will take me to the setup utility.
What's next to try?
Thanks in advance for your help.
petryss
16th May 2012
Hello Databaseben:
I printed the instructions at the site you gave me, http://pcsmarties.wordpress.com/system-restore-via-disk-prompt/
and went thru the instructions twice and both times I got to #10 and got this message "cannot find the file directory. I got a list of file names but nothing that said RP# or anything about restore point .
I printed the instructions at the site you gave me, http://pcsmarties.wordpress.com/system-restore-via-disk-prompt/
and went thru the instructions twice and both times I got to #10 and got this message "cannot find the file directory. I got a list of file names but nothing that said RP# or anything about restore point .
petryss
20th Jun
0
Votes
Reinstall
It appears that your CD/DVD is not in the boot sequence, depending on your BIOS, find the boot order and place the CD/DVD player at the top of the sequence, save your settings (usually F10) and reboot with the disk in the drive.
16th May 2012
Replies
I finally got windows to accept the CD and install windows. We are now at the step that says:
The following show the partitioned and unparticianed space on this computer:
The following show the partitioned and unparticianed space on this computer:
petryss
16th May 2012
0
Votes
Need help getting rid of a virus!
I finally got windows to accept the CD and install windows. We are now at the step that says:
The following show the partitioned and unparticianed space on this computer: Sorry about that, I hit enter before I was ready earlier.
It gives me several choices: I can set Windows XP up in one of the partitions, Delete any or all of the partitions or set Windows XP up in a net partition. The partitions are:
FAT ~ 24 MB Free Space
NTFS ~ 11071 MB Free Space
FAT32 ~ 324 MB Free Space
Inactive O/S Boot Man ~ 8 MB Free Space
What should I do?
The following show the partitioned and unparticianed space on this computer: Sorry about that, I hit enter before I was ready earlier.
It gives me several choices: I can set Windows XP up in one of the partitions, Delete any or all of the partitions or set Windows XP up in a net partition. The partitions are:
FAT ~ 24 MB Free Space
NTFS ~ 11071 MB Free Space
FAT32 ~ 324 MB Free Space
Inactive O/S Boot Man ~ 8 MB Free Space
What should I do?
16th May 2012
Replies
keep in mind that if the xp version on the cd is not the same as the xp on the computer, you can't execute a "repair installation". the only options then would be to install xp as a secondary o.s. in a different folder or partition. afterwards you will have two copies of xp on your computer.
my suggestion is to look for the "R" option which will execute the recovery console and take you to the disk prompt. if you look at the bottom of the setup screen, there will be options to execute by pressing certain keyboard keys.
once at the disk prompt, you can retry my initial suggestion and try to salvage what you can.
my suggestion is to look for the "R" option which will execute the recovery console and take you to the disk prompt. if you look at the bottom of the setup screen, there will be options to execute by pressing certain keyboard keys.
once at the disk prompt, you can retry my initial suggestion and try to salvage what you can.
databaseben
16th May 2012
0
Votes
Need help getting rid of a virus!
At this point I am past where I could choose Repair, etc. If I install XP in a new partition can I go back and delete the old? Do I need to delete the other partitions that are listed.
If I really should go back and hit repair how do I get there from here?
If I really should go back and hit repair how do I get there from here?
Updated - 16th May 2012
Replies
you can just reboot the computer again and return to the beginning of the setup screen.
however, if you don't want to salvage what you can, you can go ahead and reinstall xp from scratch. the installation process will scan your hard drive for installed o.s.'s and give you the options to install xp in its original folder, a new folder or different partition.
but you will want to install xp the drive c where the file system is ntfs.
after you make the selection, the cd should give you the option to format the c drive before installing xp.
at this point you could re format the c drive before installing, but since we don't know what kind of infection you had, reformatting may not be helpful.
but as long as you have the xp cd, your always open to start over again with setting up xp and selecting differing options, like reformatting the c drive.
in regards to deleting partitions, there is no need to do that. incidentally, is the computer your working on a pc or laptop?
if it is a laptop, then one of those partitions may be storing the original setup files to install xp and the hardware drivers. in which case, you could execute a "factory restore".
however, if you don't want to salvage what you can, you can go ahead and reinstall xp from scratch. the installation process will scan your hard drive for installed o.s.'s and give you the options to install xp in its original folder, a new folder or different partition.
but you will want to install xp the drive c where the file system is ntfs.
after you make the selection, the cd should give you the option to format the c drive before installing xp.
at this point you could re format the c drive before installing, but since we don't know what kind of infection you had, reformatting may not be helpful.
but as long as you have the xp cd, your always open to start over again with setting up xp and selecting differing options, like reformatting the c drive.
in regards to deleting partitions, there is no need to do that. incidentally, is the computer your working on a pc or laptop?
if it is a laptop, then one of those partitions may be storing the original setup files to install xp and the hardware drivers. in which case, you could execute a "factory restore".
databaseben
17th May 2012
0
Votes
Need help getting rid of a virus!
The computer I am working on is a pc. I went ahead and stopped the setup and started over. When I got to the part I could choose Repair I did. Now it is asking me "Which Windows installation would you like to log on to". Not sure what they want.
Updated - 17th May 2012
Replies
its usually number 1, if you only have one o.s. on the system. if you had two o.s's, then you could either press number 1 or 2 to select which one to log into.
databaseben
17th May 2012
0
Votes
Need help getting rid of a virus!
I selected number 1 but once it got to the part it asked for the administrator password I tried every password I've ever used and they were all wrong. It asked if I wanted to Reboot which I did. This computer is about 6 years old and if I ever put a password in I will never know.
If I follow your instructions and just install a new os won't the virus still be in the old o/s and could it get into the new?
If I follow your instructions and just install a new os won't the virus still be in the old o/s and could it get into the new?
17th May 2012
Replies
just click the enter key to bypass the questions, that is if you were usually logging into windows automatically and without entering any password to begin with.
databaseben
17th May 2012
response #2 - in regards to installing a new o.s., there is always a possibility that you have a boot virus - but we don't really know what kind of infection you had or have.
i'm basing my suggestions for executing a manual restore on the presumption that your anti virus did zap the initial infection and you simply need to restore missing or corrupted system files.
however, if all your efforts to salvage what you have fail, you can install xp from scratch.
i'm basing my suggestions for executing a manual restore on the presumption that your anti virus did zap the initial infection and you simply need to restore missing or corrupted system files.
however, if all your efforts to salvage what you have fail, you can install xp from scratch.
databaseben
17th May 2012
0
Votes
Need help getting rid of a virus!
I followed your advice and hit enter this time when it asked for administrator password.
Now it says C:\WINDOWS and is waiting for me to type something. I hit enter but thats not what it wants?
Now it says C:\WINDOWS and is waiting for me to type something. I hit enter but thats not what it wants?
Updated - 17th May 2012
Replies
it looks like you are now at the disk prompt.
next press the letters followed by 2 periods and hit enter afterwards:
cd..
next you should see the c prompt below:
c:\>:
next type the below to execute a check disk then hit enter afterwards:
chkdsk/F
after the utility runs above and you get the c prompt again, type the below, then press enter afterwards.
exit
then remove the cd and reboot your computer and see if you can initialize your windows again. try both safe mode and normal mode.
if however, your system does not boot up like before, then retry all the steps again to boot with the cd, execute the recovery/repair console and get back to the c prompt.
then try a manual system restore.
next press the letters followed by 2 periods and hit enter afterwards:
cd..
next you should see the c prompt below:
c:\>:
next type the below to execute a check disk then hit enter afterwards:
chkdsk/F
after the utility runs above and you get the c prompt again, type the below, then press enter afterwards.
exit
then remove the cd and reboot your computer and see if you can initialize your windows again. try both safe mode and normal mode.
if however, your system does not boot up like before, then retry all the steps again to boot with the cd, execute the recovery/repair console and get back to the c prompt.
then try a manual system restore.
databaseben
17th May 2012
0
Votes
Virus Removale is an art
Go to my web site on another computer you will find the instruction to get rid of the virus it is a hostage virus it hide your files it has to be remove by an anti virus boot dis from a cold boot virus can live in Mem during a warm boot also you need a program to repair the registry,
my site is halloweenhackers.com, don't freek I am a white Hat
my site is halloweenhackers.com, don't freek I am a white Hat
17th May 2012
Replies
Hello Dayen:
Well, I couldn't get as far as your site on the computer with the virus. I was here until 6:45 PM last night and that computer in safe mode was still trying to bring up the internet.
This morning I can even get it to come up in Safe Mode. I am on that screen and have chosen safe mode but no response as yet. It is working tho as after I arrowed down and chose safe mode the arrow key doesn't even work.
Well, I couldn't get as far as your site on the computer with the virus. I was here until 6:45 PM last night and that computer in safe mode was still trying to bring up the internet.
This morning I can even get it to come up in Safe Mode. I am on that screen and have chosen safe mode but no response as yet. It is working tho as after I arrowed down and chose safe mode the arrow key doesn't even work.
petryss
18th May 2012
0
Votes
File you will need for REG
is FixNCR.reg you import into Registry it take a little work because you need to place it in all users acounts so if any are not administrators then you need to set them to administrator but you must have removed the virus first and chkdsk does not remove any virus also system recovery will only spread a virus
17th May 2012
0
Votes
oh my god!
Buy A New Computer!
17th May 2012
Replies
That's a thought at this point but these guys are giving me good advice I need to know anyway.
petryss
18th May 2012
0
Votes
I tried to send you the info from my site
I tried to send info from my site but it didn't show up here not sure why maybe it to long also you need another computer to make these rescue CD/DVD
AVG has a free Rescue CD it bootable
http://www.avg.com/us-en/homepage
http://www.ubcd4win.com
AVG has a free Rescue CD it bootable
http://www.avg.com/us-en/homepage
http://www.ubcd4win.com
18th May 2012
0
Votes
Seen it several times
I have run into this kind of virus a lot over the past few months. Your files are actually hidden. Showing hidden files and folders should reveal them.
You not only have malware but have a rootkit. Sounds like you did a software system restore instead of a format and reinstall of XP.
What I would do is run Tdss and then combofix. This will terminate the rootkit. Then (Too late now most likely) Run a system restore and restore your computer to an earlier date. This guide covers rootkit removal and should work for you http://www.removevirus.org/remove-rootkit Has the links to the tools I talked about. All are free
You not only have malware but have a rootkit. Sounds like you did a software system restore instead of a format and reinstall of XP.
What I would do is run Tdss and then combofix. This will terminate the rootkit. Then (Too late now most likely) Run a system restore and restore your computer to an earlier date. This guide covers rootkit removal and should work for you http://www.removevirus.org/remove-rootkit Has the links to the tools I talked about. All are free
15th Jun
Replies
Are you still out there?
I just have a problem as I cannot open windows in safe mode. It tells me I am missing "Windows\System32\Config\System" and I have to start Windows with the reinstall cd.
I installed the XP setup cd and followed instructions. At disk prompt I typed cd \
cd windows\system32\config
ren system system.bak
exit. I selected r for repair, the line number for the O/S, selected enter to bypass the password and at disk prompt I typed:
cd \
cd system~1\_resto~1\
dir
the message said it could not find the file directory. I got a list of file names but nothing that said RP# or anything about restore point .
I just have a problem as I cannot open windows in safe mode. It tells me I am missing "Windows\System32\Config\System" and I have to start Windows with the reinstall cd.
I installed the XP setup cd and followed instructions. At disk prompt I typed cd \
cd windows\system32\config
ren system system.bak
exit. I selected r for repair, the line number for the O/S, selected enter to bypass the password and at disk prompt I typed:
cd \
cd system~1\_resto~1\
dir
the message said it could not find the file directory. I got a list of file names but nothing that said RP# or anything about restore point .
petryss
29th Jun
0
Votes
Thanks Jacoberdei
I just have a problem as I cannot open windows in safe mode. It tells me I am missing "Windows\System32\Config\System" and I have to start Windows with the reinstall cd.
I installed the XP setup cd and followed instructions. At disk prompt I typed cd \
cd windows\system32\config
ren system system.bak
exit. I selected r for repair, the line number for the O/S, selected enter to bypass the password and at disk prompt I typed:
cd \
cd system~1\_resto~1\
dir
the message said it could not find the file directory. I got a list of file names but nothing that said RP# or anything about restore point
I installed the XP setup cd and followed instructions. At disk prompt I typed cd \
cd windows\system32\config
ren system system.bak
exit. I selected r for repair, the line number for the O/S, selected enter to bypass the password and at disk prompt I typed:
cd \
cd system~1\_resto~1\
dir
the message said it could not find the file directory. I got a list of file names but nothing that said RP# or anything about restore point
20th Jun
Replies
sorry for responding at this late date. something is not proficient with this newsgroup. in any case, i have posted additional options on the webpage i provided. please re-review it to get an idea of what they are. however, briefly speaking you should execute a "repair install" with your xp cd, if the manual method for restoring the registry proved futile.
databaseben
30th Jun
1
Vote
new drive-save the old
Not to take away anything from the tools available out there, but you might try replacing the hard drive if that is an option, reinstall a new copy of windows, update it completely and add in antivirus etc. Put the old drive in the computer and scan it completely, then take what you need off it, (some may just be hidden or marked as system files as noted above) then stuff it in a drawer for a month. Cleaning viruses like this can be a waste of time in many cases. You probably could have rebuilt it many times over and truth be told, you might still have crap on there. It isn't worth the effort. System restore is a great place for these things to hide. I turn it off. You are usually better off with a backup (when possible) than system restore, as it just brings the baddies back to life when you reboot.
30th Jun
0
Votes
id say get a new comp
just get a new comp download same files and its fine!
26th Sep
