Questions

Need help getting rid of a virus!

+
0 Votes
Locked

Need help getting rid of a virus!

petryss
I got a virus. At first it appeared when Microsoft Security Essentials found it and deleted it. Then it showed up again on the next scan and grew to two and four and more on each consecutive scan.

Next my desktop icons disappeared. I managed to find them and bring them back for a day or two while I worked to clean my computer of the virus. I tried to run disc cleanup but that disappeared from system. Next all my programs disappeared and now I can't access the internet. I tried working in safe mode but I cant even find any of my programs. I tried to dump the computer and re-install XP but nothing works.
some steps i would try as a last resort depending on the infection, what might have happened is that when the virus was zapped, the infected system file(s) were also zapped, which may have caused your system to become unstable. the problem with most anti virus programs is that they can zap the infection but cannot restore the original files before they were infection. the xp disk can help you restore the corrupted or missing system files. however, the xp version on the computer must be identical to the version on the xp set up cd. so in order to execute a repair installation, you would have to downgrade your system and uninstall the sp updates from the computer. but on the other hand, there is a method to restore system files via system restore from the disk prompt. what i would do is to boot up with the xp cd and initialize the recovery / repair console in order to get you to the disk prompt. afterwards, i would execute a old system restore point which should re-instate a stable registry hive and copies of system files before the infection occurred. personally i would choose the oldest point, which would guarantee that the infection did not exist at the time. but the restore point is your call. in any case, the instructions can be found here: http://pcsmarties.wordpress.com/system-restore-via-disk-prompt/ but before doing the above, do a quick check disk to ensure that the master file table and the file system and index's are in sync and not corrupted. if after you do a system restore and the machine is bootable again, boot into safe mode and disconnect the internet cord from the machine and also execute a clean boot. "or" you can choose to uninstall the sp updates via control panel, if you prefer to execute a repair install with your xp disk. in any case, if you decide to boot back into normal mode, be sure to disable all browser extensions and add-ons and delete all cookies before reconnecting the internet line, as they may have also been the entry point of the infection.
+
0 Votes
dayen

I tried to send info from my site but it didn't show up here not sure why maybe it to long also you need another computer to make these rescue CD/DVD

AVG has a free Rescue CD it bootable
http://www.avg.com/us-en/homepage
http://www.ubcd4win.com

+
0 Votes
jacoberdei

I have run into this kind of virus a lot over the past few months. Your files are actually hidden. Showing hidden files and folders should reveal them.

You not only have malware but have a rootkit. Sounds like you did a software system restore instead of a format and reinstall of XP.

What I would do is run Tdss and then combofix. This will terminate the rootkit. Then (Too late now most likely) Run a system restore and restore your computer to an earlier date. This guide covers rootkit removal and should work for you http://www.removevirus.org/remove-rootkit Has the links to the tools I talked about. All are free

some steps i would try as a last resort depending on the infection, what might have happened is that when the virus was zapped, the infected system file(s) were also zapped, which may have caused your system to become unstable. the problem with most anti virus programs is that they can zap the infection but cannot restore the original files before they were infection. the xp disk can help you restore the corrupted or missing system files. however, the xp version on the computer must be identical to the version on the xp set up cd. so in order to execute a repair installation, you would have to downgrade your system and uninstall the sp updates from the computer. but on the other hand, there is a method to restore system files via system restore from the disk prompt. what i would do is to boot up with the xp cd and initialize the recovery / repair console in order to get you to the disk prompt. afterwards, i would execute a old system restore point which should re-instate a stable registry hive and copies of system files before the infection occurred. personally i would choose the oldest point, which would guarantee that the infection did not exist at the time. but the restore point is your call. in any case, the instructions can be found here: http://pcsmarties.wordpress.com/system-restore-via-disk-prompt/ but before doing the above, do a quick check disk to ensure that the master file table and the file system and index's are in sync and not corrupted. if after you do a system restore and the machine is bootable again, boot into safe mode and disconnect the internet cord from the machine and also execute a clean boot. "or" you can choose to uninstall the sp updates via control panel, if you prefer to execute a repair install with your xp disk. in any case, if you decide to boot back into normal mode, be sure to disable all browser extensions and add-ons and delete all cookies before reconnecting the internet line, as they may have also been the entry point of the infection.
+
0 Votes
petryss

Are you still out there?

I just have a problem as I cannot open windows in safe mode. It tells me I am missing "Windows\System32\Config\System" and I have to start Windows with the reinstall cd.

I installed the XP setup cd and followed instructions. At disk prompt I typed cd \
cd windows\system32\config
ren system system.bak
exit. I selected r for repair, the line number for the O/S, selected enter to bypass the password and at disk prompt I typed:
cd \
cd system~1\_resto~1\
dir
the message said it could not find the file directory. I got a list of file names but nothing that said RP# or anything about restore point .

+
0 Votes
petryss

I just have a problem as I cannot open windows in safe mode. It tells me I am missing "Windows\System32\Config\System" and I have to start Windows with the reinstall cd.

I installed the XP setup cd and followed instructions. At disk prompt I typed cd \
cd windows\system32\config
ren system system.bak
exit. I selected r for repair, the line number for the O/S, selected enter to bypass the password and at disk prompt I typed:
cd \
cd system~1\_resto~1\
dir
the message said it could not find the file directory. I got a list of file names but nothing that said RP# or anything about restore point

some steps i would try as a last resort depending on the infection, what might have happened is that when the virus was zapped, the infected system file(s) were also zapped, which may have caused your system to become unstable. the problem with most anti virus programs is that they can zap the infection but cannot restore the original files before they were infection. the xp disk can help you restore the corrupted or missing system files. however, the xp version on the computer must be identical to the version on the xp set up cd. so in order to execute a repair installation, you would have to downgrade your system and uninstall the sp updates from the computer. but on the other hand, there is a method to restore system files via system restore from the disk prompt. what i would do is to boot up with the xp cd and initialize the recovery / repair console in order to get you to the disk prompt. afterwards, i would execute a old system restore point which should re-instate a stable registry hive and copies of system files before the infection occurred. personally i would choose the oldest point, which would guarantee that the infection did not exist at the time. but the restore point is your call. in any case, the instructions can be found here: http://pcsmarties.wordpress.com/system-restore-via-disk-prompt/ but before doing the above, do a quick check disk to ensure that the master file table and the file system and index's are in sync and not corrupted. if after you do a system restore and the machine is bootable again, boot into safe mode and disconnect the internet cord from the machine and also execute a clean boot. "or" you can choose to uninstall the sp updates via control panel, if you prefer to execute a repair install with your xp disk. in any case, if you decide to boot back into normal mode, be sure to disable all browser extensions and add-ons and delete all cookies before reconnecting the internet line, as they may have also been the entry point of the infection.
+
0 Votes
databaseben

sorry for responding at this late date. something is not proficient with this newsgroup. in any case, i have posted additional options on the webpage i provided. please re-review it to get an idea of what they are. however, briefly speaking you should execute a "repair install" with your xp cd, if the manual method for restoring the registry proved futile.

+
1 Votes
gdeangelis

Not to take away anything from the tools available out there, but you might try replacing the hard drive if that is an option, reinstall a new copy of windows, update it completely and add in antivirus etc. Put the old drive in the computer and scan it completely, then take what you need off it, (some may just be hidden or marked as system files as noted above) then stuff it in a drawer for a month. Cleaning viruses like this can be a waste of time in many cases. You probably could have rebuilt it many times over and truth be told, you might still have crap on there. It isn't worth the effort. System restore is a great place for these things to hide. I turn it off. You are usually better off with a backup (when possible) than system restore, as it just brings the baddies back to life when you reboot.

+
0 Votes
the jacob

just get a new comp download same files and its fine!