Questions

System files deleted after virus deletion!!! Help!!!

Tags:
+
0 Votes
Locked

System files deleted after virus deletion!!! Help!!!

neptune714
I was browsing the net and got a warning from Norton that it found a threat and quarantined it. All of a sudden my computer restarts itself. I quickly unplug it from the internet, boot it up in safe mode, run Norton, delete over 25 viruses, restart the computer si that I can install malware bytes, but I can't. It doesn't recognize any file that I click on. Doesn't recognize applications, doesn't even recognize the run function. It asks me what program I would like to open the run function with. Won't recognize a system restore. It's as if major dll. files have been deleted or something. What can I do??? Please help, I am desperate.

This computer has an F11 functin that will reset it to factory settings, but I am afraid if I do that, it may not work because if dll. files have been deleted, then it may not recognize that command.

Any advice? Thank you SO much for responding!
  • +
    0 Votes
    Jacky Howe

    haven't any valuable Data that you require just press the F11 key to restore it to factory settings. If you have Data that is required boot with a Live Linux CD and copy your Data to another media. Scan the Data with an AV before using it though.

    +
    0 Votes
    Srose21

    You probably had to create them on first boot or if you have a friend that has your OS..Vista? XP? Just pop the CD in and do a restore....DON'T REFORMA, just do the system restore and your other data will still be intact.

    Get your data

    Then REFORMAT and REINSTALL...If the Virus(es) were that nasty do you really want all of the issues that will plague you later?

    Install AV, Scan your data, then restore your data.

    If you don't have the install disks and F11 doesn't work......Have you considered a linux box? :)

    +
    0 Votes
    Jacky Howe

    If you can't access the internet to update MBAM try the instructions below to clear a path to the internet to be able to run MBAM. You can also download the updates for MBAM and run them from the USB.

    From another System download and install Spybot, update it and copy the the installed folders to a USB Stick. Copy MBAM and the Update as well.

    Removing malware from System Restore points
    To remove the malware, you must first disable System Restore, then scan the system with up-to-date antivirus software - allowing it to clean, delete, or quarantine any viruses found. After the system has been disinfected, you may then re-enable System Restore. The steps for disabling System Restore vary, depending on whether the default Start Menu or the Classic Start Menu is being used.

    Default Start Menu XP
    If using the default Start Menu, click Start | Control Panel | Performance and Maintenance | System. Select the System Restore tab and check "Turn off System Restore".

    Classic Start Menu XP
    If using the Classic Start Menu, click Start | Settings | Control Panel and double-click the System icon. Select the System Restore tab and check "Turn off System Restore".

    Vista
    Start, right mouse click Computer and select Properties. Select Advanced System Properties, click contine and then System Protection. Untick the box nect to Local Disk C: and click on Turn System Restore off.


    After scanning the system and removing the offending malware, re-enable System Restore by repeating the steps, this time removing the check from "Turn off System Restore".

    Once you have restarted the Infected System in Safe Mode, navigate to the USB stick and run Spybot.

    Download Spybot - Search & Destroy and install it. Update it. http://www.safer-networking.org/en/download/index.html

    Download Malwarebytes Anti-Malware, install it and update it.

    <a href="http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe" target="_blank"><u>Malwarebytes</u></a>

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform Quick Scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.

    If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
    <a href="http://malwarebytes.gt500.org/mbam-rules.exe" target="_blank"><u>mbam-rules</u></a>

    I would keep scanning with it until it is clean by closing out and rebooting and running it again.

    Run this Rootkit Revealer GMer
    <a href="http://www.gmer.net/index.php" target="_blank"><u>Gmer</u></a>

    FAQ
    <a href="http://www.gmer.net/faq.php" target="_blank"><u>FAQ</u></a>

    Tip! If you want to write protect the USB drive/stick while you are working on an infected System.
    In the recent release of Windows XP Service Pack 2 (SP2), a new feature was added by Microsoft to allow the write protection of USB block storage devices. This entails a simple Registry modification that requires no hardware devices to write protect thumb drives.

    If the USB drive has no small switch for write protection you can turn it on through the Registry via Command Line.

    REG ADD HKLM\SYSTEM\CurrentControlSet\Control\StorageDevicePolicies /v WriteProtect /t REG_DWORD /d 1 /f

    and one to turn it off but a System restart is required. Place the Batch file on the USB to turn it off.

    reg delete HKLM\SYSTEM\CurrentControlSet\Control\StorageDevicePolicies /f


    If TaskManager has been disabled this will enable TaskManager to allow access to the Registry.

    Command line removal or create Batch files.

    Click Start Run and type cmd and then press Enter.

    Execute the following commands in the command line in order to activate the registry editor and Task Manager:

    reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /f

    reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /f

    With the new strains of Virus that have been created you may find it necessary to rename the executable files so that they will work. Rename mbam-setup.exe and then navigate to the install folder and rename mbam.exe. Do not change the files extension from .exe. Do the same with Spybot.

    +
    0 Votes
    neptune714

    Hello everyone, thank you so much for your help. Ultimately, I was able to backup my data because the computer was still reading my external hard drive. I then restarted while hitting CTRL & F11 and restored it to factory settings. UGH! I am still putting the pieces together slowly. I am reinstalling every application from scratch!

    However, I have yet to load my data back onto the computer! My fear is that some of my files are infected, so I may just load the virus back onto the computer. I am afraid to run malware bytes or norton on my external for fear that I may lose important data!

    Any suggestions on how I can prevent valuable data from getting lost if I run virus software on my external. Thanks for your advice!

    Neptune

    +
    0 Votes
    computechdan

    very unlikely that any of your data files can be infected, but to easy your fears...

    after you are all up and going again with current protection, simply make a copy of the data and paste it in another folder of the external drive.

    the antivirus software will scan the copy as it is being created, and if it deletes any files it will be the ones being created, not the source files.

    then if you like you could scan the copy to be sure.

    +
    0 Votes
    OH Smeg

    And see if it runs now? Some infections prevent you installing things like Malwarebytes so you need to rename the Install File and install it to a different directory. Just remember to keep the same extension when you rename the Install File.

    Col

  • +
    0 Votes
    Jacky Howe

    haven't any valuable Data that you require just press the F11 key to restore it to factory settings. If you have Data that is required boot with a Live Linux CD and copy your Data to another media. Scan the Data with an AV before using it though.

    +
    0 Votes
    Srose21

    You probably had to create them on first boot or if you have a friend that has your OS..Vista? XP? Just pop the CD in and do a restore....DON'T REFORMA, just do the system restore and your other data will still be intact.

    Get your data

    Then REFORMAT and REINSTALL...If the Virus(es) were that nasty do you really want all of the issues that will plague you later?

    Install AV, Scan your data, then restore your data.

    If you don't have the install disks and F11 doesn't work......Have you considered a linux box? :)

    +
    0 Votes
    Jacky Howe

    If you can't access the internet to update MBAM try the instructions below to clear a path to the internet to be able to run MBAM. You can also download the updates for MBAM and run them from the USB.

    From another System download and install Spybot, update it and copy the the installed folders to a USB Stick. Copy MBAM and the Update as well.

    Removing malware from System Restore points
    To remove the malware, you must first disable System Restore, then scan the system with up-to-date antivirus software - allowing it to clean, delete, or quarantine any viruses found. After the system has been disinfected, you may then re-enable System Restore. The steps for disabling System Restore vary, depending on whether the default Start Menu or the Classic Start Menu is being used.

    Default Start Menu XP
    If using the default Start Menu, click Start | Control Panel | Performance and Maintenance | System. Select the System Restore tab and check "Turn off System Restore".

    Classic Start Menu XP
    If using the Classic Start Menu, click Start | Settings | Control Panel and double-click the System icon. Select the System Restore tab and check "Turn off System Restore".

    Vista
    Start, right mouse click Computer and select Properties. Select Advanced System Properties, click contine and then System Protection. Untick the box nect to Local Disk C: and click on Turn System Restore off.


    After scanning the system and removing the offending malware, re-enable System Restore by repeating the steps, this time removing the check from "Turn off System Restore".

    Once you have restarted the Infected System in Safe Mode, navigate to the USB stick and run Spybot.

    Download Spybot - Search & Destroy and install it. Update it. http://www.safer-networking.org/en/download/index.html

    Download Malwarebytes Anti-Malware, install it and update it.

    <a href="http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe" target="_blank"><u>Malwarebytes</u></a>

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform Quick Scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.

    If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
    <a href="http://malwarebytes.gt500.org/mbam-rules.exe" target="_blank"><u>mbam-rules</u></a>

    I would keep scanning with it until it is clean by closing out and rebooting and running it again.

    Run this Rootkit Revealer GMer
    <a href="http://www.gmer.net/index.php" target="_blank"><u>Gmer</u></a>

    FAQ
    <a href="http://www.gmer.net/faq.php" target="_blank"><u>FAQ</u></a>

    Tip! If you want to write protect the USB drive/stick while you are working on an infected System.
    In the recent release of Windows XP Service Pack 2 (SP2), a new feature was added by Microsoft to allow the write protection of USB block storage devices. This entails a simple Registry modification that requires no hardware devices to write protect thumb drives.

    If the USB drive has no small switch for write protection you can turn it on through the Registry via Command Line.

    REG ADD HKLM\SYSTEM\CurrentControlSet\Control\StorageDevicePolicies /v WriteProtect /t REG_DWORD /d 1 /f

    and one to turn it off but a System restart is required. Place the Batch file on the USB to turn it off.

    reg delete HKLM\SYSTEM\CurrentControlSet\Control\StorageDevicePolicies /f


    If TaskManager has been disabled this will enable TaskManager to allow access to the Registry.

    Command line removal or create Batch files.

    Click Start Run and type cmd and then press Enter.

    Execute the following commands in the command line in order to activate the registry editor and Task Manager:

    reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /f

    reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /f

    With the new strains of Virus that have been created you may find it necessary to rename the executable files so that they will work. Rename mbam-setup.exe and then navigate to the install folder and rename mbam.exe. Do not change the files extension from .exe. Do the same with Spybot.

    +
    0 Votes
    neptune714

    Hello everyone, thank you so much for your help. Ultimately, I was able to backup my data because the computer was still reading my external hard drive. I then restarted while hitting CTRL & F11 and restored it to factory settings. UGH! I am still putting the pieces together slowly. I am reinstalling every application from scratch!

    However, I have yet to load my data back onto the computer! My fear is that some of my files are infected, so I may just load the virus back onto the computer. I am afraid to run malware bytes or norton on my external for fear that I may lose important data!

    Any suggestions on how I can prevent valuable data from getting lost if I run virus software on my external. Thanks for your advice!

    Neptune

    +
    0 Votes
    computechdan

    very unlikely that any of your data files can be infected, but to easy your fears...

    after you are all up and going again with current protection, simply make a copy of the data and paste it in another folder of the external drive.

    the antivirus software will scan the copy as it is being created, and if it deletes any files it will be the ones being created, not the source files.

    then if you like you could scan the copy to be sure.

    +
    0 Votes
    OH Smeg

    And see if it runs now? Some infections prevent you installing things like Malwarebytes so you need to rename the Install File and install it to a different directory. Just remember to keep the same extension when you rename the Install File.

    Col