Question

Locked

My XP PC is infected with win32.netsky

By elaine_b21 ·
My XP PC is infected with win32.netsky I tried booting in safe mode with networking, then chose winXP OS (the only one available)and all I get from there out is a blue screen. How do I get into my PC in safe mode so that I can turn off system restore and remove win32.netsky from my PC?

This conversation is currently closed to new comments.

9 total posts (Page 1 of 1)  
Thread display: Collapse - | Expand +

All Answers

Collapse -

Tried a CD boot environment? i've used BartPe before. (nt)

by NexS In reply to My XP PC is infected with ...
Collapse -

netsky

by elaine_b21 In reply to Tried a CD boot environme ...

I am having issues... I CAN NOT get paast the blue screen.
will not start up in safe mode, safe mode/networking, last known startup or anything All I get is that blue screen after entering ANY mode. Tried starting up with a System Restore CD and that didn't work either

Collapse -

BSOD

by NexS In reply to netsky

I didn't mean booting from a windows cd.
Some of the guys (and girls) here have got some good links to utility boot discs that can be used for this very issue.

you need to boot from CD not from HDD

Collapse -

win32.netsky

by dmiles In reply to Also read this

Follow these steps to download and run the tool:


Download the FxNetsky.exe file from:
http://www.symantec.com/content/en/us/global/removal_tool/threat_writeups/FxNetsky.exe.

Save the file to a convenient location, such as your downloads folder or the Windows desktop, or removable media known to be uninfected.
Optional: To check the authenticity of the digital signature, refer to the "Digital signature" section later in this writeup.

Note: If you are sure that you are downloading this tool from the Security Response Web site, you can skip this step. If you are not sure, or are a network administrator and need to authenticate the files before deployment, follow the steps in the "Digital signature" section before proceeding with step 4.


Close all the running programs before running the tool.
If you are on a network or if you have a full-time connection to the Internet, disconnect the computer from the network and the Internet.
If you are running Windows Me or XP, then disable System Restore. Refer to the "System Restore option in Windows Me/XP" section later in this writeup for further details.

Caution: If you are running Windows Me/XP, we strongly recommend that you do not skip this step.


Double-click the FxNetsky.exe file to start the removal tool.
Click Start to begin the process, and then allow the tool to run.

Note: If you have any problems when you run the tool, or it does nor appear to remove the threat, restart the computer in Safe mode and run the tool again.


Restart the computer.
Run the removal tool again to ensure that the system is clean.
If you are running Windows Me/XP, then re-enable System Restore.
Run LiveUpdate to make sure that you are using the most current virus definitions.

Note: The removal procedure may not be successful if Windows Me/XP System Restore is not disabled as previously directed, because Windows prevents outside programs from modifying System Restore.

Collapse -

Blue Screen Only

by elaine_b21 In reply to win32.netsky

Thanks, I have all the above documentation, but my issue first is that I CAN NOT get past the blue screen. will not start up in safe mode, safe mode/networking, last known startup or anything All I get is that blue screen after entering ANY mode. Tried starting up with a System Restore CD and that didn't work either. Any other suggestions?

Collapse -

the fix

by Bruce Epper In reply to My XP PC is infected with ...

I just created a new boot CD you can use to fix this. It can be downloaded from http://hotfile.com/dl/27087753/7851604/UBCD4WinBuilder.rar.html

Extract the ISO image and burn it to CD. Boot this CD in your system. Select 'Launch Ultimate Boot CD' from the initial menu (the default option). Click on 'Start Shell' button when it prompts for the shell to use (using the default). When it asks if you want to start networking, you can go either way. If you opt to start networking, it will go through several configuration screens. Select DHCP if your environment supports it to ease the config. You shouldn't need the networking so you can skip it if desired. Once it fully boots, click on the small red and white icon near the start button to start Avira Antivirus (it already has the most current definitions, but you can update them as long as you started the networking option). Run a complete scan on the system and have it remove all of the crapware it finds. Once it has completed, click on Start -> Clear RAM Drive. You should do that twice since it does not always completely clear the RAM drive the first time. Now select Start -> Programs -> Anti-Spyware -> SuperAntispyware. It will ask if you want to load remote user profiles. Select Yes. In the next dialog, check the box to load all remaining profiles and click OK. It will attempt to download the most current definitions. It will fail if you did not start networking, but it should still run using todays defs. Run a full scan with that. (MalwareBytes is also in the menu, but I have not been able to get it to work properly yet. SuperAntispyware should still be able to get the job done). Once all of the crap has been cleaned out, remove the CD and reboot the machine. Download and install MalwareBytes Anti-Malware, updating the definitions and run a full scan with this as well. When it is done, you should have a (mostly) clean system again.

HTH.

Collapse -

This looks like a job for....

by tsbs In reply to the fix

Super Avast Free Edition salesman.

I have been using this technique for a couple of years now and have yet to find a better way to clean up an unusable machine.

I use Ubuntu (only because it's the NUX distro I am most familiar with).

Basically I just create a bootable USB drive running Ubuntu, then install Avast for Linux on it. You then boot the infected pc off the USB drive, mount the NTFS partition, run Avast scan and roota, Voota, ZOOT!!! You should have a machine clean enough to boot back into windows and install/update your fav anti malware/virus software (hopefully it's not Symantec or McAfee).

I can give you more details if you like.

Tony S

Back to Windows Forum
9 total posts (Page 1 of 1)  

Related Discussions

Related Forums