General discussion

Locked

V=I=R=U=S - W32.HLLW.Raleka - Can't Del

By dfb ·
I'm trying to remove this virus from my NTFS, Windows XP, boot partition, as Norton Anti-Virus can't. I keep gettibg "Unable to Delete - Access Denide" messages from NAV. Symantec are useless, they can't, or won't suggest anything other than doing an on-line scan, but as the PC wants to reboot every few minutes I can't complete the scan ! I have tried to stop the infected file svchost.exe in task manager but it just starts up again and starts the countdown to reset again.
As the partition is NTFS I can't access it from Dos, I can't see anyway of preventing it from loading so that I can delete it.
Any help most greatful for.

This conversation is currently closed to new comments.

26 total posts (Page 1 of 3)   01 | 02 | 03   Next
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by dfb In reply to V=I=R=U=S - W32.HLLW.Rale ...

Point value changed by question poster.

Collapse -

by sgt_shultz In reply to V=I=R=U=S - W32.HLLW.Rale ...

i wonder if svchost.exe runs in Safe Mode?
below is pasted from support.microsoft.com article 305595
HOW TO: Create a Boot Disk for an NTFS or FAT Partition in Windows XP
---

Collapse -

by sgt_shultz In reply to

Create a Boot Floppy Disk with a Windows XP-Based Computer
Format a floppy disk by using the Windows XP format utility. For example, with the floppy disk in the floppy disk drive, type format a: at a command prompt, and then press ENTER.
Copy the Ntldr and the Ntdetect.com files from the I386 folder on the Windows XP Setup CD-ROM, Windows XP Setup floppy disk, or from a computer that is running the same version of Windows XP as the computer that you want to access with the boot floppy.
Create a Boot.ini file (or copy one from a computer that is running Windows XP), and then modify it to match the computer that you are trying to access. The following example works for a single-partition IDE drive with Windows XP installed in the \Windows folder, but the exact value in the [operating systems] section depends on the configuration of the Windows XP computer that you are trying to access: [boot loader]
timeout=30
Default= multi(0)disk(0)rdisk(0)partition(1)\windows

[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\windows="Windows XP"

If your computer boots from a SCSI hard drive, you may need to replace the multi(0) entry with scsi(0). If you are using scsi(x) in the Boot.ini file, copy the correct device driver for the SCSI controller in use on the computer to the root of the Setup disk, and then rename it Ntbootdd.sys. Change the disk(0) number to represent the SCSI-ID of the hard drive you want to boot to. If you are using multi(x) in the Boot.ini file, you do not need to do this.
Start your computer by using the floppy disk, and then log on to Windows XP.

Collapse -

by sgt_shultz In reply to

Create a Boot Floppy Disk Without a Windows XP-Based Computer
Refer to the article Q310994 for directions to download and create the Windows XP Setup disks by using a computer that is running Microsoft Windows 95, Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), or Microsoft Windows Millennium Edition (Me):
310994 Obtaining Windows XP Setup Boot Disks

Delete all the files from the newly created Setup disk 1.
Copy the Ntdetect.com and the Ntldr files from the I386 folder on the Windows XP CD-ROM to the new disk.
Rename the Ntldr file to Setupldr.bin.
Create a Boot.ini file. The following example works for a single-partition IDE drive with Windows XP installed in the \Windows folder, but the exact value in the [operating systems] section depends on the configuration of the Windows XP computer that you want to start: [boot loader]
timeout=30
Default= multi(0)disk(0)rdisk(0)partition(1)\windows

[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\windows="Windows XP"

If your computer starts from a SCSI hard drive, you may need to replace the multi(0) entry with scsi(0). If you are using scsi(x) in the Boot.ini file, copy the correct device driver for the SCSI controller in use on the computer to the root of the setup disk, and then rename it Ntbootdd.sys. Change the disk(0) number to represent the SCSI-ID of the hard drive you want to start to. If you are using multi(x) in the Boot.ini file, you do not need to do this.
Start your computer by using the floppy disk, and then log on to Windows XP.
back to the top

Collapse -

by sgt_shultz In reply to

Troubleshooting
If the path that points to the system files is incorrect or includes the drive letter, you may receive the following error message:

Windows XP could not start because of the following ARC firmware boot configuration problem:
Did not properly generate ARC name for HAL and system paths. Please check the Windows XP (TM) documentation about ARC configuration options and your hardware reference manuals for additional information. Boot Failed.
If an incorrect SCSI driver has been selected or the Ntbootdd.sys file does not exist, you may receive the following error message:

Windows XP could not start because of a computer disk hardware configuration problem. Could not read from selected boot disk. Check boot path and disk hardware. Please check the Windows XP (TM) documentation about hardware disk configuration and your hardware disk configuration and your hardware reference manuals for additional information. Boot Failed.
back to the top
Resolving Boot Issues with a Boot Floppy Disk
You may be able to use a Windows XP bootable disk to start the operating system on a computer running Windows XP. Use the procedures in this article to work around the following boot issues:
Damaged boot sector.
Damaged master boot record (MBR).
Virus infections.
Missing or damaged Ntldr or Ntdetect.com files.
Incorrect Ntbootdd.sys driver.
To boot from the shadow of a broken mirror. Please note that you may need to modify the Boot.ini file to do this.
You cannot use the Windows XP boot disk to help resolve the following issues:
Incorrect or damaged device drivers that are installed in the System folder.
Boot issues that occur after you see the Windows XP startup (Osloader) screen.
---
good luck, good to have NTFS boot disk handy even if it won't fix this one...

Collapse -

by dfb In reply to

Poster rated this answer.

Collapse -

by Oz_Media In reply to V=I=R=U=S - W32.HLLW.Rale ...

I have tried to stop the infected file svchost.exe in task manager but it just starts up again and starts the countdown to reset again.

Sounds like Blaster, if not both.

YOU MUST STOP THE SYSTEM FROM RESTARTING:
Start in Safe Mode and you should be able to avoid the reboot,if not, check your startup properties for nay entries that you don't need to run at start. There is a command line to do this but I don't know what it is for XP, sorry.

DISCONNECT YOUR NETWORK OR ADSL CONNECTION!!!!

Run a scan in Safe mode and you should be able to delete the files.

YOU MAY HAVE THE BLASTER WORM...

In safe mode, scan and delete any files named blaster.exe or similar.

I downloaded a white paper on starting Xp with the restart disabled, I'm sorry but I just can't find it. (I don't know anynoe who uses XP, so it was lost on my desk full of crap).


First of all, you're right, Symantec sucks. Get rid of NAV and install Grisoft's AVG Free edition.
Http://www.grisoft.com

Collapse -

by dfb In reply to

Poster rated this answer.

Collapse -

by bohicam1 In reply to V=I=R=U=S - W32.HLLW.Rale ...

Since you are on winxp, go into your network properties and enable the firewall for your internet connection. Next, right click My Computer, choose Manage, click on the "+" sign next to Services and Applications. Choose Services, then scroll down to "Remote Procedure Call" double click it and along the top menu bar choose Recovery. You will see three drop down lists each saying "Reboot the Computer". Change these to "Restart the Service".
This will stop the traffic being sent out by your computer, allow you to identify the infecting files and also allow you to download the security patch from Microsoft. Once the patch is installed, go back into services and change the drop down lists to where they were.
Good luck!

Mike

Collapse -

by dfb In reply to

Poster rated this answer.

Back to Windows Forum
26 total posts (Page 1 of 3)   01 | 02 | 03   Next

Related Discussions

Related Forums