 sj |
||
|
||
Tech: Re my: Help! Serious Virus Plea.
|
|
|
Subject: Tech: Re my: Help! Serious Virus Plea. From: wilbyhillbilly Date: 25 Jan 10 - 09:32 AM I think I might have celebrated a little early after all the fantastic help I was given recently, when I thought I had eliminated it. A couple of days later I got this message in a little box. "WINDOWS. The system must shut down because tha DCOM SERVICE PROCESS LAUNCHER TERMINATED UNEXPECTEDLY. This shutdown was iniated by NT AUTHORITY SYSTEM" it then started counting down from 50 seconds before closing. After it shut down it restarted and came up with this message "DATA EXECUTION PREVENTION. To help protect your system Windows has closed this program. Name. GENERIC HOST FOR WIN 32 SERVICES. Publisher: Microsoft Corporation." Then asks to send error report. It is now doing this approx every 30 minutes and I cannot stop it. I did a full scan and it found and destroyed two trojans which I thought was the end, but it is still shutting down every half hour. Anyone help AGAIN please. |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: olddude Date: 25 Jan 10 - 10:36 AM first thing is to boot in safe mode, hit f8 when booting then click start , run and type mrt hit enter see if the mal software removal tool can get rid of it try that first Dan |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: wilbyhillbilly Date: 25 Jan 10 - 11:41 AM Tried that Dan, it did scan said no infected files found, then just after that the message came up and the system went into shutdown again. The only scan I could do was the quick scan because if I try the full scan it shuts down after 30 mins so there is not enough time. Seems to me it is a clever little bugger and makes sure it closes before it is found, if it is a virus of course. |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: Neil D Date: 25 Jan 10 - 11:49 AM Have you tried this? Click Start, then my computer, then right click the c drive, click on properties, click tools and then under error checking, click check now, select "auto fix file system error and scan for and attempt recovery of bad sector, then click start. It may tell you to restart your computer to do this, go ahead and restart it. This usually works for me, afterwards I run my virus scan, just to be safe. Good luck. Christina |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: wilbyhillbilly Date: 25 Jan 10 - 12:24 PM Tried that Christina , it did it and said it was clean, but thanks anyway. Each time I try something I learn a bit more, can't be bad. John |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: Mick Pearce (MCP) Date: 25 Jan 10 - 12:32 PM willy - try this to stop the shutdown: Go to the desktop, right click in some empty space and select Create/New Shortcut. When the wizard starts in the location of item box, type shutdown -a, click the next button and in the name of the shortcut put Abort Shutdown or some name you like. (This is for XP). If a shutdown starts, double click this icon and it should abort the shutdown. That may give you time to finish a malwarebytes scan. (You might want to download a new copy of that to your desktop and run it from there in case you old copy is compromised). Mick |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: JohnInKansas Date: 25 Jan 10 - 12:38 PM For reference, I think the previous thread was Here, in case any helpers would like to look at what was done before. John |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: wilbyhillbilly Date: 25 Jan 10 - 01:09 PM I'll try that Mick, thanks. Thanks John, I didn't know how to do that. John |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: Sandy Mc Lean Date: 25 Jan 10 - 03:16 PM Are you turning off System Restore before you scan? Perhaps the bugger is reloading from backup files. |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: wilbyhillbilly Date: 25 Jan 10 - 03:54 PM I didn't know it was possible to turn off system restore! |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: Sandy Mc Lean Date: 25 Jan 10 - 04:46 PM For Windows XP: I'm not sure if Vista is the same. Click start Right click My Computer then click properties Open System Restore tab Check box |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: Sandy Mc Lean Date: 25 Jan 10 - 04:46 PM |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: JohnInKansas Date: 25 Jan 10 - 07:01 PM Note that removing the check from the System Restore box Deletes ALL prior restore points IMMEDIATELY. This does mean that you will not be able to use System Restore to go back to a previous configuration once the box has been unchecked. You can save a Registry configuration manually, by recalling a config using System Restore and exporting the Registry from regedit, but it does require manually accessing the registry, and it's easy to confuse where you are with the configurations. John |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: wilbyhillbilly Date: 26 Jan 10 - 08:40 AM Thanks to all. Hopefully I will find the cure shortly. John |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: bobad Date: 26 Jan 10 - 09:15 AM If all else fails do, or have done by professionals, a wipe of your hard disc, after backing up all the files you don't want to loose. I recently experienced problems with my computer, the cause of which was never found either by me or the staff at a very good computer repair shop. They finally did a wipe for me and my computer hasn't worked this fast and well since it was new. Hard drives tend to become bloated with useless junk and files get corrupted files over time, regular wipes are recommended. Mine had never been wiped in six years. |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: Bernard Date: 26 Jan 10 - 09:58 AM Unfortunately, it could be a 'rootkit' infection, which cannot easily be cleared after the system has booted, even in Safe Mode. You may need to either use a solution that boots from a CDRom, or put your drive in a caddy and 'clean' it on someone else's machine which isn't infected and has every known protection available. A 'rootkit' infects the boot sector of the system drive, and often transfers itself to any other drives on the system via the 'autorun' feature. Turning off autorun on all drives before you've been infected is good protection, though not infallible. When you boot a system with a rootkit in its boot sector, the malware is able to 'cloak' itself so that even the best antivirus or antispyware cannot detect it - and is often disabled by it. Other clues can be the inability of the AV software to update, and even Windoze updates can be compromised. System Restore can also be disabled, and accessing Safe Mode itself may be blocked. There is no cover-all cure for these things - first you have to find out what you're dealing with, which is often the longest part of the cure. In my experience the symptoms one system has may be similar to another system, but they are often not caused by the same thing... so be careful about grabbing the nearest solution and expecting a miracle! One very handy tool is available from Trinity Rescue Kit, which involves downloading an ISO image from which you burn a bootable CDRom. However, information changes on their website alarmingly frequently, which shows how the malware threats are modifying to try to keep ahead of the cures... so make sure you read up as much as you can before attempting any 'cure'... each time you visit the site you may find they've changed their approach yet again! |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: Bernard Date: 26 Jan 10 - 09:59 AM Yes, what Bobad said! Often a much quicker answer! |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: Bernard Date: 26 Jan 10 - 12:38 PM Okay, back from a job... to add to what Bobad said: Buy a new hard drive and a caddy (making sure it matches what you already have - don't buy a SATA drive and caddy if you're still on a PATA drive). Rebuild the PC on the new drive, and all your old stuff will still be available via the caddy. As long as you've got adequate malware protection the rootkit can't transfer itself (you did remember to disable 'autorun', didn't you?!!), and you may even be able to clean the old installation that way if you prefer to revert to it. Another word of warning - if you use USB fobs or other removeable drives, it's just possible they may have been infected with an 'autorun' rootkit. As long as autorun is disabled, they won't work - but you need to delete (and empty the trash) the autorun.ini file AFTER you've opened it with Notepad to see what it loads - delete that folder and its contents, too. |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: wilbyhillbilly Date: 27 Jan 10 - 08:32 AM Thanks Bernard, but I'm afraid this talk of Sata Iso Caddy etc is a foreign language to me. It's looking like I will have to take it to the "experts" to try and get them to do it. The thing is still trying to shutdown after 30 mins each time I power up, but at least it only does it once now as I took the advice from Mick Pearce and can abort the shutdown and it seems to then carry on indefinitely, (until I switch off then on again). Weary John. |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: wilbyhillbilly Date: 27 Jan 10 - 09:41 AM I've just done another scan with Spybot and it's come up with more files, but they all seem to be "tracking cookies" and relate to progs I didn't even know were there, all of a similiar nature i.e. Adviva,Doubleclick,Mediaplex,Rightmedia,Tradedoubler. Am I right in thinking these things must be "generating from within" as it were, because I'm sure they weren't there on the last scan, although there were similar.(tracking cookies). AAAAAAAAAAAArrrrrrrrgh. John |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: Bernard Date: 27 Jan 10 - 09:54 AM It's a minefield, innit?! Do you have a set of 'System Restore' CDs that came with the PC? It's not that difficult to replace the hard drive and reinstate it 'as new'. As for the apparently complicated terminology, it's not really so obscure, honest! A 'caddy' is a box you can put a hard drive into, then you can plug it into your PC (after disabling 'autorun', of course!) and use it as if it's an internal drive. PATA is the old IDE connection with the wide ribbon cable, SATA is the modern connection with a small (sometimes locking) plug. ISO means an image file (cd_image.iso for example) that most CD burning software can use to make a CD - and is an easy way of producing a bootable CD. As for disabling 'autorun', you only need to open 'My Computer'... right click on the drive icon, select 'properties' and you'll see an 'AutoPlay' tab. Click that tab and you'll see a few options. All you do is click the 'radio button' on 'Select an action to perform', scroll down to 'Take no action', make sure it's highlighted and click 'apply'. You DO NOT want to be propmted each time for an action, as this means the autorun.ini file will have already run... However, if the choices are greyed out, you're too late - the malware has beaten you to it! As yet I'm not sure about this shutting down business... I'll try to find out more, as it's a new one on me. Clearly it's the malware doing it, but why?! Okay, I know... 'because it can!' |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: Stilly River Sage Date: 27 Jan 10 - 09:56 AM IDE and SATA connections SATA connections and cables General instructions to install a SATA drive I have a couple of drive enclosures holding one backup drive I've used for a while and the previous hard drive for this computer from a rebuild last year. When I was first dealing with a SATA drive I realized, in poking around the mother board, that I had three free slots there that I'd never thought about using. It's really pretty amazing what you can find when you get under the hood. SRS |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: wilbyhillbilly Date: 27 Jan 10 - 11:49 AM That's if you dare!! John |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: Mick Pearce (MCP) Date: 27 Jan 10 - 12:27 PM willy - the tracking cookies your scan is finding shouldn't be the cause of your troubles: they're just small information files that websites you visit put on your computer. The tracking cookies saved on your machine can be read by the same/other websites and used to target adverts to you. In themselves they can't harm your machine and you can set your browser up to ignore them (ie not save them) or ask if you want to save them or not. For the symptoms you're getting I'd use malwarebytes rather than Spybot and if that doesn't work I'd try combofix (although that involves a bit more work to use, though the instructions are pretty clear). Mick |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: Bernard Date: 27 Jan 10 - 01:56 PM Yes, Mick - except that a rootkit can be capable of cloaking itself so that neither Malwarebytes nor Combofix can spot it unless the PC is booted from an alternative device, such as CDRom. That way the boot sector doesn't trigger the rootkit. If you boot from the infected device the 'fix' has already failed. The buggers are getting too flamin' clever! |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: JohnInKansas Date: 27 Jan 10 - 02:05 PM It was suggested in a previous post that turning off System Restore might be a good thing to do. It's not clear that it's widely understood why this may help, or just how System Restore works. If System Restore is turned on, each time the computer is shut down or rebooted, if anything in the setup has changed the System saves the configuration in a separate encrypted and inaccessible folder. This folder can hold about a half-dozen "restore points" but when a new one appears the oldest previous one is "pushed out" and gets discarded. Malware that gets on the system may make changes in the Registry before the original "infection" is removed. When your AV deletes the original infecting file, it may not delete entries made in the Registry, and some malware may copy the original infecting file under a "scrambled name" that's unlikely to be found by the AV. When the computer is rebooted, with System Restore on, the system looks at the last previous restore point, and if anything that "looks useful" is missing System Restore may automatically (and invisibly) put the Registry entry back into the system. The registry can "call for" the aliased/renamed original infecting file, and the infection reinstalls itself each time your reboot. Once you have rebooted a half-dozen times, with changes each time while you have tried to remove the infection, it becomes unlikely that System Restore contains a restore point that does not contain the instruction to reinstall the infection, so there is no harm in removing all the restore points. You remove them by turning off System Restore (which dumps them all). This does not remove the reinstall instruction from the Registry for the current configuration, but booting in Safe Mode lets Windows restart without reading all the Registry instructions, so the malware might not be put back. The KB article linked up above does give you somehwat more control over what starts, and what doesn't, in WinXP Safe Mode, which may be helpful in getting the computer up without turning on the infecting file(s). If all copies of the original infecting file can be removed by your AV while running in safe mode, but the Registry is not cleaned, the next normal boot should give a different error message when the registry attempts to open a file that doesn't exist. The new error message should give the name of the file that wasn't found, and you can then (sometimes) look in the registry to find the line that calls for that file, so that the Registry entry can be deleted. If you're not comfortable with working with the Registry, it should be fairly easy to find advice once the filename is identified. The only caution here is that you don't want to edit out the Registry line that calls for a file that is needed but is just missing. In the present case, where Windows Explorer fails repeatedly, it is possible that the malware has modified or replaced a file used by Explorer. The modification/replacement may have just corrupted the file so that it doesn't work, or your AV might have removed it because it was infected. My recollection is that WinXP usually includes a "Repair Windows" option in Control Panel, at the Add or Remove Programs location. If you don't find it there, it may come up if you boot from original installation disk (or a "Repair Disk" as some OEMs call them). In Vista, an OEM installer can have included the Repair module in the installation; but usually you have to boot from an original installation disk to get to it. If you can run the System Repair utility, it will theoretically look at all the necessary Windows files and will replace any that are missing or corrupted. Since the file(s) will be replaced with an "original" version, it may not incorporate patches issued after your computer was built, so Windows update should be run as soon as possible after any "Repair" that goes back to your original installation disk. (Even if you don't have to use the installation disk, the check will be against "CAB files" copied to your hard drive at the time of first installation, so you should still check for updates.) John |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: olddude Date: 27 Jan 10 - 02:20 PM boot to safe mode F8, use the free microsoft one care safety scanner. My friend had a bad bad virus yesterday. I tried a lot of things and finally nailed it with this one and it worked slick Microsofts safety scanner |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: olddude Date: 27 Jan 10 - 02:27 PM forget spy sweeper, root kits etc, do the safety scanner in safe mode. the virus I took off my buddies PC skated through everything. Safety scanner nailed it removed it fixed all the files and took about 3 hours of run time ... now here is the problem, if you don't have a high speed line like a dsl or cable modem, I have no idea how long it will take ... |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: Mick Pearce (MCP) Date: 27 Jan 10 - 03:28 PM The utility JiK is pointing you to is the System File Checker. This can check system files and replace them if they are not the correct version. The command: sfc /scannow will do this - you can type it into the Run box of the start menu. (of course if malware is clever enough to rewrite the cache of correct files, this will not do anything useful). Mick |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: Stilly River Sage Date: 27 Jan 10 - 03:44 PM I forgot to mention that I would never willingly turn of System Restore. It doesn't always work the way I want it to, but it has saved my bacon a couple of times. SRS |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: wilbyhillbilly Date: 28 Jan 10 - 04:06 AM More brilliant advice, thanks all, I will take time now to run through and digest it, then give them a try. Thanks again. John |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: wilbyhillbilly Date: 29 Jan 10 - 03:03 AM Did the safety scanner bit, took 4 hours for complete service scan and it found 3 serious infections and got rid, as well as other stuff. Restarted and then up came that blasted shutdown window again, so, onto the next bit.... John |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: Bernard Date: 29 Jan 10 - 09:01 AM Let's be clear about this... a 'rootkit' is not a fix, it is a particularly pernicious form of malware that replaces the system drive's boot sector. It is therefore capable of circumventing any attempt to remove it, even in Safe Mode. The only sure way to get rid is by booting from another device (usually CDRom) and replacing the boot sector with a clean version. This could also be achieved by connecting the drive as a slave or external drive on another machine which is adequately nailed down. I repeat - disable autorun (autoplay) to prevent infected drives from installing their rootkit payload. If you have a network, they will spread like wildfire to any machine that has mapped drives with autoplay enabled. I've been there... |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: Mick Pearce (MCP) Date: 29 Jan 10 - 09:35 AM Bernard - not all rootkits replace the boot sector, most just subvert operating system files. While replacing the boot sector would typically require booting from some other device - some kind of recovery CDrom as you say - that may not be necessary. The same behaviour willyhillbilly described after infection removal could easily be caused by malware installing Run or RunOnce keys in the registry to reinstall themselves on startup. If it was me I'd do the malware scan and removal followed by a HijackThis (or one of the other registry scanners) to check the Run keys in the registry and delete those if needed followed by sfc to recheck the operating system files. If I was still getting problems then I might try creating one of the scan and recovery discs (there are links and instructions for downloading isos and creating discs on the reputable antimalware sites - make sure its one of the recognised reputable sites!). But as willy has said above his level of technical expertise might not let him feel confident with some of these, so it may be better to bite the bullet and take it in to a store. (Stress that you want the system cleaned not the disc wiped and O/S reinstalled from scratch, or you need your data recovered if they do that). Mick |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: olddude Date: 29 Jan 10 - 09:45 AM Ok, everyone is correct here, try this now, you got rid of 4 of them from the scan, probably all of them but the boot sector is messed up. get your windows CD and boot from it ... then choose repair instead of full install do the repair portion of the installation, this should repair corrupted files ... then you should be alright I think |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: wilbyhillbilly Date: 29 Jan 10 - 11:44 AM I bow to your superior knowledge people,it's great having you around. Mick is absolutely right about my expertise or lack of it and I fully expect to have to eventually take it somewhere, but in the meantime I am enjoying the experience of trying the simpler things and who knows, one of them might work. I know I keep saying thank you, but I really appreciate the time and advice given. John |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: Stilly River Sage Date: 29 Jan 10 - 03:31 PM That sounds like a good option, Dan. |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: JohnInKansas Date: 29 Jan 10 - 04:47 PM wilby et. al. Until you get fixed, it's not really certain what you've got; but according to The Red Tape Chronicles there are worse things out there than what we think you've got. GIVE ME YOUR MONEY, OR YOUR COMPUTER GETS IT Posted: Friday, January 29 2010 at 06:00 am CT by Bob Sullivan Could be worth a look, just to keep up on what the thieves are doing these days. John |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: Rasener Date: 29 Jan 10 - 06:44 PM Bernard Getting rid of a rootkit virus is possible. I know I did it for my wife about 9 months ago and I haven't had any problems since. All her data was retained. I actually talked with PC World first and they said, you will have to reformat etc, etc. Fortunately I didn't listen to them. I will have a look and see if I can find what I did. |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: Rasener Date: 29 Jan 10 - 07:43 PM OK This is the way to remove the files that are causing the root kit virus. I did this and it worked. When you have done this, you still need to use you virus checkers to make sure there aren't any other viruses left on the machine. Please take the time to read it properly first and print it out so you have it by your side as you carry out each instruction. UACd.sys Trogan / Winpc Virus Removal It does require a level of skill. This is not recommended for beginners and requires an advanced set of technical skills.* Symptoms: - Programs like Spybot, Malwarebytes, Superantispyware, Windows Defender, etc. wont run or install. You double click, it looks like it is trying to open, but nothing ever happens. - Every time you try to search something on Google and click on the link of a result, it will redirect you to a site with the URL of gwww.windowsclick.com or something similar. - Your computer will be slow and will freeze. Removal: Instead of playing around and trying to get programs to work and to remove it, use this trick instead. 1. First you will need a copy of your Windows CD. 2. Boot your computer to the Windows CD. Let it boot to a blue screen and it will ask you if you want to repair your computer by pressing R. Press R on the keyboard. 3. It will ask you what Windows installation you want to log onto, select the appropriate one. (Most likely 1.) 4. If it asks for an Administrator password, enter it in. If you dont know the password, chances are it is blank so just press enter. If that still doesnt work, you will have to change or remove your administrator password. 5. You will see a black window and if you are successfully logged in, you should see C:\Windows in white text. Type the text after the word Type and then press ENTER C:\Windows Type cd system32 C:\Windows\system32 Type dir (Now you will see a long list of a bunch of files. Scroll down to the U's. If you are indeed infected with the UACd.sys Trojan, you should see files named UAC*random characters*.dll. Write down on a piece of paper all of the files that begin with UAC including guacinit.dll. Make sure you write them down exactly as they are (take your time on this and get it right). Now you can scroll to the bottom and you will be back at the C:\Windows\system32 prompt. You are now going to delete each item you have written down, so remember to tick each one off on your list as you succesfully delete them. So your first one you carry out the instructions after the word Type. C:\Windows\system32 Type del UAC*random characters*.fileextension (If the file is named UACdsferskwufy.dll that is what you type in.) If it is successful, it will just go to a new line with C:\Windows\system32 쳌as the prompt. Repeat the del process with the rest of the files that you wrote down. Once you have deleted all of them. Run the dir command again and scroll to the U's and see if there are any UAC files left. If you have done everything correctly, there shouldn't be. Once that is done, you will be back at a C:\Windows\system32 쳌 prompt. Follow these commands. C:\Windows\system32 Type cd drivers C:\Windows\system32\drivers Type dir Browse through the list till you come to UACd.sys. Write this down so you don't forget it. Now browse to the end of the list and you will be back at the prompt. C:\Windows\system32\drivers Type del UACd.sys If it is successful, it will go to a new line. You can then restart your computer by holding the power button or typing in exit. (Make sure to remove the CD so it doesn't boot to it again.) Let it boot into Windows. Once you are back into Windows, download Avenger from here http://www.downloadrage.com/avenger-antivirus-download.aspx Scroll to the bottom of the page to find the download link Extract the file and run the Avenger program. In the white text box, enter and run the following. Drivers to delete: UACd.sys Files to delete: C:\WINDOWS\system32\wJQs.exe It may ask to reboot, let it reboot your computer. Now run the usual spyware/virus removal tools to take care of the rest. I hope taht helps |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: olddude Date: 29 Jan 10 - 08:03 PM Les those are great instructions. But I am pretty sure he got rid of the virus from the oncare scan, what I think is the virus corrupted the boot files and they are broken even though it is gone. if it is XP he should just boot from the install CD and do the repair which will copy over the files with the proper onces leaving everything intact ... your instructions for manually removing the virus is very good indeed, especially those that did not do the onecare scan good job Dan |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: Rasener Date: 29 Jan 10 - 08:26 PM OK I understand Dan. Never the less its worth him checking. However its worth everybody keeping those instructions for future reference. It doesn't take long to do and it will save lots of time and effort, trying this and that and pulling your hair out etc. :-) You also won't lose any of your data. Les |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: wilbyhillbilly Date: 30 Jan 10 - 07:53 AM El Thicko here again, how do I "boot from the windows cd". I put the disc in and went to "my computer" then double clicked on D drive and got the menu then looked at instructions which said restart with the disc in, which I did. It just started as normal, I can't find the repair option!!. I am obviously missing something |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: wilbyhillbilly Date: 30 Jan 10 - 08:26 AM I just did another scan with Microsoft Essentials and it came up with this "serious threat" VirTool:Win32/Obfuscator.HW which it says cannot remove but has quarantined it. I think I now have to try Villans method, but cannot seem to work out how to boot from disc. HEEEEEEEEElp! John |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: olddude Date: 30 Jan 10 - 09:51 AM John go into your computers setup, that is usually F1 or F2 when it starts to boot. Here you see things like hard drives and other technical options, look for boot sequence, change the sequence to CD first then hard drive ... hit esc and save it will reboot but will look for the CD first |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: JohnInKansas Date: 30 Jan 10 - 02:12 PM If your AV has quarantined the threat file, it should not be able to run the next time you reboot. The most probable reason why the AV could not remove an infected file is that the file was open/running. Most AV programs, however, as a "standard practice" do NOT delete files, but instead put them in quarantine so that, if necessary, you can restore them. Once the file is quarantined, if you just reboot normally you should be able to delete it from the quarantine file just by opening your AV program. Microsoft gives a specific "information" for the malware indicated at VirTool:Win32/Obfuscator.HW that may be of interest, but indicates that up to date AV should be able to remove it, and gives no other instructions. By putting the file in quarantine your AV has "removed" it. If you reboot and run a new AV scan, and the file is found again, it probably means that it's being reinstalled by a Registry entry or by a boot sector infection. John |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: olddude Date: 31 Jan 10 - 12:27 AM i hope you are ok now and it all works again |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: GUEST,Jim Martin Date: 31 Jan 10 - 06:46 AM I would say most of all this hi-tech jargon is beyond most of us who are average computer users and in a similar situation, we will get an "expert" to fix the problem - I did this and finished up having to buy a new computer. It's all one big scam! |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: olddude Date: 31 Jan 10 - 08:17 AM |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: olddude Date: 31 Jan 10 - 08:21 AM no kidding for a normal home user ubuntu linux .. no more viruses. i switched my doctor buddy and he is hooked now along with my mom and sister. if it were not for my clients i would never use windows |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: wilbyhillbilly Date: 01 Feb 10 - 02:13 AM I am a little wary of celebrating yet (after the last episode) but I THINK it's finally back to normal, and thanks to you all for the pride and satisfaction I now feel, just the fact that I managed to follow the "idiot proof" instructions and arrive at a satisfactory conclusion is great, BUT.... Please don't ask how it's ended up here. It has taken about two solid days of heartache, hair pulling, (not that I've got much to start with) and highly strung nerves. I finally started by trying to do a repair, after booting from disk, which all seemed fine until it looked like it was doing a complete re installation and I could'nt stop it, anyway, it said it would take about three hours so I left it to get on with it, when I returned about three hours later it had got to about ten minutes then asked what language I wanted and had waited for me to click English, so then I was feeling sick for the next two and three quarter hours thinking I had lost virtually everything and was going to end up with a new clean pc to start from scratch. When it had finished and rebooted it looked normal, everything was still there, the only difference was that the virus protection was turned off and a message saying computer at risk no virus protection,no problem I thought, just download microsoft essentials again, no go, kept coming up with an error code unable to load, investigated that, no luck, tried other progs no joy, none of them would install, tried onecare scans, still no joy, eventually tried my old AVG free which was still on there and it loaded, got rid of another infected file,took about an hour to update, then I got 59 updates from microsoft, then XP3 pack and after two days have now hopefully got back to normal, making sure that I have now backed up the whole thing onto my external drive and will do regular backups in future. Still have absolutely no idea how I got here but I just hope it lasts a bit longer than last time now. Grateful thanks to all, John |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: wilbyhillbilly Date: 01 Feb 10 - 04:24 AM I've just noticed that my hd freespace has gone from about 75% down to 27% since I did what I did. I looked in regedit and HKEY LOCAL MACHINE, SYSTEM, and it shows Control Set 002, Control Set 003,Current Control Set, and they all seem to contain the same things. Do I need all three, or could this be where I have lost all my freespace? Can I delete two of them? John |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: Mick Pearce (MCP) Date: 01 Feb 10 - 05:54 AM willy - having several ControlSet keys in the registry is normal (the CurrentControlSet is just a pointer to which one is currently in use and is set at system startup). They contain only configuration information and should not be responsible for a 50% loss of free space on your system. There are several possibilites: 1) You have a lot of things as temp files or files waiting to be deleted 2) You have lost some disc space - ie the system has lost track of it 3) The system thinks your discs are smaller than they are or the disc partitioning is not correct. For 1) You can use a utility like the SpaceSniffer BillD linked recently here: Tech: Where are your files? What takes space?. You can download and install that, run it for your disc and you'll see where your space is going. For 2) Right click on the disc letter in Explorer, select Properties/Tools and Error Checking. That should sort out any space that has been lost from the system records. For 3) You should probably have a look at this first and just check that your disc is showing at the size it should be: Select the disc letter in Explorer, right click and select Properties and see what the Capacity is. If it's what you expect that's OK. If not, then the disc partitioning may be wrong and you may have to adjust it to get the rest of the space on the disc (info on this later if needed). Have a look at these things and see where the problem lies - probably in the reverse order that I gave them! (One final thought - you new install didn't install a separate system somewhere else than the default location did it?). Mick |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: olddude Date: 01 Feb 10 - 09:47 AM GREAT IDEA CHRISTINA!! |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: olddude Date: 01 Feb 10 - 12:04 PM John just my personal thoughts, I took off several viruses last week from my friends PC's ... all protected by AVG ... I know people will disagree with me but AVG doesn't work IMHO ... please bite the bullet and buy mcafee. Every corp I work with uses it, I used it for years and I don't have virus issues and it has protected me from a host of them .. just my opinion ... if you still insist on a free one that panda cloud is getting some good press but I never used it .. Dan |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: wilbyhillbilly Date: 01 Feb 10 - 12:14 PM Dan, I was perfectly happy with Microsoft Essentials, it was great, but for some reason it wouldn't download again. I even tried to download a trial Mcafee and that just froze halfway through. However I've yet to try it since I became "clean" as it were, but I will definitely end up buying something other than AVG. John |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: olddude Date: 01 Feb 10 - 12:15 PM I don't want to go on and on but this is important. My wifes friend diane got a bad one, she didn't want to bother me so she hired a girl to come to her house (cost her 150 bucks) her machine was protected by AVG ... 2 days later the virus was back, I went over and fixed it . this virus was attaching itself to adobe updater, scated right through AVG ... I loaded mcafee after I clean it and repaired all the files. 2 days later mcafee caught it trying to come in again .. took care of it ... I hate AVG I don't think it protects much of anything and I have a pile of examples. But like I said others may disagree but the act speaks for itself I think |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: JohnInKansas Date: 01 Feb 10 - 01:06 PM Posted in Another Thread so I won't repeat it here, but some extracts from Symantec's White Paper on threats found in 2008 might be of interest. (There's a link at that post where you can look at the entire PDF report). That report doesn't go into relative performance of AV suites, but knowing what might be attacking you is of some importance in defending yourself. Separately, scattered sources are reporting an increased incidence of attacks via "third party programs" in which vulnerabilities in programs you install (not part of the OS or of "big name" productivity suites). Major vulnerabilities have been found in Adobe PDF readers, Flash, various Multimedia programs, etc; and most of the suppliers of these "extras" have rather poor records on patching vulnerabilities quickly when they are found. The absolutely worst thing you can do to expose yourself to infection appears to be careless use of FTP file sharing, with IM (instant messaging) and IRC (chat) systems growing to nearly the same frequency of infection. John |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: olddude Date: 01 Feb 10 - 01:17 PM John in Kansas outstanding comment my friend |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: wilbyhillbilly Date: 01 Feb 10 - 02:51 PM Here I go again. Doing a disccheck and it got to 4 out of 5 then froze. I had to switch off to get out, nothing else worked. When I reboot it comes up with the apology for incorrect start etc and choice of Start Normally, or Last good configuration, trouble is whatever one I try it starts on the normal startup screen then goes back to the same one Start Normally or Last Config etc. Just keeps going round in circles. How the hell do I get out of this? I think I'm on the verge of giving up computers full stop, for the benefit of my health and qall those around me! Very Weary John |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: Mick Pearce (MCP) Date: 01 Feb 10 - 05:46 PM willy - how big are your disc drives. Stage 4 can take a long time with large disc drives. Can you start the system in Safe Mode; if you can, do so. Otherwise see if you can start from disc. Open a command window (Start/Run/cmd) and type the following command: >fsutil dirty query C: (or whichever drive failed the check). If this reports drive C DIRTY then chkdsk will always try to run at startup. You can prevent chkdsk from running with the command: >chkntfs /x C: (or C: D: .. if you have more) This prevents the disk being checked on startup, even if chkdsk should run on it. Then you can try running a quick chkdsk from the command line to try and clear the flag: >chkdsk /i C: This only checks the file indexes (and not thoroughly) and doesn't do the stage 4 and 5 checks. Hopefully this will clear the dirty setting and stop chkdsk running on restart. We still have to sort out your missing disc space! Did your drives show the full capacity or not? (If you want to take this off the thread or want more info on these commands PM me; I should be online for a while). Mick |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: wilbyhillbilly Date: 02 Feb 10 - 04:35 AM Just for clarification! I start up and get the windows xp screen with the blue bar running to signify loading, then it goes to the "We apologise for the inconvenience" screen with options to start normally or last good config, or safe mode, safe mode with networking, or safe mode with command prompt. If I do normal or last known, it starts the same sequence over again and ends up back at the same screen, if I do safe mode it goes to a black screen with loads of lines of text and then stops completely. I haven't dared try safe with networking or safe with command prompt yet as I don't know if I will do more damage. If I do nothing, it just keeps trying to restart and repeating the sequence over and over. I tried booting from the windows disc and had option of reinstall or repair, chose repair and got a screen that said type exit so I did and ended up back where I started again. John |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: wilbyhillbilly Date: 02 Feb 10 - 08:27 AM I can get to the repair console booting by disc and have a command prompt, is there anything I can type in here to maybe do some good? Weary John |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: olddude Date: 02 Feb 10 - 08:37 AM yes you can just type the check disk command Mick said in his post chkdsk /i C: |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: Mick Pearce (MCP) Date: 02 Feb 10 - 08:57 AM Actually, I don't think you can do that form of chkdsk in the recovery console, but you can do the longer check: chkdsk C: /r Only /r and /p (forces a check even if the disc isn't marked to check) options are available in the recovery console. I sent the info by PM earlier today and he's trying chkdsk /r now. Mick |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: wilbyhillbilly Date: 02 Feb 10 - 09:13 AM It seems to be checking,it says chkdsk is performing additional checking or recovery, got up to 75% then dropped to 50% and then stopped for quite a while but has now got to 52% so something is happening at last. John |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: wilbyhillbilly Date: 02 Feb 10 - 12:54 PM Thank you so much Mick, I did the check as per your info and it said checks and repairs to one or more items. When I tried to start again it went to check disc on a blue screen which was where I was yesterday, this time when it got to 4 out of five 2% it stopped again but I ignored it this time and eventually it went through the lot and restarted properly, so hopefully I am now back to normal again, apart from my reduction of free space, which I think I will just have to live with at the moment. John |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: Mick Pearce (MCP) Date: 02 Feb 10 - 01:15 PM John Glad you're at least running now. If you're still missing a lot of space and your disc appears to have the correct size and chkdsk didn't recover any, you might try the program I referred to earlier (link here: SpaceSniffer) and see if it finds any unusually large files on the disc. Before that you might just like to check for any space recoved by chckdsk. Recovered space may be in files with names like FILEnnnn.CHK in directories with names like Found.000, Found.001 I think these may normally be hidden, so you may have to right click on C drive in Explorer, Select Tools/Folder Options/View and click the Show Hidden Files and Folders radio button. These files are the orphan pieces of disc that it couldn't assign to known file names. Normally they can be deleted, but you might want to look at them if you think you've lost something important - you may get part of it back. Mick |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: wilbyhillbilly Date: 03 Feb 10 - 11:03 AM What a great prog SpaceSniffer, I love it. Huge, huge embarrassment people, spacesniffer found my "lost" GBs. Just before my problems started I had been transferring VHS tapes to convert, which because of all the hassle I forgot about,(that's my excuse anyway) so I am now the proud owner of 78GBs more free space. Thanks Mick for your patience, sorry I goofed, but I have learnt a helluva lot over the past few days with all the help I have had. Hope I don't need to ask again for a long,long time. fingers crossed. John |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: Mick Pearce (MCP) Date: 03 Feb 10 - 11:22 AM John Glad you're back to normal! I quite liked SpaceSniffer too. I do know where most of my space is, but it did remind me of a few big items I'd forgotten about. Stay clean! Mick |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: Stilly River Sage Date: 07 Feb 10 - 03:07 PM I just got clobbered by something that, as best as I can figure, must have jumped into the system if I moused over something on the page at Photobucket after uploading an image there. A dialog box popped up telling me I had a trojan and Windows wanted me to load a new program to kill it. I was using firefox, and saw the download box pop up and Adobe Acrobat start to open, but I was using WinPatrol and Kerio Firewall and they were asking if I gave permission to open these. I didn't, but still got clobbered. This program, whatever it was, loaded through a file called Kolobok.pdf. I closed browsers and ran a quick scan with the antivirus we use from work (Microsoft Share Point). Didn't find a thing. So I opened Spybot Search&Destroy, updated it, and let it scan. It found several things that tried to affect registry changes, and in the process of infecting the computer had set up dialogs to disable task manager, disable the ability to change wallpapaer, and make no active desktop changes. Even after finally getting the little red X from my system tray to go away I couldn't change the desktop back to it's original background. I used System Restore to go back a couple of days. Earlier today I had changed my wallpaper (to none, with a black background) and the desktop was none with a white background as a result of this attack. System restore put me back to the horsehead nebula in Orion that I had on before. This was nasty. It is how it got there that is troubling--I wasn't downloading anything, I didn't open anything. I moused over something. Last week a page and dialog box opened and tried to tell me I was under attack. A dialog box with the typical blue bar on top and the white x appeared, and I know they had set this up so clicking the x wasn't going to close it. I did click it to see what would happen, and it opened a web page (firefox again) that gave me a screen that looked like firefox was running an active scan and I needed to act swiftly. I always close these things with the control/alt/delete access to the Task Manager, but as you can see from above, that wouldn't have worked, and simply turning off the computer would have allowed the thing to write itself to the registry during shutdown. I will reiterate: if I ever meet one of these designers on the street, I'm going to kick him in the balls. Hard. Looks like it's time to do a big backup again. SRS |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: wilbyhillbilly Date: 08 Feb 10 - 08:42 AM Well after all my problems, the only thing left which I might just live with to save cocking it up again is that when I tried to install McAfee as advised, it keeps telling me that Microsoft Essential Virus Scan needs to be deleted as it is incompatable. The trouble is I deleted that when I had to reinstall AVG as that was the only one that would work. So apparentley there is still a part of Micro virus scan hiding somewhere. I even tried a special cleanup tool from Microsoft which is supposed to completely remove all traces, but that hasn't worked either. I did a regedit and looked for something there but couldn't see anything related, surely there is some way I can get a list of ALL the files and then delete from there if it shows up. John I'm a bit nervous about only having AVG now after what happened before! |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: Stilly River Sage Date: 08 Feb 10 - 09:40 AM I was just near the end of a post with links to the Last Free Version (search on that site) of Kerio firewall, to WinPatrol (the free version) and Spybot Search&Destroy when I got the blue screen. I think this is the old AVG problem I had. So though it is more aggressive at getting the stuff you might encounter, you lose data and your place, etc. when the computer shuts down unexpectedly. I'll have to research this problem further before I tell you to adopt it. But McAfee has not been the industry standard for 10 - 15 years, so I wouldn't be in a rush to install that one. SRS |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: wilbyhillbilly Date: 08 Feb 10 - 09:53 AM OK Thanks SRS. |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: Bernard Date: 08 Feb 10 - 11:10 AM If McAfee won't install, it's because there is still a nasty lurking somewhere which is blocking it... |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: olddude Date: 08 Feb 10 - 11:13 AM Boot to safe mode and try to install Mcafee |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: Stilly River Sage Date: 08 Feb 10 - 01:50 PM Okay, so I decided I was going to repair the file that gives me the AVG blue screen of death rather than use a program that isn't as aggressive at getting nasty bugs. I set up the XP to repair mode but now as it trys to finish setup it hangs in Installing devices. I've disconnected scanner, extra hard drives, the ethernet cable, but I have a card for the monitor that is way newer than the drivers for the old monitor. Even as I was typing that it seems to have gotten past device installation, but now it can't find tons of files. Shit. SRS |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: Stilly River Sage Date: 08 Feb 10 - 03:00 PM XP isn't doing an elegant job of repairing itself. Once it hung up it seemed to lose it's way. I'm trying one more time, and if it doesn't work, I'll pick up a copy of Win7 on campus tomorrow and upgrade. Right not it doesn't even have a functioning mouse. Grrrrrr SRS |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: JohnInKansas Date: 08 Feb 10 - 03:21 PM AV programs and suites trade position frequently in reviews of what's best at any one time. My choice has been a suite (paid for) that stays consistently near the top in the ratings, but others may choose to switch about as the threats change. If you're going to look for good protection, especially in free-ware, it's good practice to check fairly frequently whether your current choice has continued to be a best choice for your needs. Without recommendation, here's the most recent I've seen in a review by a fairly reliable source: Lab Testing Antivirus Software, 02.04.10, Neil Rubenking, PC Magazine. Only 8 AV programs/suites are reviewed, so it's not an "all inclusive" review, but there are comments on some of the more popular ones people here are using that may be of interest. John |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: olddude Date: 08 Feb 10 - 03:26 PM SRS boot to safe mode and run this windows safty scanner |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: Stilly River Sage Date: 08 Feb 10 - 08:03 PM I'll try this again. I set up a regular keyboard on the laptop. I am reinstalling XP Pro because after a couple of attempts to repair the OS with the disk it stopped responding. I realized the advanced hardware on it was making it hang in that device installation stage, and then it wouldn't start up again when I had disconnected a lot of stuff. It was missing tons of files because it couldn't find or read SP2, and I downloaded and tried a fresh copy and it wouldn't use that either. I've picked up Win 7 but it has to go in over XP to use this academic version, so I'm putting XP over the old install. I've been putting all of my files on a different drive letter, so while it won't be pretty, and there is a lot of stuff that I'll have to "own" or "claim" from this new setup, but it is there. Ironically, I was preparing to run a big backup when all of this happened. SRS |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: Stilly River Sage Date: 08 Feb 10 - 10:16 PM Partway there. At least I'm on that computer, but will have to figure out how to wrench Win7 around to my way of doing things. |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: wilbyhillbilly Date: 09 Feb 10 - 04:00 AM I've done the windows safety scanner three times but that won't clear it either, I need to find how to go into the list of every file to see if I can find something that looks like a stray essential security file! The question is HOW! John |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: Acorn4 Date: 09 Feb 10 - 04:29 AM Use "search" for this - if it's AVG you're trying to get rid of put that in as a string of letters, but also "grisoft" - I've just installed "Kaspersky" AV, which seems to be doing a very good job. |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: wilbyhillbilly Date: 09 Feb 10 - 12:06 PM No it's not AVG it's a leftover from Microsoft Security Essentials that I seem to be stuck with. I was very happy with the microsoft security and I wanted to reload it but it won't install again 'cos it says it's still there, BUT IT'S BEEN DELETED. aaaaaaRGH! John |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: JohnInKansas Date: 09 Feb 10 - 04:28 PM wilbyhillbilly When you removed Microsoft Security Essentials, did you just delete files or did you use Control Panel to remove it like you should have? If you just wiped out files, there probably are still entries in Registry that are telling the system that it's already there. Most downloads of Microsoft programs will give you a list of files, with file sizes and issue dates, if you search hard enough for it (so that you can check for authenticity). If you're stuck with Registry entries but not the files, you may be able to use regedit to search for the filenames in the download list. This may not work though since often the files are compacted for download and a file in the download may "unpack" to several files with different names. Your computer also should have an installation log for the program that you can theoretically "read backward" to see if all the "steps" were backed out; although I can't tell you where to find the logs on your machine, and they can be deleted by Disk Cleanups. Also, the current "final version" requires that Microsoft recognize your OS as "genuine." I'm not sure whether that requirement was imposed for betas. Since Microsoft will give you "critical" updates even for "unregistered" OS installations, getting auto-updates doesn't prove that your OS installation is registered properly - and changes you've made recently may have "corrupted" or lost the registration. You might try "re-registering" the OS to make sure you're getting all the goodies. (If you go to the update site and select "Custom Install" it should ask you to "register your computer" in order to see optional updates, if that's part of the problem.) John |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: bobad Date: 09 Feb 10 - 04:39 PM Have you tried the Microsoft Live on line scan that olddude linked to above? Every time I run it it finds and removes a substantial no of unneeded registry items so if that is where your problem lies it may just be the solution. |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: wilbyhillbilly Date: 10 Feb 10 - 12:22 PM John, it did check that I had a "genuine" version and I did delete via control panel and even tried a special tool from microsoft that said it was to clean files that are sometimes left after deletion, that didn't work either. Bobad, I've now tried olddude's advice a total of three times and that hasn't worked either, which is why I am now struggling,:-) John |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: JohnInKansas Date: 10 Feb 10 - 12:47 PM wilby Puzzling, at least. My recollection is that WinXP has a control panel section called "Security ..." something or other, where you can tell the system which of Microsoft's several "Security" programs to use, or tell it that you want to use your own. With early Microsoft stuff, you could just turn them off there, without the need to uninstall them, and they were prevented from interfering with installation and use of "other" security programs. Perhaps something is still set there that's telling the update site that you're using something you don't have? Another (remote?) possibility is that a selection to use the Microsoft Security Essentials was left turned on, and an update actually had already re-installed it, or part of it - between the time you deleted and cleaned and the time when you went back to get it. (???) (The reinstall might have omitted putting back new icons etc, which would make it less than obvious that it came back.) I'm just guessing, of course, since I don't have a WinXP machine still running to look at. John |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: McGrath of Harlow Date: 10 Feb 10 - 12:50 PM Reinstalling your operating system really isn't a big deal, and that would solve the problem. The essential thing is to have an external hard drive you can use to save all your data, and other stuff, such as installation files for any programs you need that you haven't got on CDs, or are readily downloadable, and so forth. It's a bit of a drag, and it ties you up for a few hours, but it means you've got a cleen computer that's running the way it should. And once you've done it it's easy enough to do over again every few months, if you are organised enough to keep the re-installation stuff up-to-date. I always make a firmn resolution to do that, and always fall down on it... If you are using Windows it's pretty certain you are going to have to do it some time, so now's maybe as good a time as any to get your head round it. Oh yes, it's obvious, but... Make sure to unhitch that external hard disc before you start reinstalling. Then when the machinehas done its pieces, you just reload the stuff you want reloaded on to the main computer. If the problem is on the extenal disc, the thing to do is temporarily store any stuff that's on it which you want to keep, and reformat the disc. |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: Stilly River Sage Date: 10 Feb 10 - 01:56 PM Reinstalling your operating system really isn't a big deal, and that would solve the problem. Kevin, those are famous last words if ever I've heard them. I just tried a security repair, using the OS disk to repair, not replace XP-Pro, and it killed it. In hindsight, I would tell you to disconnect every device you've ever attached to the thing before you start doing that, because if it has to fool with drivers for devices that are newer than the OS, it hangs. That's what mine did, and I had to discontinue the work and it never went back to the old position after that. I installed Win7, and it looks kind of loopy, but it put my old OS in an "old" file name and I found all of my desktop files. I had saved most of the important stuff on a different letter drive, and now the main trick is the train programs to look at the correct letter drives. All of those names changed. It's not all back, there is a lot of reinstalling to do, but (knock wood) it could have been worse. SRS |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: Mick Pearce (MCP) Date: 10 Feb 10 - 02:06 PM You could also try CCleaner, which I've used a few times to clean up the registry and to uninstall some software (when Control Panel Add/Remove Programs wouldn't populate - I uninstalled some things I wasn't using with CCleaner and then Add/Remove worked again!). (You can download it from - amongst other places - CNet here: CCleaner). I'd use the Registry button and let it clean things up there, but also have a look under Tools for the uninstall programs to see if there's anything odd left there. Mick |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: McGrath of Harlow Date: 10 Feb 10 - 02:57 PM I'd never try a repair rather than a replace myself. Disconnecting things makes sense of course - though I don't think that applies for the keyboard and mouse. It really isn't that big a deal, if you've got an adequate external hard drive, and some idea of what programs you've installed, and where to get the makings for putting them back in afterwards. If those are famous last words, my computers must have the nine lives of a cat. They always end up better after a good reinstall, even when they felt on their last legs before it. |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: Stilly River Sage Date: 10 Feb 10 - 05:35 PM JiK, I forgot to say "thanks" for the link to the PC magazine reviews of AV software. I went there and chose Avast this time instead of AVG. I used to have email come from them regularly; I must not have renewed my email list settings at some point. SRS |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: GUEST,Captain Farrell Date: 10 Feb 10 - 05:48 PM I had the blue screen of death on my second computer.I sent for a free cd Linux Ubuntu.Install ubuntu and wipe windows. Computer now works fine and no viruses. |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: Amos Date: 10 Feb 10 - 06:02 PM Have you taken the step of deleting all .tmp files? Malware sometimes resides there. Q |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: wilbyhillbilly Date: 11 Feb 10 - 04:37 AM Thanks McGrath, but after the last heartstopping experience I had when I thought I was doing a repair and instead was doing a reinstall, I'll take it to the shop next time I get desperate. (I'm a coward). It's working fine at the moment and I have done a full backup onto my external drive, just in case of future problems, it's just niggling me that I cannot reload The Microsoft Essentials programme and am stuck with AVG now, although I have to say it seems to be doing the job at the moment. I tried CCleaner a while back, no joy, also got rid of temp files, I'll investigate JiKs suggestion, but it looks as though it will just have to stay as it is until the next major disaster rears its ugly head. Thanks y'all, John I will however save this thread and all its advice for future reference, its been quite a learning curve for me. |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: Mick Pearce (MCP) Date: 11 Feb 10 - 05:43 AM willy - just one final thought. Have a look at this post on problems installing Microsoft Essentials: Problems Installing Microsoft Essentials. It might not be the same installation problem, but it might suggest things to look at. Mick |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: McGrath of Harlow Date: 11 Feb 10 - 07:33 AM "Taking it to the shop" isn't always a good thing, especially if "the shop" is PCWorld. They can really screw your computer up, and take ages to do it. One time I sent it in for a second hard disc to be put in, and they removed the original one instead and sent it off to be junked... A repair is really much more complicated than a reinstall, and more likely to go wrong. Here are the incomparable Les Barker's thought on the subject (with a nod towards a George Formby song): I bought a computer, It cost a thousand pound; But every time I switch it on It keeps on falling down. I used to think it was my friend But now it drives me 'round the bend; You'd be surprised the time I spend Reinstalling Windows. I switch it on; what is this? Something wrong with "config.sys" This isn't my idea of bliss, Reinstalling Windows. I want to share my printers And I want to share my files, I want to share my anger 'cos It drives me bloomin' wild. My songs, they say, can be sublime I've conquered cadence, mastered rhyme But, nowadays, I spend my time Reinstalling Windows Reinstall, oh what fun! It says it helps you get things done; Every day now everyone's Reinstalling Windows. Look again, it will say All you do is "plug and play" Why do I spend every day? Reinstalling Windows It can't find my printer And it can't locate my mouse; The other day it told me that They were in another house. Still unplugged, still unplayed, I e-mailed God in search of aid; He's far too busy, I'm afraid Reinstalling Windows. Up at dawn for one more try; Does it work? Can pigs fly? How do I expect to die? Reinstalling Windows. I used to like a drink or three; No time now, don't call for me; I'm going to spend eternity Reinstalling Windows. |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: wilbyhillbilly Date: 11 Feb 10 - 09:49 AM Mick, I did most of that, actually that is where the cleanup prog came from, but the last bit(which I looked at)is frightening and I dare not start messing around in that Microsoft file. McGrath, we have a great independent "shop" a few miles up the road so I'll be ok there if I need them, Love the ditty. John |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: Mick Pearce (MCP) Date: 11 Feb 10 - 10:05 AM The file is just a log file generated by the install - it only contains information about what was happening during the install process; it's an ordinary text file, not part of the system setup. If you don't want to do anything with it, you could submit it to MS as suggested near the end; it should enable them to tell you what the problem is and how to fix it. Mick |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: wilbyhillbilly Date: 11 Feb 10 - 10:10 AM Brilliant, I'll do that, thanks. John |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: wilbyhillbilly Date: 11 Feb 10 - 10:28 AM Typed a nice little note, copied the log file into it, put the security code in the box, clicked submit, guess what, received this message. Our support ticket service is unavailable. I really could just say something rude right now! BUT I WON'T!! John |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: Stilly River Sage Date: 11 Feb 10 - 10:50 AM wilby, learning how to get under the hood yourself is not only a good thing to do for your self-esteem (gives you some control over the Bleeping Computer!) it can save you money. But these software things--there are some good sites with advice out there, but you have to search on the problem and find the one that you find easiest to navigate and understand. I like the site called Bleeping Computers (http://www.bleepingcomputer.com/). SRS |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: Mick Pearce (MCP) Date: 11 Feb 10 - 02:26 PM willy - now they're just toying with you! Mick |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: Stilly River Sage Date: 12 Feb 10 - 01:07 PM Microsoft Office and Win7 have a lot of indexing activities that are downright annoying. I've spent time this morning turning off features that hijack simple functions, like sending a page to the printer. MS has some program it wants to use instead of letting me use my printer controls. Grrrrr. |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: Stilly River Sage Date: 14 Feb 10 - 10:21 AM This Win7 Ultimate OS keeps setting me as a user not administrator. I understand why--a user without administrator rights is safer because malware in theory isn't supposed to be able to write to the registry if it gets into the system. The trouble is, today it isn't letting me assume those administrator privileges (previously it looked like I had two accounts, now it shows only one). I can't get my Spybot Search and Destroy to completely finish installing updates because of this. I'm sure I'll find an answer, this is an annoyance. I'll proceed by restarting the computer. I'm posting this morning mainly to say that after going for a long time not using Lavasoft's AdAware (the free one) I've installed it to see how it works. I think it was incompatible with something in XP-Pro after a while and was removed and replaced with AVG, if I can recall the steps I took. Anyway, now I have Spyware Blaster in the background, along with Spybot Search&Destroy. I use WinPatrol and Kerio firewall (the last free version) and I'm running avast! antivirus. So AdAware may be overkill, but I think there is a niche it serves that might have prevented the malware I had to dredge out of my system a couple of weeks ago. We'll see how it goes. Win7 is a rather bossy operating system. SRS |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: olddude Date: 14 Feb 10 - 10:40 AM SRS Open office is Microsoft office compatible and it is free and very very powerful so if you still have problems with office I would suggest downloading and installing open office. Most of my clients have migrated to Open office for a number of just reasons. Dan |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: Stilly River Sage Date: 14 Feb 10 - 10:53 AM I had a version of it running in XP. I ran all of my programs and stored my data on a different letter drive than C: so I've been going in and reinstalling those programs without a data loss. I do use OpenOffice every so often just to see how it compares. I also have a version of WordPerfect because a friend uses it still for a book he wrote and he sends me files for it every so often. Knock wood, so far most of these programs have been loading and running. I couldn't get my old version of Nero to load though. It says Nero 6 isn't compatible, but I liked it because it didn't slow things down with the indexing it wanted to do. I understand that Win7 has an "XP Mode" but I haven't gone looking for it. Do you know anything about that? SRS |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: JohnInKansas Date: 14 Feb 10 - 12:56 PM Stilly - I believe Joe O(?) has had comments about checking out the Win7 "XP Mode." I don't believe he was too happy with what he found. Win7 calls it "Virtual WinXP" and advertises it as if it's something any Win7 can do; but in reality it only exists in the two (or maybe it's only one?) most expensive versions of Win7. If I recall what I've seen, you have to have WinXP running on the machine and do an "upgrade to Win7" rather than starting with a clean Win7 install. Installing Win7 first doesn't work. I believe that if WinXP was installed, and you "upgraded" to any version of Win7, you could do a subsequent upgrade to one of the super versions of Win7 and get it; but the instructions I looked up months ago were somewhat vague. The cost to upgrade from the common Win7 versions to one that includes "Virtual XP" capability is pretty steep. Note that it has been several months, IIRC, since I've looked at any of this, so my recollection may be a bit fuzzy. John |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: Stilly River Sage Date: 14 Feb 10 - 02:07 PM That's the upgrade I did. I had to re-install XP and the upgrade using the version of Win7 from work. This is Windows 7 Ultimate, from an academic source. And it was the guy working there who told me about being able to use the XP mode. So I guess I'll have to poke around some more. The thing is, if Win7 evicts software that XP can use, it isn't quite XP mode, is it? Just finished installing another device, for capturing video from VCR to convert to DVD. I've had it for ages, and wondered if I could install it, but it seems to have gone. I'll give it a trail run later. I have to get the latest Ghost (15) because of the new OS. I think Ghost 12 was out when Vista was in use but Win7 wasn't on the horizon much at the time. And it's one of those bundles (from Fry's) where I pay for it and get the full price back as a rebate. I will end up with a copy of Norton Security that I'll give to someone. SRS |
|
Subject: RE: Tech: Re my: Help! Serious Virus Plea. From: Stilly River Sage Date: 15 Feb 10 - 01:31 AM Of course, there is always the "oops" factor in this kind of work, and in my case, it's that I didn't go to HP first and find out what was and wasn't going to work. I've been updated my HP drivers and I'll be tracking down a few. There are some incompatible things going on; so far (knock wood) nothing to knock it out of the water, but things that do slow the smooth operation of some features. Updating BIOS and finding drivers for devices will probably continue. I have a device (for converting VCR tapes into DVD files) I picked up a while back that I hadn't installed and it looks like I won't be able to install it now, at least not until the manufacturer comes up with some Win7 drivers. SRS |
| Share Thread: |