This forum seems like the place to hopefully fix my desperate problem with my laptop. Last night I mistakenly attempted to download what I thought was something that could help with work. I have Norton Systemworks 2008 with Norton Internet Security 2008. I had literally just done a "live update" of it so it should have been as updated as possible.

When I clicked to download the program, my Norton brought up a box that said a site was trying to access the computer (or the Internet) to download or something (I had Norton set to its default, which is to ask what to do when there was a low level threat and to automatically delete when it was a medium or high level threat), but the "recommended" action Norton gave was that I should allow it, so I did. Almost immediately a Norton box popped up saying something like Norton successfully (uh huh) blocked a virus (or some threat). I didn't get the full name of the virus it blocked, but I saw it had the letters "zlob" in it. Then Norton's box popped up again and said it blocked another virus (or something), but I didn't get the name.

Suddenly my background picture on my desktop turned to white and when I tried to right click on my desktop to fix it I found that the Properties now showed only 3 tabs (Themes, Appearance and Settings) and not the Screensavers or Desktop. I found online a useful site (don't remember the name) that had fixes (very small fixes of a few kb each to download) to get those tabs back. Their little fixes seemed to work (for the moment).

In the meantime, I started a full system scan in Norton and did a Spybot scan (I first updated Spybot). About an hour into its scanning, Norton found one thing (again, I'm sorry I don't remember) that it said was low level (or some similar description) and that it fixed (supposedly) and continued scanning. (I left Norton scanning overnight and after about 6 hours it was still scanning and never finished by the time my computer locked up - see below).

At some point, a Norton box popped up to tell me that a program called csrss.exe was trying to access the Internet and asking if I wanted to allow it. Again, the Norton box said it was a low level issue, but this time I wasn't going to take any chances. However, this time the box didn't give me any option like "no" or "reject" or whatever, and the only choice was to hit "ok" (which I did NOT hit) or to hit the red "x" in the upper right of the box, which I did.

While Norton was scanning, Spybot found a few things (I think about 5 things), which I very foolishly didn't write down because it said it would fix them so I chose "fix" (which it claimed to do) and then ran Spybot immediately a second time. The second time it found: downloader.zlob! and virtumonde. I chose "fix" again, and then (I am not sure if it happened just after Spybot "fixed" those) I suddenly couldn't connect to the internet (although my wireless connection claimed to be on and connected), the background color (behind the text for my desktop background and everything else this time - icons, desktop folders, even the task bar at the bottom of the desktop) all turned to white, I couldn't right click, and I couldn't double click to open any programs. Then, when I hit "start" and "all programs" to try to load something it brought up my program list (all on a white background) and just froze (I could move my mouse but nothing responded to any clicks and it froze with the all programs list showing with a white background). In the meantime, Norton still wasn't done doing the full scan and hadn't found anything since the first thing it found hours earlier! So, I turned the computer off and unfortunately I had to leave to go to the airport since I had a flight in an hour.

Now I am away from home (without my laptop) and frankly I am freaking out since our IT guy at our office (who works hourly and I'd have to pay out of my own pocket) tells me over the phone that he'll "probably be able to save the data but we'll probably just format and reinstall Windows." That would be a DISASTER since I have so many things on my system and programs I've downloaded and used over the years that I don't have saved anywhere, don't have my reg codes anymore, etc. Plus, what about my emails I have saved on my system, pictures, videos, work docs, excel docs, etc.?

By the way, I think (but I obviously am unable to check this now) I had a backup I had done of my system using Retrospect (or something like that name) or Maxtor (that's the type of drive) to an external drive (actually I think I may have saved a backup on 2 external drives, one which was still connected to my laptop when this happened and one that wasn't). Any chance that the IT guy could salvage all my pictures, data, videos, excel docs and reformat it and then restore from the backup (which is at least 9 months or more old) or is the backup likely infected since the external drive was connected (but what about the one that wasn't....if I even have that somewhere)?

I'm hoping, praying, you can help with this. I don't know if anything will work when I try to start my computer back up, but if it doesn't is there any way I can do anything with your help by using a flash drive or something? I brought a 4gb flashdrive with me on my trip so I have that if you have suggestions to get me started. Also (to make it more complicated), I get back into town Wednesday and literally 4 hours later I have to leave again through next Sunday.

My choice is to depend on you to help or give up and give my computer to the IT guy to work on while I'm away (which I really really don't want to do, not just because of the cost, but because I really need my system).

Sorry for the long post but I wanted to be as specific as I could since I don't have any of the usual info that people seem to have for you, like the logs (and I am worried that I won't be able to use HiJackThis or whatever you sometimes suggest, since I couldn't doubleclick to start or install anything before I just turned the computer off).

QUESTION: Can (should) I just turn my laptop back on and see if it boots up and works again or am I risking that it could cause more problems if I turn it back on (meaning do I need to turn it on in safe mode, and if so, how do I do that and then what do I do)?

Please help! Thank you so much!

This post has been edited by letsee: Sep 27 2008, 11:54 PM

You could try System Restore.

1.
Click Start.

2.
Point to All Programs.

3.
Point to Accessories.

4.
Point to System Tools.

5.
Click System Restore.

6.
Follow the instructions on the wizard.

See if you can find a date the the PC worked.

Dear LDTate:

Thanks so much for such a quick reply! I am so glad to have you helping me! I don't think that would work since system restore is an XP thing right? I do know that I tried to do system backups with the XP internal program in the past few months and it wouldn't work. The backups I have were with the programs that came with the external drives. One drive is a Maxtor and the other I can't remember the brand. I know there was an icon in my task bar that said something about Retrospect HD (or such). I know I had a back up on one or both of those external drives that is probably about a year old.

So, your answer brings up some questions:

First, and most important, is it going to possibly cause more trouble/damage if I turn on my computer in normal mode now or should I start it in safe mode? If safe mode, could you explain how I do that and how do I run a program from that mode? Can I run a program that is on my hard drive when in safe mode or does it have to be on a USB flash drive. If a flash drive (or even if both), how do I do that too please? (Remember, before I turned it off, when I clicked on Start and All Programs it wouldn't even let me click on anything to run anything and then the computer froze with the All Programs screen open)

Second, is it safe to assume that the external hard drives (even the one that was connected when I got the virus) are not infected so it would be ok to use the backup from it? And if I do restore from a 9 month or 12 month old backup, do I lose all the data (documents, photos, movies, excel stuff, etc.) that I have put on since the date of that backup (that would be bad)?

Third, I'd really like to not have to do a restore from an old backup and lose all my programs since then. Are you saying you think that's my only hope and I can't save/clean my system with your other usual suggestions?

Thanks so much again for helping me through this! If you can fix this it would be so amazing!


This post has been edited by letsee: Sep 28 2008, 10:02 AM

What OS are you running XP or Vista?

If Vista:

Close and save any documents that you may have open.

Click on the Start button to open your Start Menu.

When the Start Menu opens click on the All Programs menu option.

Click once on the Accessories Start Menu group.

Click once on the System Tools Start Menu group.


Click once on the System Restore icon. After you click on the icon, if a User Account Control window opens you should click on the Continue button.

You will now be at the System Restore screen as shown below in Figure 1. From this screen you can specify the restore point that you would like to restore.


By default, Vista will already have selected the Recommended restore option. This restore point is one was made after a new program, driver, or update was installed. If you would like to use this restore point, you can click on the Next button to start the restore process. On the other hand, if there is a more recent restore point that you would like to restore you should select Choose a different restore point and press the Next button. This will bring you to a screen, as shown in Figure 2, that contains a listing of all the available restore points that you can restore to.


You should select the restore point that you would like to restore and press the Next button to start the restore process. Vista will display a Window showing your selected restore point and asking you to confirm that this is the one you would like to restore.


If you would like to select a different restore point press the Back button. Otherwise you can press the Cancel button to exit System Restore or the Finish button to begin the restore process. If you selected Finish, Vista will display a second prompt asking you to confirm that you would like to continue the restore.


If you are sure you want to do the restore, then press the Yes button. Vista will now log you off of the computer and start the System Restore process as shown in Figure 5 below.

LDTate:

I'm sorry, I thought I said I have XP (not Vista), so that won't work right?

Also, could you please look at my three questions in my immediately prior post and let me know please. I still am not clear from your responses whether you are saying I should turn my laptop back on in normal mode or if I should do it in safe mode (and how do I do safe mode). Please look at my specific questions and let me know since I need to know that (and how to even do that) before I will even turn my computer back on. (And then could you answer the other 2 questions please?)

I am not as advanced as many here seem to be so please bear with me. Thank you!

This post has been edited by letsee: Sep 28 2008, 12:49 PM

So you are running XP.

I have no idea what infection(s) you might have as I haven't seen any log scans.
I can't tell you if you start your computer whether or not it will even start.

Yes you can run programs in Safe Mode.

Are your external devices infected? I have no idea at this point.

If you know about when the infections started, unplug your internet connection and boot it up in normal mode, run system restore.



1.
Click Start.

2.
Point to All Programs.

3.
Point to Accessories.

4.
Point to System Tools.

5.
Click System Restore.

6.
Follow the instructions on the wizard.

See if you can find a date the the PC worked.

[Deleted. It posted while I was still typing sorry]

This post has been edited by letsee: Sep 28 2008, 05:22 PM

System Restore has nothing to do with system backup.

http://www.microsoft.com/windowsxp/using/h...temrestore.mspx

Every time you download or install a new game, application, or software update, you make changes to your computer. Sometimes that change may make your system unstable. Have you ever wanted to go back to the way it was? With System Restore, you can.


You don't need to boot in Safe Mode.

LDTate:

Thanks again for getting back to me so quickly.

I think there is some miscommunication and I'm not being clear or you are expecting me to understand more than I do so far. Please bear with me as I am a novice at trying to do this. My infection just started Friday night. Using the XP program to do a system restore won't work for me because the last time I was able to do a system restore point with the XP program (that's what you mean right?) was at least 2 years ago.

Let me try my questions again please:

1. Do you suggest I start my laptop in Safe Mode or in normal mode?

a. If you suggest Safe Mode, could you please explain step by step what I do? I do not know how to do things in Safe Mode.

i. Can I run a program that is on my hard drive when in safe mode? If yes, how do I do that?

ii. Can I run a program that I have on a flash drive USB while in Safe Mode. If yes, how do I do that?

2. Once I start up the computer in whatever mode you tell me to use, please assume I cannot use XP's system restore. Instead, can I use the restore from backup from for example Retrospect HD that I saved on my external drive about 6 months ago? I think that's the name of the back up program I used and the back up is saved on the external drive that I had attached by USB to the laptop.

3. If I do a restore:

a. Will I lose all the programs that I added after the date of the restore point?

b. Will lose all my Word docs, pictures, videos, Excel spreadsheets that I had saved/created after the date when I made the restore point?

4. Is there a program you suggest I use (and do I do it in Safe Mode or do I do it in normal mode) to scan to see (i) what is happening on my main laptop and (ii) whether my external drive is infected? If yes, what program for each and how do I do that please?


Thanks for your continued help. I know you'll help me get this fixed. The trouble is that I only have the one computer so the only way to do this for now is to use the computer I'm on while I'm at my parent's house out of town and try to get everything answered so when I get back to my place I can try it all.

This post has been edited by letsee: Sep 28 2008, 05:25 PM

First off we can not fix the computer unless you are sitting at it.

Did you read the link i posted about system restore?
So if your pc was infected last Friday and you have a restore point that was last Thursday and you restore it to Thursday, that infection won't be there.

When you get home to your computer you need to post a HijackThis log.
Download HijackThis.
HijackThis.


Click the "Save" button.

Please put your HijackThis in it's own folder, (I create a new folder in C:\ named HJT).
You can do a Right Click on any open area on the desktop, New> Folder, then rename the folder HJT.

Open HijackThis and select: Do a system scan and save a log file.

When the scan is finished, Click Edit> Select All> Edit> Copy> and paste its contents here [Add Reply].

Yes, I read the link and I know what XP System Restore is and what it does. However, the last "system restore point" I have in XP is from 2 years ago (not from the day before this happened). If I restore to that, then I lose everything that I've done on my computer in the past 2 years right?

So, please please review my list of questions. Please understand, I cannot do this on my computer because it wouldn't even let me get connected to the Internet before I turned it off. I'm assuming when I turn it on I won't be able to connect to the Internet so I won't be able to post or read your answers. So, I need to get the basics here first to try when I am in front of it.

If I can't boot into normal mode, please answer my question about how do I do things in safe mode? Please see my list with the questions.

Please understand I know what system restore point in XP is and what system restore does, but it will NOT work here since I already know that XP system restore program was faulty and the last system restore point I had was 2 years old.

Again, please help and bear with me. Should we try this in IM instead? I feel like my questions are getting lost or something and we are talking about different things. I can't do the system restore in XP.

Thanks LDTate!

This post has been edited by letsee: Sep 28 2008, 05:47 PM

Sorry I'm not here to try and teach you how to use your computer. This is the malware/spyware/virus removal area of the forum. We require users to post a HijackThis log for analyzing.

You can ask Windows questions HERE:

Here's some simple windows How To's
http://forums.whatthetech.com/Windows_101_...ers_t95542.html

Why you want to start in safe mode is beyond me, but here's how you do it.

» On Windows XP
How to Restart your computer in Safe Mode.

Press F8 after the Power-On Self Test (POST) is done. If the Windows Advanced Options Menu does not appear, try restarting and then pressing F8 several times after the POST screen.
Choose the Safe Mode option from the Windows Advanced Options Menu then press Enter.
This can take several miniutes to load.

Thanks for the links, but I'm asking this to try to get rid of the virus or malware or spyware (I don't know which it is) that I got on my computer. I'm a beginner at fixing these things and I tried to explain in detail exactly what is going on. I've been using computers for a long time and am not a beginner at my computer.

This isn't a question about how to use Windows. It is because the background on all parts of the text on my computer turned to white, it stopped connecting to the internet and then it froze. I know how to use my computer.

I have never had to do anything in safe mode, but I saw from reading posts here (trying to figure out what was wrong before I bothered you with a post) that people are often told to try things in safe mode so I thought I'd ask you about what that was and whether I should do that. Thanks for the basics on how to get into safe mode, which I knew. I was asking if and how I run a program from my computer while in safe mode and if and how to run one from a USB flash drive. If you are saying I don't need to do that or I shouldn't do that to try to fix this, then I won't do it, but I was asking and never got that answer.

If I can't connect to the internet from my computer (because I got a virus or malware or whatever it is), then this is obviously the only way I can ask questions and try to get help since I can't use my own computer (which is unable to connect) to read or post.

How else can someone do that if they can't connect to the Internet to post or read your responses otherwise?

I was hoping you could help a beginner at fixing/cleaning their computer of viruses or whatever it is. I hope you can appreciate my frustration that I can't use my computer and I am totally depending on you to help me. Again, I do appreciate your help.

This post has been edited by letsee: Sep 28 2008, 05:56 PM

This file will fit on a floppy or thumb drive.

Get a copy of winsockxpfix.exe You just run it and
things should work OK after it reboots your system.

http://www.snapfiles.com/get/winsockxpfix.html

LDTate:

Did you see my post (after I edited)? Hope so.

Thanks for that program and I'll definitely try that.

Back to my question about restore please. If I am able to get at least my computer to start and if I am able (hoping) that I am able to run programs, then if I go back to a restore point (not an XP restore point but the restore point in my other back up program) what do I lose? Do I lose just the programs I've installed since then (and their updates) or do I also lose all the documents, photos, emails, movies, etc. I've created and downloaded since then too?