83 replies to this topic

[IndiGenus]

Hi and sorry for the delay in getting back to you. I haven't forgotten but I just haven't had the time to go over all the logs. As I said before this is/was one of the most infected machines I've ever seen and question whether or not we can get it completely clean or not...without a reformat. I'll get back to you later. Dave

[IndiGenus]

I think we're at the point where we can clear your restore points and set a new clean one.

First run ATF Cleaner again.

Use ATF Cleaner to remove temp files, cookies, cache, ect...

Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it.

Under Main select the following:
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

It's normal after running ATF cleaner that the PC will be slower to boot the first time.

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: (You will lose all previous restore points which may be infected anyway).

Click Start>Help and Support>Undo changes to your computer with System Restore
Select Create A Restore Point then click Next. Give it a name it and then click Create

Click Start>Run and type Cleanmgr
Click the More Options Tab.
Click Clean Up in the System Restore section.

=======================================================

If things are running well then I would also recommend updating to SP2 at this point.

It is crucial to update to Service Pack 2, it is probably the most important update the Microsoft has ever put out for WinXP and you are extremely vulnerable without it, Service Pack 2 significantly increases the security on your computer. I recommend that you do this update as soon as possible.

Link to Windows Update: http://v5.windowsupdate.microsoft.com

Please update your computer then post back with how it went. If you have any problems please post back with as much detail as you can. This is needed because any problems updating to SP2 could indicate that there is still some infection on your system that we need to address.

Regards,
Dave

[sdutcher]

dave, i got an error message at the windows update site, but it didn't give me any reasons. it never got to a page that gave me choices of what to download. is there a link to the sp2 file to download directly?

[sdutcher]

i finally found and downloaded the entire 266mb file, that went ok, then during the install, i had a few error messages popup, and the install would never finish, ended with an "access denied" error.

[IndiGenus]

Is your copy of Windows legit?

You can check by going here:

http://www.microsoft...ws/default.mspx

[sdutcher]

Again, this is a friends computer. I was told this week that when he tried to install SP2, he had either Dell or Windows on the phone, and that they had converted his name over to the records for the system. I believe that the windows is legit, and i am trying one more install of SP2. (i have that computer offline now) once i see what happens now, I will switch that over to the modem and run the windows validation.

[sdutcher]

well DOA it hung up on the 2nd attempt at SP2 install, and wouldn't finish it's "uninstall" now won't boot to safe mode, or windows. gets past first splash screen, then, reboot to beginning and so on and so on and so on i wil check with my friend for his install cd

[IndiGenus]

Sorry to hear of the troubles. You can try this to stop the PC from automatically rebooting and it should also produce an error code which may help us. To do that: 1. Right-click My Computer, and then click Properties. 2. Click the Advanced tab. 3. Under Startup and Recovery, click Settings to open the Startup and Recovery dialog box. 4. Clear the Automatically restart check box, and click OK the necessary number of times. 5. Restart your computer for the settings to take effect. I'm not totally sure what's going on here now. The Malware (anything we missed) may have taken out Windows during the update to SP2. Considering how infected this machine was the safest and easiest way to get back is to do a re-format/re-install. But they will obviously need their XP disk for that. Let me know and we'll go from there. Dave

[sdutcher]

the PC doesn't get booted up at all, goes into reboot before it goes into even safe mode. I will have install CD tomorrow I hope, and will go from there. Is there a "repair" option when I get the CD? or are we looking at Fdisk?

[IndiGenus]

Yes, you should be able to do a repair install but systems are usually inherently slower after doing so. Here is a link:

http://www.microsoft...ips/doug92.mspx

If I were you I would save any files (docs, music, pics) and wipe that hard drive clean at this point. This thing was SO infected. It won't take all that much longer and you'll get a nice fresh running OS. Just my thoughts. Repair installs can be hit and miss. Sometimes requiring going back to install drivers, settings, ect... anyway.

Dave

[sdutcher]

Using the install disk, and the repair procedure, XP seemed to work. I got booted up to the desktop, and have run scandisk, and defrag.. the AVG doesn't work, so I want to reinstall that. If I was to try to up grade to SP2, what steps need to be taken now? I would think I can't just run that install without updating some other stuff? (I have the file downloaded from before, will that work again?) the computer seemed to work fine what little I did, but i did not hook up any network cable or run any programs other than defrag.

[IndiGenus]

What I would do is go right to the Microsoft update website and run the update from there. Did the disk you used have SP1?

http://www.windowsupdate.com

The problem you may run into is that there is still hidden Malware present which could still cause update issues. The repair install replaces system files only. That's partly why I was recommending the complete re-install. But you can certainly give it a shot and see how you make out.

Dave

[sdutcher]

Yes, the disk I had included SP1.

[IndiGenus]

OK, I would still go to the MS update site and work from there.

[sdutcher]

ok, so if i have this right my steps would be this: reinstall avg and scan (before going online) then try to change that setting on the network setting, that i couldn't earlier (the windows firewall) i read that i should disable antivirus to do windows update? would you recommend that? and what about sfc? any reason to run that? will windows need active X updated before it will run windows update? i also have concerns about malware, that you feel is still hiding in this machine.. and if you have any suggestions on how to find and eliminate that please let me know. (i am really trying not to do a clean install)