Win XP computer is messed up bad...

empty system restore....start-control panel-click on system-on top see system restore..check turn off system restore..
but first
run antivirus and malwarebytes again..and if you find viruses and malware...
go for empty system restore...then if you want untick that option,it will create a new restore point.

 

@ kathyL

If you are still having problems, i'm prepared to make & post screen shots i'll do on my PC, to show you step by step how to both, get into Safe Mode & do a System Restore

What OS have you got, XP or Vista etc ?

 

CloneRanger - I've done nothing yet.... LIFE keeps getting in the way.

I read:

The 'system restore' suggestion is concerning me as i have not yet taken the important stuff off that computer; photos mostly. i'm sure i need to make a list, too, of all the pgms on it that we want to have/save that i've downloaded off the 'net (no CDs, in other words). So it seems like there is so much work i must do before i even start doing what needs to be done to clean the system of its virus.

i assume system restore takes the system back to a certain date, which means i will lose anything added to the computer since that date, correct?

this old compy uses XP OS.

 

Know what you mean

Yes & the SR point you want is from before this problem happened.

NO, not your personal stuff like photos/documents/music etc etc Only things that are OS related & maybe some programs you might have installed/updated etc after the SR point. But you can always reinstall those & if your AV etc & Windows auto updates, then that will happen automatically. If not you just do it

Same as me

I would say at first NOT to delete/empty ALL your system restore points. Only after you hopefully do restore, then you can do that. What that will do is delete All of them including Any/All nasties that "might" be lurking in there, that "could" reinfect. And then you can do a fresh SR.

I notice that Win32:Alureon-FZ was listed by Avast. This a nasty Rootkit, so you "might" not be able to get rid of it But doing the SR first is worth it, as it can work & has for others

Once you've done that, then you can think about running some good tools to check & try & eliminate whatever "might" be left, such as these already mentioned.

TDSS Killer by Kaspersky & MBAM. There are others too.

If you'ld like my step by step SR & SM advice, just say, but only if you will do it. Not being funny, but otherwise i'll be just wasting my time

Can you say how you got infected, a certain www you were on, or reading emails etc ? It could help.

 

so...i DON"T have to move all my documents/photos off the PC? I won't lose them

um... ok...

swell. That name looks familiar...

oh, I most definitely WILL fix this thing; senseless to have a computer sitting around useless. It's just going to take time so if you're willing to hang in there with me (as in I've still not done anything yet! feeling skeert and intimidated!! let alone, the time factor needed...). It would be awesome for personalized assistance. I'm just so intimidated by not knowing which step to take first... Fix my laptop so I can download antivirus pgms on it? disconnect PC from internet (afraid i'll lose connectivity to other systems...)?

ah, yes. the $6 million question, eh? It is the kids' computer. Need I say more? And I have an 18-yo son. Need I say more??

 

You don't have to, but you can. But why waste time doing that right now if you want to try & fix it.

No.

Definately, if we can, we will

Sure, just let me know when you are ready

I get the picture

If it were me though after this is done, i would set ALL their log on profiles to what's called LUA = Limited User Account. Which means that ONLY your profile will be in ADMIN mode = full access to everything & that includes nasties running loose etc "If let in" from dodgy www's etc.

After the SM & SR is done & we can hopefully get you back on track, i'll show you how to do that. And do NOT let ANYONE use your profile whilst you are logged on, Always Log OFF if you move away from the PC, whilst "others" are around anyway

In the meantime you should NOT have the PC connected to the internet, as it "could" be doing naughty things, so unplug the cable from the PC to the router/modem ASAP & keep it unplugged until this is over. Hide the cable if you must !

Regards

 

OK. So I do not have ANY fear of losing photos (can't think of many, if any, important documents still on that computer since I've had my laptop for several years now) if I don't move them to the external HD?

THIS IS KEY! Said 18-yo son set up his own account on the PC and I had not been able to figure out how to block that, change that. I can tell he's scared of the 'puter, tho. He keeps asking if it's fixed yet. So he won't use it (or try) while it is sick. So, should I adjust this setting now or just wait till computer is healed?

OK. going to cable now and - scaredly - unplugging it!

 

Bingo = the culprit, by the sounds of it

Good NOBODY but you must use it, until it's over ! As you only have the laptop now, i would be VERY wary about letting Anyone use that, unless under STRICT visual supervision. Because if that gets messed up too Also i would keep a tight grip on the laptop & remove it to a Safe place when not in view etc by you. Later we can set up LUA etc for that as well

You could, but i would just keep EVERYONE off it except you. If you want to do that now though, i'll make some screen shots for you.

OK. going to cable now and - scaredly - unplugging it!

Hello ?

 

yea, yea, yea. I'm still scared and haven't done it yet!

So i'm reading back over the instructions to make sure i don't mess it up; i don't want to end up disconnecting internet completely then having to undo what i just did! blah! i hate computer messes!!!

 

...a novella coming!

Seriously, I couldn't go through this...to much hassle. To the OP, I wish you luck.

 

Why, thank you, tho I understand you're being sarcastic.

Like I said, I've found assistance here before which is why I came back.

And I got brave and unplugged the PC from the internet cable and I'm still connected to the 'net with my laptop, so step one FINALLY completed!

I don't mind doing pgms, it's actually the hardware that scares me the most.

Ready for the next step...which is...?

 

Sincerely, I really wasn't being sarcastic...but I can understand that you could see it that way.

 

My sincere apologies then.

My bad.

K

 

Good girl You see it didn't break anything & now as long as it stays disconnected it can't call out to www.badplace etc, if it was, but best not to chance it.

No hardware involved really Now it's software & the OS/Windows.

You forgotten already ? It's trying to get you back to before this happened, by choosing an SR point from then, by going into SF and doing it.

Too late tonight & i guess for you to, so it'll be tomorrow sometime i post the step by step screen shots to make it a lot easier for you follow.

 

Clone Ranger - so many suggestions were put out there and the "READ & RUN ME FIRST" msgs were daunting; I really feel most comfortable having the important stuff printed out so it is in hand and I was overwhelmed with information and didn't know where to begin printing...

In the meantime, since I've now got my laptop set up beside the www . bad computer . com computer (and the printer), I'll meander back thru older posts to see if I can figure out what step will be next to anticipate what needs to be done.

ETA - I still have the "READ ME FIRST" pages open on my laptop; is there going to be information/steps in there I need to adhere to or can I close them down?

 

I'm not sure what you meant by "is the external I'm scanning with whatever I have available", but I'm talking about something like a Western Digital Elements external harddrive (what I use). Get everything you need on there and scan it with everything imaginable. But if you don't have a dedicated external drive and can't justify the cost, sure, you gotta go with what's available. I think it's a good investment.

What I would do is scan it with the Avast you currently have on there, then uninstall Avast, install Avira, and hit it with that... then uninstall Avira, install a free trial of Kaspersky and scan with that too (since the online Kaspersky scanner seems to have gone AWOL). MalwareBytes & Superantispyware are 2 good ones to use as well. Perhaps the BitDefender online scanner too. You can even use Adaware, Spybot S&D and Windows Defender if you want to be thorough, though the likelihood of them finding anything the previous ones won't is remote.

Then once you are convinced everything on the external drive is malware free, do a clean reformat of your computer, install your programs and throw your data back on.

This is a time consuming process, but IMO this is stuff worth doing right. If you create an image after you have everything in your ideal state, you won't have to go through this again. Browse the "backup, imaging, and disk mgmt" forum to learn how to do this, and get recommendations on software to use. I realize time is very limited, but if you take some now to learn about it it may pay off ten-fold in the future.

Best of luck to you.

 

Yes, I have an external harddrive.

You are suggesting i need/want to take all my photos (pgms, perhaps??) off the PC? Clone Ranger did not seem to think that was important; this is concern for me; i don't want to lose the photos.

I was with you on the scanning of the harddrive and then making sure the PC is clean...then I got lost, LOL. I'm assuming your last paragraph is the ultimate goal: clean PC, safe PC, etc. So if you don't mind, I'm not going to read that right now as my head is close to exploding just with this daunting job in front of me (can't even imagine what you guys go thru having to deal with people and situations like mind - all online! D'OH!).

So thank you all!

 

No i didn't say it wasn't important, i said,

"You don't have to, but you can. But why waste time doing that right now if you want to try & fix it." As you said,

Stayed up so i've done it for you, so you can get busy ASAP

Booting into Safe Mode

Restart the computer & straight after you see a black screen or black with grey writing immediately start tapping the F8 key repeatedly.

The Windows Advanced Options menu should appear.



If you wern't quick enough with the F8 after Windows shows up, restart the computer and try again.

Once you get it in the Windows Advanced Options Menu should appear. Now select Safe Mode with your arrow keys right of the Ctrl key, and press ENTER. You should see something like this, so select your OS.



You'll then see a very fast scrolling down the screen of file names etc which may last several minutes.



After that's finished you will see a log on box, so log into the Administrator account. It will probably be the first time you have, so a password has never been set. Leave the password blank and press Enter, or click on the green arrow.



You will then see this.




It's a bit confusing as you are already in Safe Mode. But click No to launch System Restore.

More in next post

 

You should now see this.



Click on Next



Select a BOLDED date just before it happened, you "might" have to go back a previous month, if non are showing for May. Then click Next



Click Next on the Confirm Restore Point Selection. System Restore will now restore your PC to those earlier settings, which may take a few minutes, & then restart the PC.

You should be able to print all this off, or just use the laptop to view it online. But i'd print it off anyway, then you'll have it to hand

Post back & let me know how it went.

*

To anybody else chipping in, as much as you might be trying to help, it's very confusing for the OP to try & concentrate on multiple things all at once, & frustrating for me. So let's try & get her sorted with SM & SR first, then we can move on to other things. TIA

 

Thank you, Clone Ranger. That looks very do-able.

Before I begin, I want to confirm that I am going back to some date (I cannot think of the last time a back-up was done on it; this or that error stopped me from doing it then the computer died and was dead - fan issue - for almost a year before getting it fixed prob in Jan... then had trouble getting a current anti-virus pgm loaded on to it before said child - ahem - messed it up).

i suppose i can go thru the steps and see what date suggestion it brings up, eh?

Bu anything that has been added since getting it back would probably be lost, is that correct?

I'm looking at the computer and the first thing I see is iTunes; I know son has spent much energy getting that updated and loaded with his songs; will that be lost with the SR?

If you can just explain to me a bit more what the SR is going to do so I can make a more informed choice/decision on what I should try to move / copy to the external HD before I attempt the SR, I'd really appreciate it.

I don't mind doing something if my eyes are wide open and i understand it all (or the reasoning). But i don't like doing something and finding out i had not shared enough info or enough info was not shared w/me and I lose data in the process that didnt necessarily have to be lost, if any of that makes sense.

IF i move the data (photos, iTunes/songs),is it possible the virus will be attached to them?

So would it behoove me to copy the 'important' data then do what was suggested: scan the external with several antivirus pgms - and THEN do the SR?

and thank you for calling off the other assistants.

 

Yep, that's always a possibility. Even if you scan it with everything I mentioned (and then some), nothing is 100% effective. But I would say that when combining the effectiveness of all of them, the odds are heavily in your favor that you are clean.

If the F8 method to boot into safe mode doesn't work for you, there's an alternative:

Run > type "msconfig" (without the quotes), select the "BOOT.INI" tab, then under "Boot Options" tick the /SAFEBOOT box... reboot.

Only do this if the F8 method doesn't work for you, as I don't normally recommend people mess with such settings unless they really know what they're doing. I only mention this because I've seen some PC's where F8 did not work, for whatever reason.

Then make sure to un-tick that box again to boot back to normal mode. I would write the instructions down (i.e. Run > msconfig, ect...) so that you remember how to get back in there and put it back on normal mode, since you will not be able to access the internet (and this post) to refer to it while in Safe Mode.

Definitely try out CloneRanger's method first before trying mine and reformatting. It may just solve your problem, and much easier. Don't worry about the backup/imaging for now. Just favorite the forum as food for thought later, perhaps after you solve this problem. Baby steps

 

got it... (saving in the back of my mind for later...)

Remember, the sick PC is now off-line and i'm viewing the internet via my laptop...

Phew!

 

@ kathyL

Hi, i'm still up

I'm sure you'll find it quite straightforward

Whenever you install something, and/or Windows auto updates, which it should have done lots of times since January, Windows automatically sets another new additional SR point. So you "should" have plenty to Select from, & especially a date before this happened. I would Select one say a few days before, if there is one, if not the one before that.

Yes.

Well not anything, just updates and/or installs.

Re - iTunes lost

They shouldn't, as neither should the other things i mentioned. But of course we don't know for sure what the nasty has done, so there "might" be a risk. If you Now want to move/copy ALL the files etc you would like to be sure of saving, before doing the SR, then feel free to go ahead, if only for your peace of mind Anyway if he lost his iTunes that would be a lesson learned he wouldn't forget But i expect that's not what you want, or him.

Re - shared info

Understood.

Probably not, but if he was downloading illegal/pirated music etc from some dodgy www it's "possible" there "may" be something in there with one or more. I don't want to overly alarm you, but you asked. But as you are moving those files to an external drive, there is NO OS on it, so nothing will happen. It's only when you later move things back to another comp, PC/laptop whatever, that you need to take precautions. But we'll get to that later. Do NOT try & move/copy ANY of those files to another comp until after we hopefully get you sorted.

Yes after you move/copy those files over to the external drive, you could scan them with AV etc. What EXACTLY have you got to use for scanning with. If you havn't already downloaded these, do so onto the laptop.

Only use one at a time, in this order.

Hitman Pro 32-bit http://www.surfright.nl/en/downloads

MBAM https://malwarebytes.org

Prevx http://www.prevx.com/freescan.asp

If they don't auto update, do that before running them.

After you've done that, post back with the results.

Then this.

TDSS Killer by Kaspersky http://support.kaspersky.com/downloads/utils/tdsskiller.exe Instructions on how to use it http://www.bleepingcomputer.com/virus-removal/remove-tdss-tdl3-alureon-rootkit-using-tdsskiller There are other solutions on there too, but leave them for now.

Save the above Apps installs.

If TDSS Killer seems daunting, you might not need it, as one or more of the others, including your AV, may have found and dealt with whatever they found.

Post back anyway before then & let me know what your next move is.

 

I have a 2007 version of ad-aware that I have not been able to fully remove
malwarebytes
superantispyware
avast

from 2009, the last time I had a horrendous mess and Blue (from this forum) had me set up a recovery console with all kinds of goodies still in it..

Someone else had recommended (in reference to scanning the external HD) to use a particular scanner, uninstall it, load the next one, scan, uninstall, etc.

Do you want me to do that or just download all of them then use them in the order you've given?

Thanks - I home school my two remaining girls so hopefully I'll have time this morning to start moving files to the Ext HD and begin downloading the scanners...

 

We can deal with that later.

malwarebytes = Good
superantispyware = Good
avast = Good

Re - recovery console

We'll try the SF & SR first.

I think they were probably talking about AV's. Having two AV's installed at the same time is not wise, as conflicts "can" happen. But you will only be running HMP & MBAM & SAS in turn, on demand, which is different, & Prevx runs quite happily alongside your AV etc the way it works.

After you've finished moving ALL your files to the external drive from the PC, connect it to the laptop & do this.

Install HMP & update it & do a FULL scan, wait till it finishes & save the log.

Then do the same with MBAM, then SAS. Then move on to Prevx which is slightly different, in that it will automatically scan straight after installing.

If your MBAM & SAS are not the latest versions, you can update them through their internal updaters, & then the malware definitions for both, Before you scan.