Win XP computer is messed up bad...

Discussion in 'malware problems & news' started by kathyL, May 20, 2011.

Thread Status:
Not open for further replies.
  1. kathyL

    kathyL Registered Member

    Joined:
    Apr 16, 2005
    Posts:
    202
    You guys have helped me before so I am back for more help.

    I have known it was sick and had been trying to get a good antivirus pgm downloaded and run but I just kept running in to problems.

    I tried Trend Housecall but evidently the malware that i have is blocking it from running.

    I managed to get Avast downloaded and it has run several times and found junk.

    But now I cannot access internet (no window even comes up). I just tried running Avast again today and it had been running for over 4 hrs and had only completed 1% of the scan (a normal full system scan would take around 2 hrs).

    It is now running very slowly and i know this is because of the malware.

    I'm pretty sure my system, old as it is, is a 32-bit, but i was not able to do the "run - sysdm.cpl". no window will open (yet random windows have opened, like the "display" window opened and I get the window that says "Internet Explorer needs to shut down".

    I'm just concerned that the longer this computer is connected to the internet (somehow Avast was able to update just now) that the more damage is going to be done and i want to know (A) how to disconnect it from the internet while still having internet on my laptop for communication. and (B) help fixing it, if possible.

    Thanks so much!
     
  2. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
    You could try Malwarebytes, and/or HitmanPro.

    Be sure to Run Malwarebytes under safe mode.
    Since it's less active malware while in safe mode they will be easier to clean.

    But it feels like the best idea would be a format of your HDD after saving all your important files on a USB stick or similar.
     
  3. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    Use an AV Rescue Disc such as Avira Rescue System.
     
  4. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,469
    In the future, you should start a Windows System Partition Imaging program. It is well worth the effort and it makes it easy to quickly correct this type of situation. You would not have to go through the stress and time wasting to attempt to clean Malware from the PC. You would just Restore a "known" clean Windows System Partition Image and the problem is solved.
     
  5. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,469
    I agree. I would start with the Avira Rescue System scan and followup with one or more of the following Anti-Malware scanners in Windows Safe Mode (without Networking):

    1. Dr.Web Cureit (Express Scan only. A Full Scan takes too long.)
    2. SuperAntiSpyware Portable

    Go back into Safe Mode (with Networking), install Malwarebytes Anti-Malware, update and do a Full Scan.
     
  6. kathyL

    kathyL Registered Member

    Joined:
    Apr 16, 2005
    Posts:
    202
    Thank you for so many suggestions and replies.

    I'll have to go back to the original page (read & run first) but I don't know that i have any of that on my computer and I cannot access internet on it.

    How do i go about getting those/that program?

    and, sadly, I do not have a 'recovery' CD...and even if I did, the CD drive on this computer doesnt work (and neither does the one on my laptop; we're sad!).
     
  7. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
  8. kathyL

    kathyL Registered Member

    Joined:
    Apr 16, 2005
    Posts:
    202
    two computers and neither one has a working Drive.

    Is a thumb drive too small? I don't know if the one I have is even a 4 whatever it's measured in... probably only a 2.

    I'm in the PST and am headed to bed then prob won't have time to check in (well check in but not do anything) Saturday.

    thanks again. In the meantime, is there anything I want / need to do to disconnect that computer from the internet?
     
  9. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    For bootable USB, it's better to use AVG or Kaspersky, because of less complex steps. 2 gb is more than enough.

    Why disconnect from the internet? I thought you couldn't connect in the first place. With internet connection, you can download and update all of these tools.
     
  10. kathyL

    kathyL Registered Member

    Joined:
    Apr 16, 2005
    Posts:
    202
    so, what I think you're suggesting is to download either AVG or Kaspersky on to the working computer (that's been a main struggle is that I have not been able to download AVG on either computer for various reasons so I don't know how to fix that, which is why i went with Avast. Have not tried Kaspersky as I'm sure it is not free...) and then transfer it to the sick PC via a thumbdrive?

    But i think it is still accessible via the 'net, no? I tried to get online last night and was not able (nor today) yet this afternoon, Avast popped up saying it had just updated. so if Avast can still connect then that computer, IMO, is still accessible by someone way smarter than I am...

    Thanks. now i must get to bed.
     
  11. clayieee

    clayieee Registered Member

    Joined:
    Apr 14, 2011
    Posts:
    261
    Kaspersky virus removal tool is free dude
     
  12. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    I'm not telling you to download the full programs, just the bootable images from those links. They are freeware.

    Weird behaviour by your system. Try connecting again tomorrow.
     
  13. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    .

    Hi, sorry to hear about your woes :(

    You can just unplug the cable that connects the PC to your router or whatever you're using, that will TOTALLY disconnect the internet connection. Unless you are on wireless ? In which case you will need to go into your PC's connections section & disable it.

    As others have suggested Safe Mode seems like the way to go, for now.

    Have you tried doing a System Restore ? You can do it from SM :thumb: If you can you might find it either cures it, or is a lot more responsive etc. If so you "might" then be able to use any clean up Apps/Tools you have, and/or try going online & get them if not.

    Hope you get it sorted soon :)
     
  14. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,469
    I always have a Puppy Linux CD on hand in case I need it. I have used Puppy Linux to successfully download and burn the Avira Rescue System CD ISO on someone else's PC. You can use Puppy Linux to download and save Anti-Malware exe's directly to an infected PC's hard drive.

    You can also use Puppy Linux to recover data from a PC that will not boot because of Malware. You can copy the data to a USB Flash Drive, USB Hard Drive and burn files to CD/DVD's.
     
  15. kathyL

    kathyL Registered Member

    Joined:
    Apr 16, 2005
    Posts:
    202

    And I don't know what a Puppy Linux CD is, only that I don't have one, nor a CD drive (in operation) to use one...
     
  16. kathyL

    kathyL Registered Member

    Joined:
    Apr 16, 2005
    Posts:
    202
    When I get to those sites, will it be obvious what it is i want/need to download?


    will do...


    Clayieeee - thanks
     
  17. kathyL

    kathyL Registered Member

    Joined:
    Apr 16, 2005
    Posts:
    202
    the PC is hardwired while the laptop is wireless. of course, i want to keep internet connection, just not to the PC...

    Where can I read/learn about safe mode and system restore? These are both 'over my head'...
     
  18. kathyL

    kathyL Registered Member

    Joined:
    Apr 16, 2005
    Posts:
    202

    So, I turned it back on and Avast said it found a malware (wish i'd written it down! rockit or something like thato_O).

    anyway, it wanted to delete it then reboot so i allowed it to.

    the first problem it came up with had to do with Avast:

    File C:\Documents and Settings\All users\Application Data\Avast software\Avast\arpot\795084-bfo-0.dat is infected by Win32:Alureon-FZ

    i've asked Avast to move it the 'chest'...
     
  19. kathyL

    kathyL Registered Member

    Joined:
    Apr 16, 2005
    Posts:
    202
    also, system restore would take it back to the last successful back-up, right?

    I do not know the last time there was a successful back-up on the poor system...
     
  20. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    There is an edit button you know...

    Anyhow, yes downloads will be obvious, just go there.

    You can go to Safe Mode with Networking by pressing F8 on boot-up of your computer. Do it continuously to make sure you don't miss it.

    System Restore may be useful if you remember when the problems started, and is able to restore to a time before that.
     
  21. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,469
    Several months ago someone I know got infected with some sort of "Rogue". He tried to do a normal Windows System Restore and a Windows System Restore from Safe Mode. The "Rogue" blocked both Restore attempts. He successfully did the Windows System Restore using the Command prompt while in Safe Mode. After the successful Windows System Restore, the "Rouge's" popup windows stopped.
    http://support.microsoft.com/kb/304449
     
  22. luciddream

    luciddream Registered Member

    Joined:
    Mar 22, 2007
    Posts:
    2,497
    I'm going to have to agree with this person. At least then you will KNOW you're clean. Before doing that check out the forum "backup, imaging, and disk mgmt" here at Wilders and learn all you can. After restoring Windows to a pristine state you then have a nice image to fall back to if things to awry again.

    Put your data on an external drive and scan the living bejeezus out of it with everything you can throw at it (Kaspersky, Avira, Superantispyware, MalwareBytes, ect...). Throwing infected data back onto a clean OS will just land you right back in this predicament.

    Good luck
     
  23. acuariano

    acuariano Registered Member

    Joined:
    Nov 4, 2005
    Posts:
    786
    did you try winsockfix for repairing internet connection..
    also,i know for sure that if you antivirus finds whatever malware-you have to empty system restore...it can make copies to that location.
     
  24. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    Unplugging the cable to/from the PC router/modem will accomplish that ;) Did you do that ?

    Whilst i was away, i see others have provided that info for you :thumb: Were you able to ?
     
  25. kathyL

    kathyL Registered Member

    Joined:
    Apr 16, 2005
    Posts:
    202
    Wow. There is so much information here. Just managing to check in tonight but little else.

    I'm going to have to print this all out to see what I should do first.

    right off the top of my head, I have these questions:

    I will have to see what 'winsockfix' is and the "empty system restore" command is over my head...

    I somehow missed the suggestion to do a clean format. We were actually heading in that direction (trying to get all the important info off on to an external HD) when we got the virus so all transferring was stopped.

    When you say to put the data on an external HD, is the external i'm scanning with whatever i have available?

    I will have to scan it via my laptop. It is currently running the free version of Avast. I think i also have the Superantispyware and do have the MalwareBytes. I've asked about the Kaspersky and was told the part of it that i needed was free. Even if it is not free (the part I need), would this be a good place for investment?

    thank "you" (whomever! many of you responding...) for the suggestion to "Be sure to Run Malwarebytes under safe mode." I think I've already run that on the PC but not in safe mode.

    Cloneranger also asked if I've disconnected the PC from the internet.
    Sadly, no. I need to print out all instructions and then be able to see that disconnecting the PC will leave internet intact for the other systems we have running on the internet...

    My time is so LTD which is why this poor system has been infected for so long; I hope to throw some time at it tomorrow.
     
Loading...
Thread Status:
Not open for further replies.