I have a system that I've been trying to clear a virus from. It's running WinXP, but with only SP1. The system wasn't ever updated and is one good reason it had many viruses on it in the first place. The owner doesn't have the original XP cd so I can't just format the drive and start from scratch (Otherwise I would have!) It had an old instillation of McAfee, which I removed (since it sucks). I installed the latest version of AVG on the system and that cleared a bunch of the infections off, but not all of them. I uninstalled AVG and installed Avast!. Avast! found some more stuff, but it still couldn't seem to clear all the infections. There seemed to be some sort of trojan dropper or autoloaded still hidden somewhere. Anytime I would connect the system to the net, Avast! would bring up tons of new warnings that the system was trying to send out spam. I ran some other utilities to check what process were running but couldn't find anything. I broke down and got a copy of CA Internet Security and ran it. It found a few more viruses and deleted them. I still don't believe the system is clean, though, since after every other scan it detects the same virus reloaded again.

As a side note, windows no longer will normally boot now. I can boot into safe mode, but during a normal boot (as the XP scroll is loading just before login), I see a BSOD flash and the system reboots(too quick to read). I've tried using another XP cd to boot from and run repair, but there is a sys admin password which I don't know and can't understand why it's even there.

Anyways....

Does anyone know of a good AV program, or maybe something I can install/run from safemode that is any good? Or if worse comes to worse, anyone know where I can get a cheap copy of WinXP?

Thanks in advance.

It sounds like you have gotten things pretty badly embedded in your OS ... plus you are running SP1. Probably not worth expending a lot more time on this.

You say you have another copy of the XP CD ... so the machine you are having the problems with should have an XP CoA (certificate of authenticity) with a valid product key - look for a sticker like this:

http://www.telecommander.com/pics/links/operatingsystems/mswinxppropeeloem/mswinx2.jpg

If it does install from scratch (using the other machine's CD) but use the product key on the machine in question. Now, if the CD is XP SP2 this might cause a problem .. I don't know if there is an authentication issue with an SP1 key and a SP2 CD. There are also places selling CoA labels ... supposedly pulled off of old machines ... but you might just want to bite the bullet and go legit.

Going price for XP/SP2 on eBay is around $85. Or maybe Mouse can help you out.

i think even if you have an sp1/sp2 key issue, all you have to do is call in and they pretty much give you a new one.

It sounds like you have gotten things pretty badly embedded in your OS ... plus you are running SP1. Probably not worth expending a lot more time on this.

You say you have another copy of the XP CD ... so the machine you are having the problems with should have an XP CoA (certificate of authenticity) with a valid product key - look for a sticker like this:

http://www.telecommander.com/pics/links/operatingsystems/mswinxppropeeloem/mswinx2.jpg

If it does install from scratch (using the other machine's CD) but use the product key on the machine in question. Now, if the CD is XP SP2 this might cause a problem .. I don't know if there is an authentication issue with an SP1 key and a SP2 CD. There are also places selling CoA labels ... supposedly pulled off of old machines ... but you might just want to bite the bullet and go legit.

Going price for XP/SP2 on eBay is around $85. Or maybe Mouse can help you out.

I'm probably going to have to start from scratch, but I'm trying to avoid making the owner pay for another XP copy. I was going to check the next computer show thats in town for copies.

But I'll ask again, what AV program is the best? My experience is; Norton is bloated, McAfee is crazy with all of it's parts, AVG and Avast don't work for this case. Kaspersky? Panda? Something else?

have you tried buying a can of raid and spraying on that shit? :D:D:D

tell me about it, same situation also.....

I'm probably going to have to start from scratch, but I'm trying to avoid making the owner pay for another XP copy. I was going to check the next computer show thats in town for copies.

But I'll ask again, what AV program is the best? My experience is; Norton is bloated, McAfee is crazy with all of it's parts, AVG and Avast don't work for this case. Kaspersky? Panda? Something else?
i like this one:

http://www.eset.com/

Bump!!!

It sounds like a root kit problem. Honestly at this point you have no choice but to reinstall. Even if you *did* get all of the detectable viruses cleared I wouldn't trust that install ever again. I wouldn't trust anything that came from that machine.

Sounds nasty. Did you get an e-mail from pseudofan?

Well, I'm going to try MSKeyViewer-Plus. It lets you recover the product key from any XP instillation. I'll reinstall XP and use the recovered key to activate it. I'll post how that all goes later.

http://www.download.com/MSKeyViewer-Plus/3000-2094_4-10493859.html?tag=toprated

Sounds nasty. Did you get an e-mail from pseudofan?


I've heard some nasty sounds coming from upstairs while he's been working on it, no doubt. :wow


:lmao @ pseudofan's email

As far as which is best ... I have AT&T Yahoo! DSL and includes the CA AV and anti-spyware tools. I have yet to have anything get by it (and I check frequently with other virus/spy detection tools to make sure). I jettisoned Norton/Spyware Doctor a year ago and have been happy. Even better since we have quite the home network we get to install it on all the machines. So ... if you have AT&T Yahoo instead of Time Warner, check it out.

My brother used to use the TW-provided tools down there and they were absolutely the suck.

you can do a repair install

Whenever I need to re-format my computer, it also runs XP, I just restart and press F10 hella right when it starts and it brings up the Re-Formatting screen, you can do a quick re-format where it deletes everything and starts from scratch with XP pre-installed or you can do the advanced one where it keeps your documents, but with that one I think your virus would still be there.

I still don't believe the system is clean, though, since after every other scan it detects the same virus reloaded again.





Do a google on the virus or file name that keeps installing. That should guide you to many tech forums that will tell you which program is best used to remove that particular virus/trojan.

Sorry for late reply I work for the pawnshops on Mondays and Wednesdays.


If your HD is infected? (which seems to be the case) you need to wipe it clean. Reinstalling XP won't do the trick. find out what brand HD you are using and go the the Goggle and download an Eraser disc. I have all the ones you need if you stop by.

After you ERASE your HD you will need a copy of XP which I happen to have. You will have 30 days to call in to activate it. It takes 5 minutes. They will see the code you used to install windows and automatically know it was me that installed it. I have used that same XP disc for over 60 different computers. I practically know most of the folks at Microsoft 90% of them are from INDIA.

They will give you a new product key and then you can download windows Packs one and two.

Unless you completely erase the HD you will never truly be Trojan free. Some infections hide in the memory also. I can flush your PC install some killer protection and put in a VISTA pack and some cool snacks for a 12 pack of rolling rock.

If not,

good luck

561-9941

Do a Google on the virus or file name that keeps installing. That should guide you to many tech forums that will tell you which program is best used to remove that particular virus/Trojan.

The new shit that is out there is undetectable. I have found some infections that get past AVAST and AVG one Trojan uses the file name MSN. EWIDO seems to be the one who is finding most of the shit out there.

But if you have an infected HD chances are there will be a small driver the Virus scans did not pick up and the Trojan/Virus can re spawn itself. I have seen it happen.

The best way is complete format eraser tool. If you think XP completely ERASES your HD?

then download RECUVA or any other Data retrieving software and you will see how many files it was able to recover. If it recovers just one file, that is one file to many.

Well thanks for the advice (even though it was too late LOL).

I got the WinXP key from the system using the tool I found. I formatted the hard drive (not quick format). I installed XP from another CD, but I couldn't get it authorized online so I had to call Microsoft. I told the tech that the system needed reformatting and they gave a code and its now authorized. It works fine and I set it to auto update. SP2 was installing last night and I'm going to reinstall the AV and another prog I found so it should be secure. All is well....

Also, for future reference, a thorough clean of viruses on a PC should happen with System Restore disabled.

Also, for future reference, a thorough clean of viruses on a PC should happen with System Restore disabled.

Yeah, I did that first. Whatever was on there was very well hidden. Boot scans, process viewers, and 5 different AV progs couldn't detect it. Since there wasn't anything really worth saving the reformat was the way to go.

Also, for future reference, a thorough clean of viruses on a PC should happen with System Restore disabled.
What do you mean? Do you disable it just while you're running your virus programs and cleaning up the HD and then enable it again or should you disable it all the time?Because on the new Vista OS the System Restore Logs can take up to 30% of your HD space, so I wonder how useful it really is. Also it only goes back about a week since it logs a new one every time your system is updated and Avast updates your system almost every day.

^ Disable it first, do your scan, then re enable it.

^ Disable it first, do your scan, then re enable it.Why, what difference does it make whether it's on or not when you scan?

Why, what difference does it make whether it's on or not when you scan?
restore may be backing up an infected file.