Results 1 to 24 of 24
  1. #1
    SW: Hot As Hell
    Post Count
    7,069
    NBA Team
    San Antonio Spurs
    I have a system that I've been trying to clear a virus from. It's running WinXP, but with only SP1. The system wasn't ever updated and is one good reason it had many viruses on it in the first place. The owner doesn't have the original XP cd so I can't just format the drive and start from scratch (Otherwise I would have!) It had an old instillation of McAfee, which I removed (since it sucks). I installed the latest version of AVG on the system and that cleared a bunch of the infections off, but not all of them. I uninstalled AVG and installed Avast!. Avast! found some more stuff, but it still couldn't seem to clear all the infections. There seemed to be some sort of trojan dropper or autoloaded still hidden somewhere. Anytime I would connect the system to the net, Avast! would bring up tons of new warnings that the system was trying to send out spam. I ran some other utilities to check what process were running but couldn't find anything. I broke down and got a copy of CA Internet Security and ran it. It found a few more viruses and deleted them. I still don't believe the system is clean, though, since after every other scan it detects the same virus reloaded again.

    As a side note, windows no longer will normally boot now. I can boot into safe mode, but during a normal boot (as the XP scroll is loading just before login), I see a BSOD flash and the system reboots(too quick to read). I've tried using another XP cd to boot from and run repair, but there is a sys admin password which I don't know and can't understand why it's even there.

    Anyways....

    Does anyone know of a good AV program, or maybe something I can install/run from safemode that is any good? Or if worse comes to worse, anyone know where I can get a cheap copy of WinXP?

    Thanks in advance.

  2. #2
    Believe. CubanMustGo's Avatar
    Location
    Back in the SATX, 43 years later
    Post Count
    10,567
    NBA Team
    San Antonio Spurs
    College
    Trinity Tigers
    It sounds like you have gotten things pretty badly embedded in your OS ... plus you are running SP1. Probably not worth expending a lot more time on this.

    You say you have another copy of the XP CD ... so the machine you are having the problems with should have an XP CoA (certificate of authenticity) with a valid product key - look for a sticker like this:



    If it does install from scratch (using the other machine's CD) but use the product key on the machine in question. Now, if the CD is XP SP2 this might cause a problem .. I don't know if there is an authentication issue with an SP1 key and a SP2 CD. There are also places selling CoA labels ... supposedly pulled off of old machines ... but you might just want to bite the bullet and go legit.

    Going price for XP/SP2 on eBay is around $85. Or maybe Mouse can help you out.
    Last edited by CubanMustGo; 08-06-2007 at 10:24 AM.

  3. #3
    I cannot grok its fullnes leemajors's Avatar
    Post Count
    24,176
    NBA Team
    San Antonio Spurs
    College
    Texas Longhorns
    i think even if you have an sp1/sp2 key issue, all you have to do is call in and they pretty much give you a new one.

  4. #4
    SW: Hot As Hell
    Post Count
    7,069
    NBA Team
    San Antonio Spurs
    It sounds like you have gotten things pretty badly embedded in your OS ... plus you are running SP1. Probably not worth expending a lot more time on this.

    You say you have another copy of the XP CD ... so the machine you are having the problems with should have an XP CoA (certificate of authenticity) with a valid product key - look for a sticker like this:



    If it does install from scratch (using the other machine's CD) but use the product key on the machine in question. Now, if the CD is XP SP2 this might cause a problem .. I don't know if there is an authentication issue with an SP1 key and a SP2 CD. There are also places selling CoA labels ... supposedly pulled off of old machines ... but you might just want to bite the bullet and go legit.

    Going price for XP/SP2 on eBay is around $85. Or maybe Mouse can help you out.
    I'm probably going to have to start from scratch, but I'm trying to avoid making the owner pay for another XP copy. I was going to check the next computer show thats in town for copies.

    But I'll ask again, what AV program is the best? My experience is; Norton is bloated, McAfee is crazy with all of it's parts, AVG and Avast don't work for this case. Kaspersky? Panda? Something else?

  5. #5
    Spur-taaaa TDMVPDPOY's Avatar
    Post Count
    41,384
    NBA Team
    San Antonio Spurs
    have you tried buying a can of raid and spraying on that ?

    tell me about it, same situation also.....

  6. #6
    I cannot grok its fullnes leemajors's Avatar
    Post Count
    24,176
    NBA Team
    San Antonio Spurs
    College
    Texas Longhorns
    I'm probably going to have to start from scratch, but I'm trying to avoid making the owner pay for another XP copy. I was going to check the next computer show thats in town for copies.

    But I'll ask again, what AV program is the best? My experience is; Norton is bloated, McAfee is crazy with all of it's parts, AVG and Avast don't work for this case. Kaspersky? Panda? Something else?
    i like this one:

    http://www.eset.com/

  7. #7
    SW: Hot As Hell
    Post Count
    7,069
    NBA Team
    San Antonio Spurs
    Bump!!!

  8. #8
    Wanna kill all Humans? u2sarajevo's Avatar
    Location
    Omicron Persei 8
    Post Count
    634
    NBA Team
    Dallas Mavericks
    College
    Texas Longhorns
    It sounds like a root kit problem. Honestly at this point you have no choice but to reinstall. Even if you *did* get all of the detectable viruses cleared I wouldn't trust that install ever again. I wouldn't trust anything that came from that machine.

  9. #9
    Hedo Layup Drill ShoogarBear's Avatar
    Location
    Silver Spring, MD
    Post Count
    39,519
    NBA Team
    San Antonio Spurs
    Sounds nasty. Did you get an e-mail from pseudofan?

  10. #10
    SW: Hot As Hell
    Post Count
    7,069
    NBA Team
    San Antonio Spurs
    Well, I'm going to try MSKeyViewer-Plus. It lets you recover the product key from any XP instillation. I'll reinstall XP and use the recovered key to activate it. I'll post how that all goes later.

    http://www.download.com/MSKeyViewer-...l?tag=toprated

  11. #11
    Mrs.Useruser666 SpursWoman's Avatar
    Name
    Christy
    Post Count
    27,175
    NBA Team
    San Antonio Spurs
    Sounds nasty. Did you get an e-mail from pseudofan?

    I've heard some nasty sounds coming from upstairs while he's been working on it, no doubt.


    @ pseudofan's email

  12. #12
    Believe. CubanMustGo's Avatar
    Location
    Back in the SATX, 43 years later
    Post Count
    10,567
    NBA Team
    San Antonio Spurs
    College
    Trinity Tigers
    As far as which is best ... I have AT&T Yahoo! DSL and includes the CA AV and anti-spyware tools. I have yet to have anything get by it (and I check frequently with other virus/spy detection tools to make sure). I jettisoned Norton/Spyware Doctor a year ago and have been happy. Even better since we have quite the home network we get to install it on all the machines. So ... if you have AT&T Yahoo instead of Time Warner, check it out.

    My brother used to use the TW-provided tools down there and they were absolutely the suck.

  13. #13
    bandwagoner fans suck ducks's Avatar
    Post Count
    74,377
    NBA Team
    San Antonio Spurs
    you can do a repair install

  14. #14
    Maaaaaannnn fuck.... E20's Avatar
    Location
    California
    Post Count
    15,142
    NBA Team
    San Antonio Spurs
    College
    Cal Bears
    Whenever I need to re-format my computer, it also runs XP, I just restart and press F10 a right when it starts and it brings up the Re-Formatting screen, you can do a quick re-format where it deletes everything and starts from scratch with XP pre-installed or you can do the advanced one where it keeps your do ents, but with that one I think your virus would still be there.

  15. #15
    My Playlist > Yours Pistons < Spurs's Avatar
    Name
    Erik Senecal
    Location
    Ann Arbor
    Post Count
    27,176
    NBA Team
    Detroit Pistons
    College
    Kansas Jayhawks
    I still don't believe the system is clean, though, since after every other scan it detects the same virus reloaded again.


    Do a google on the virus or file name that keeps installing. That should guide you to many tech forums that will tell you which program is best used to remove that particular virus/trojan.

  16. #16
    Believe.
    Post Count
    1,297
    NBA Team
    San Antonio Spurs
    Sorry for late reply I work for the pawnshops on Mondays and Wednesdays.


    If your HD is infected? (which seems to be the case) you need to wipe it clean. Reinstalling XP won't do the trick. find out what brand HD you are using and go the the Goggle and download an Eraser disc. I have all the ones you need if you stop by.

    After you ERASE your HD you will need a copy of XP which I happen to have. You will have 30 days to call in to activate it. It takes 5 minutes. They will see the code you used to install windows and automatically know it was me that installed it. I have used that same XP disc for over 60 different computers. I practically know most of the folks at Microsoft 90% of them are from INDIA.

    They will give you a new product key and then you can download windows Packs one and two.

    Unless you completely erase the HD you will never truly be Trojan free. Some infections hide in the memory also. I can flush your PC install some killer protection and put in a VISTA pack and some cool snacks for a 12 pack of rolling rock.

    If not,

    good luck

    561-9941

  17. #17
    Believe.
    Post Count
    1,297
    NBA Team
    San Antonio Spurs
    Do a Google on the virus or file name that keeps installing. That should guide you to many tech forums that will tell you which program is best used to remove that particular virus/Trojan.
    The new that is out there is undetectable. I have found some infections that get past AVAST and AVG one Trojan uses the file name MSN. EWIDO seems to be the one who is finding most of the out there.

    But if you have an infected HD chances are there will be a small driver the Virus scans did not pick up and the Trojan/Virus can re spawn itself. I have seen it happen.

    The best way is complete format eraser tool. If you think XP completely ERASES your HD?

    then download RECUVA or any other Data retrieving software and you will see how many files it was able to recover. If it recovers just one file, that is one file to many.

  18. #18
    SW: Hot As Hell
    Post Count
    7,069
    NBA Team
    San Antonio Spurs
    Well thanks for the advice (even though it was too late LOL).

    I got the WinXP key from the system using the tool I found. I formatted the hard drive (not quick format). I installed XP from another CD, but I couldn't get it authorized online so I had to call Microsoft. I told the tech that the system needed reformatting and they gave a code and its now authorized. It works fine and I set it to auto update. SP2 was installing last night and I'm going to reinstall the AV and another prog I found so it should be secure. All is well....

  19. #19
    Veteran to21's Avatar
    Post Count
    3,158
    NBA Team
    San Antonio Spurs
    College
    Texas Longhorns
    Also, for future reference, a thorough clean of viruses on a PC should happen with System Restore disabled.

  20. #20
    SW: Hot As Hell
    Post Count
    7,069
    NBA Team
    San Antonio Spurs
    Also, for future reference, a thorough clean of viruses on a PC should happen with System Restore disabled.
    Yeah, I did that first. Whatever was on there was very well hidden. Boot scans, process viewers, and 5 different AV progs couldn't detect it. Since there wasn't anything really worth saving the reformat was the way to go.

  21. #21
    Blonde Yet Smart 2Blonde's Avatar
    Location
    San Antonio/Canyon Lake/Spring Branch
    Post Count
    3,377
    NBA Team
    San Antonio Spurs
    College
    Texas Longhorns
    Also, for future reference, a thorough clean of viruses on a PC should happen with System Restore disabled.
    What do you mean? Do you disable it just while you're running your virus programs and cleaning up the HD and then enable it again or should you disable it all the time?Because on the new Vista OS the System Restore Logs can take up to 30% of your HD space, so I wonder how useful it really is. Also it only goes back about a week since it logs a new one every time your system is updated and Avast updates your system almost every day.

  22. #22
    Veteran to21's Avatar
    Post Count
    3,158
    NBA Team
    San Antonio Spurs
    College
    Texas Longhorns
    ^ Disable it first, do your scan, then re enable it.

  23. #23
    Blonde Yet Smart 2Blonde's Avatar
    Location
    San Antonio/Canyon Lake/Spring Branch
    Post Count
    3,377
    NBA Team
    San Antonio Spurs
    College
    Texas Longhorns
    ^ Disable it first, do your scan, then re enable it.
    Why, what difference does it make whether it's on or not when you scan?

  24. #24
    I cannot grok its fullnes leemajors's Avatar
    Post Count
    24,176
    NBA Team
    San Antonio Spurs
    College
    Texas Longhorns
    Why, what difference does it make whether it's on or not when you scan?
    restore may be backing up an infected file.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •