×
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!
  • Students Click Here

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

Jobs

Very Nasty Virus/Spyware
3

Very Nasty Virus/Spyware

Very Nasty Virus/Spyware

(OP)
This is Windows XP SP3. I have encountered an extremely nasty virus/spyware situation and everything I have tried has produced some results but not enough to straighten out the machine. The malware/virus occurred under a user with administrative rights. This user does alow for a boot up but the system is not very functional. Most icons render an "Application Not Found" message or a "Select the Program to Opwn This with" window with a list of choices. There is the standard administrative login that, while not perfect, does allow me to perform some analysis and take some corrective measures. From that login I have run MalwareBytes which caught close to 80 things, then I ran SuperAntiSpyware which caught about another 15, then I ran Spyware terminator which caught another 4 and then I ran an Avast scan which also caught four items. After this I tried unsuccessfully to implement several previous restore points but none of them ran successfully. The restore point I created today before trying to run the older ones did restore properly. I ran Combo Fix which caught a RootKit and rebooted and then finished upon reboot. I then rebooted and logged in under the other login but all the corruption characteristics are still there. I tried to download ComboFix and run from this login but the icon functions like all the other corrupt icons, producing a "Select the Program to Open this with" window. I am looking for suggestions, ideas, assistance before I just install a new drive, lay down a fresh install, grab the files I need off the old drive, and move on. I would like to fix this if at all possible. Thanks much for any assistance!!!

RE: Very Nasty Virus/Spyware

You have pretty much taken all the corrective measures, except one, to get rid of all RESTORE POINTS, as that is a place where some malwares hide...

after cleaning out the RESTORE POINTS, you could attempt a repair installation with a XP SP3 CD, and if that fails then do a complete clean install and recover the data from the affected drive...

How to Perform a Windows XP Repair Install
http://www.michaelstevenstech.com/XPrepairinstall.htm

 

Ben
"If it works don't fix it! If it doesn't use a sledgehammer..."
How to ask a question, when posting them to a professional forum.
Only ask questions with yes/no answers if you want "yes" or "no"

RE: Very Nasty Virus/Spyware

I assume you're trying to straighten out this operating system by running MalwareBytes, Avast, etc., which are all installed on that machine.

Bear in mind that you are spending time (and possibly money) on trying to repair a system which may never be quite the same again, even if you manage to get it squeaky clean...

I'd remove the hard disk from that machine and attach it as a secondary drive to another PC with a known clean operating system.  Run that machine's antivirus and let it scan the secondary (compromised) drive.  Use something like Antivir's Avira, for example.

When you try to clean a machine using its own antivirus system, the malicious code is often clever enough to hide itself, transmogrify, or just plain switch off or corrupt whatever you have installed to clean it.

ROGER - G0AOZ.
 

RE: Very Nasty Virus/Spyware

(OP)
Both very good advice. Thank you very much. I hadn't thought of the restore points. I am really reluctant to spend time repairing (a repair install) the operating system because I really feel that the environment is so flawed at this point it will not really ever be clean. I was intending to put a new drive in there, lay down the operating system, hook the old drive up, run some corrective tools again on that drive from the new drive, see how that goes, and grab the documents, email, etc. from the old drive that are needed to go forward. Now here's a followup question. I would like to wipe out the bad drive with a reformat and repartition with different parameters and then clone the new drive back onto the old and reuse it. Will a repartition with a different sized partition and a reformat clean that drive of everything that might be lingering? Sounds like a stupid question but this thing is so nasty and it has me a little spooked!

RE: Very Nasty Virus/Spyware

Your tale of woe is a classic example of why no-one should ever use there PC with Administrator rights (but switch to admin when necessary).

Repartitioning a drive & re-formating will not necessarily destroy all the data.

There are a number of disk wiping tools what will ensure that the drive is fully over written.

my advise would be to down load one of the many live Linux toolkit CD's

Most of these also have Antivirus Software (complete with online definition updates) with the advantage that any compromised files on  the host machine will not be able to run & re-infect the system.

 

RE: Very Nasty Virus/Spyware

(OP)
Yes IPGuru, I am well aware of the issues with login with administrative rights. I have 50 machines at work, only four of them have administrative rights. Three of the four users are very careful, but on the fourth machine, every 3 to 6 months it requires major attention. You are definitely preaching to the choir here. Thanks a lot for the advice on the reformat. I will look for some tools to assist with the wipe out of the drive. Thanks very much for your post and for the others as well.

RE: Very Nasty Virus/Spyware

Quote:


Three of the four users are very careful, but on the fourth machine, every 3 to 6 months it requires major attention.

That says it all smile
My guess is it is the usere that needs "Attention" smile

To be honest I expected my mention of the "L" word to get me lots of trouble.

For wipeing the drive any live Linux should include dd which will do the job just fine
from a root command prompt.

CODE

dd if=/dev/zero of=/dev/sda
This assumes that the disk to be wiped is /dev/sda. for safty I would not have any other hard disk connected.

dd can also be used to make a drive image if req.

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members! Already a Member? Login

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close