Thanks to all for help and advice working through things as fast as pc will let me, managed to get avast installed, the VRDB seems to be taking an age at least 40 mins so far is this normal or just another symptom?
Technical. I didn’t install Panda, it was on the machine when my friend bought it, just want to try to get rid of it for her to put avast and zone alarm on…
Cancel the database thing- let it run later after you’ve cleaned the computer. Up date avast! from your CD and run a boot time scan. That’s priority No. 1.
Download avast! updates here, copy to CD and update avast! on your friend’s computer. (Assuming you haven’t already done so and your friends connection is still out.)
It is never a good idea to have two virus scanners on a comp, they come into conflict with each other (norton and AVG e.g. is a notorious example of this). An extra on line-scanner or scan tool like stinger.exe is a good idea. Scan the lot first, all in safe mode, push f8 on start up, you know or else XP restores the filth back automatically, find the 1.9 version of HijackThis, download the zip, read the instruction on the net, make an empty file in the Program Files, name it HijackThis, unzip HijackThis there (after you scanned the zipfile of course), and run it from a shortcut you placed on the desktop. Interesting to see what you have there. Download Startup.List and run the program from the desktop, interesting to know what is in this. Sometimes HijackThis cannot clean out some malware, you have to find the uninstaller from a trustworthy site (but there are lot of rogue sites that give you additional malware, so watch out, you do it at your own risk or your friend’s if she lets you do this. Place your Hijackfile on the gladiator.forum site, register there, and ask the Admin or a qualified helper to help you out with your HJT logs. If it is malware or spyware, they are qualified to do this, and make a good job of this. I am only learning to do this, but not qualified as yet, only a member, but I am learning to do this.
Thanks again everybody…but the time has come for it to go to the doctor…spoke with the shop she purchased it from today, he was a great help also, he even talked me through doing a repair of XP…but sad to say it did not work…he said it must be full of virus and trojan…the pc now will only get as far as the desktop and that is it…click anything and the eggtimer comes on and stays there…have tried F8 not even an option there for safe mode, only to reboot from floppy. cd/dvd. IDE 0 or IDE 1, so that is no help at all…I have learned loads from you guys over the last 2 days and really appreciate it…
There does get to a point where you/they have to bite the bullet, save what data files, favourites, emails, addressbook, etc. and start from a clean formatted disk. They are very close to this point.
Unfortunately offering distance advice and help doesn’t always get the job done.
Has your friend got a wireless keyboard? It’s impossible to boot into safe mode with these. You would have to plug in a corded keyboard.
Once in safe mode, run all the anti-virus tools mentioned before (Sysclean, Stinger avast! Virus Cleaner). You’re not installing them so they won’t conflict.
If your computer still isn’t working, think about a reinstall, but even a computer in the condition you mention can clean up to a workable state in the end (bearing in mind my original warning that it impossible to guarantee 100% security in such a case, so internet shopping, banking etc would still be a risk.)
Be honest about it. A small virus incident, OK Even some spyware you can take off with a removal tool or a known LSP insert that is not too complicated. OK, you can recover from that easily, and the machine won’t be compromised. But a computer in this state of SUSZANNAH’s friend, a real druid from the isle of Man couldn’t make it function again if he ever could. I would not trust this desktop again for the life of me or it must be clean and re-installed. Save all the data from the corrupted one as far as it goes, and then do the inevitable. I know what I am talking about I have been there, won a T-shirt, so to say. After a klez infection, that took out 30% of my ‘windhose’ files in the good old days, when providers did not screen your very e-mails. It is a bit of a mourning process to loose a comp installation on an incident like that, I know, but after one evening of cleaning up, re-installing the OS, getting the drivers back-on, and putting back the data, I could run the un-compromised thingy. Now I have a restore program and back up on DVD regularly, so with one click I go back to the version of 5 minutes before whenever it becomes sloppy to the time it was working perfectly without the problem, also minus virus or spyware. RESTORE-IT as a programme it is worth every penny of it, and saved me many a pain in the neck, believe me my friends. My wife gave it to me as a present, and it was the best thing I got.
People often don’t learn a lesson until they feel the pain, there is a lot of pain involved in a format and clean install and it is not something I recommend lightly.
Another valuable lesson that they will have learnt is if you don’t want to lose it back it up and by far the easiest is a disk image, I do one every week and back up volatile date every day (emails, data files, addressbook, favourites, etc.).
If I ever get in serious trouble I simply install the last image, restore the data files daily back-up, so very little will be lost. I can’t remember the last time I had to restore an image but a 10-15 exercise compared to a format and reinstall, no contest.
Well waiting to see my friend to explain what has happened, in the mean time have tried to get it to run, on F8 safe mode is not an option, it keeps saying ‘Error loading operating system’ only options are
Floppy
IDE 0
IDE 1
CD/DVD
tried with cd it lets you install the files, then on reboot comes back with the error message as before, no idea what has gone on as yesterday at least I had the desktop on there, havn’t messed with anything regarding settings…just wondered really why there is no safe mode option…will have to be a shop job…just curious of the error message… :
although the PC is most probably riddled with malware, this error sounds suspiciously like hardware error, e.g. Harddisk-problems…
have you managed to backup the most important files earlier ?
if so, try booting with XP-CD and removing/deleting the existing (system/Windows)partition completely, make TWO new partitions, and do a clean install into the first one
(2nd partition is for data and helps keep your data in case of beeding a reinstal in the future)
if not, at least boot with XP-CD, then go to repair console (“DOS”) and do CHKDSK and (if available) SCANDISK with option of intensive / SURFACE test
From what you tell me here, I fear you have cleaned out part of an essential item to run windows. You can be saved by someone with a special mirror disk run only to burn the data to
image the contents of the machine, but these are specialists.From what I hear what you tell us in your posting last, this virus is a very tricky one. Have you tried the bios settings, can you alter and reset there… I agree with DadvidR, this is a hacker’s virus that can land you in big trouble. That is why it is mighty important to always have a copy of the registry and the system files. If a vital component of windows system is missing, you have the situation at hand you find yourself in now , you cannot start up…no way. There are trojaned viruses, that an internet service provider may let through, because it can hide for the nick of time it has to slip by, it is like the rogue that puts nylons over his head, you cannot see his face and nail him, but thank AVAST it will trace this baddy later.
But I ask DavidR’s opinion if she(they) can get away without " total recall"?
Thank you …at least I can get as far as the DOS prompt, but from there I am lost…but I have tried, I am ok at following instructions, but at a loss without them…she hadn’t finished saving her documents…does this mean that the disks she has saved are also infected?
That may not be the case. But educate her to do this next time around, no one can live without a CD or DVD with essential data of their comps nowadays. If what whocares says is true it can be the feed that can take the harddisk down, an accumulation of dust can cause that. People have to open up their computers or turn their keyboards once a year to have the dust out. But what I hear from what you tell in this thread that is not the case. The machine then must hum a different tune, you must hear it tick. No it is definitely a virus or a combination of malware and virus, or I must be very wrong. Hang in there try to push very swiftly alternating between the upward and downward arrows on your keyboard console, and tell us what happens there…
Check my first post in this thread and you will find I said the same thing.
However there are people who don’t have the option of reinstalling the OS. There seem to be plenty of people who can’t find the CD’s that came with their computer. I have cleaned a few computers in this situation which have been without any anti-virus or firewall and have been infested with just about every item of spyware, virus, worm, bot and Trojan known to man.
(Leaving with a warning not to use that computer for internet shopping or storing confidential info. etc. of course!)
I did feel as though I was doing battle with the hoards of Mordor, although I wasn’t the wizard, it was the people who wrote the many excellent anti-malware programs available. All I had to do was to wander the battlefield afterwards and stab a few remaining Orcs.
It’s definitely not recommended: ‘nuke and pave’ (reinstalling the original operating system) is the only way to guarantee 100% security after a malware attack. But if the computer is only used for casual web browsing or gaming, it can be worth a try. It’s a case of weighing up the risks. (And it’s also an interesting real life test of anti-malware programs.)
Suszannah, you haven’t said if your friend is using a wireless keyboard?
If not, then it probably is time to find those restore CD’s that came with the computer.
If your friend has important information still on the hard disk, a virus expert may be able to boot from a special CD and recover the information, or to remove the hard disk, run it as a slave and if not repair any virus damage, then recover important files.
No she has a wired keyboard, after following whocares’s advice managed to get it do do chkdsk which came out as ok…but no option at the dos prompt to run scandisk…I havn’t deleted anythng so no idea how part of windows could be missing, the only disk here is the xp installation disk…
