Hi,
I have a PC which isn’t connected to the internet, which became infected with two Win32 viruses. Win:32: Fasec and Win 32: Patched HH. Avast has found them and I removed them to the Virus Chest. Even with that done, I still can’t browse into one of my local hard drives. It comes up with the resycled error message.
Is there another program which will fix this, or am I looking at having to reinstall the operating system?
Thanks
Weezy77
Hi Weezy77,
For the cleansing of this nastiness, also consider performing the following:
The Task Manager has most probably been disabled (Check with Ctrl+Alt+Del). To enable it, go to Start - Run and paste the following command:
REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 0 /f
Hit Enter.
My guess is that the editing the registry has also been disabled. To enable the registry, go to Start - Run and paste the following command:
REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 0 /f
Hit Enter.
Disabling Autorun on all disks could at least keep the nasty from starting up again.
The easiest way to do that is to download TweakUI from here:
http://www.annoyances.org/exec/show/tweakui
Install and start (you will find it under Powertools for Windows - TweakUI).
polonus
Thanks polonus.
I’ll try this out.
Weezy77
Also can you post the names and locations of the infected files that were removed.
If you have any luck with Pols suggestions, you could then try downloading these programs from another pc. You may have to rename the set up files,as well as the launch ( exe ) files;
The rescue disk should not be affected by the virus,as it works without booting windows.
Rescue disc tutorial and link http://forum.avira.com/wbb/index.php?page=Thread&postID=730130#post730130
MBAM and manual updates http://filehippo.com/download_malwarebytes_anti_malware/
http://www.gt500.org/malwarebytes/database.jsp
SAS and manual updates http://filehippo.com/download_superantispyware/
http://www.superantispyware.com/definitions.html
You also try running HJT and posting a log, rename Hijackthis.exe ( eg scanner.exe )
Open choose scan and save a log file, copy paste log from notepad txt
Hi,
The locations are:
C:\DocumentsandSettings\Administrator\Localsettings\Temp\tmp15.tmp (Win32: Fasec)
C:\DocumentsandSettings\Administrator\Localsettings\Temp\tmp16.tmp (Win32: Patched-HH)
These are the two files I moved to the Virus Chest. Thanks for all the extra info.
Weezy77
Howdy Weezy77,
Here is also important info to restore local settings in case of an infestation (from instance from another clean computer, or a USB stick), read: http://www.optimizingpc.com/install/backupdata.html
polonus