Anyone? Please?

The constant threat: viruses, trojans, spyware, ... the list goes on

Anyone? Please?

Post by Deadhead42 on Sun Mar 08, 2009 10:06 pm
([msg=19606]see Anyone? Please?[/msg])

So I've got a hell of a virus on my windows professional xp.

I knew I had something because I was getting ads popping up. I downloaded Ad-aware, Avast, and spy bot- search and destroy. I got some of the stuff off, but apparently not all....

My comp was left on over night, and came back to ads up. I got them off, and ran avast. It was about to restart and take the shit off when it froze bad. I had to restart.

I tried logging on and when it starts to log me on it logs me off just as fast. Nothing even has time to come up, and safe mode does the same.

Can anyone help me?
Deadhead42
New User
New User
 
Posts: 2
Joined: Sun Mar 08, 2009 10:00 pm
Blog: View Blog (0)


Re: Anyone? Please?

Post by Andomis on Mon Mar 09, 2009 12:33 am
([msg=19614]see Re: Anyone? Please?[/msg])

Hello Deadhead42,

I saw this virus a bit ago, I would suggest running a windows repair, then boot directly to safemode + networking, turn off windows restore, download and install all your virus scans, update, run and remove followed by a clean restart, turning back on windows restore.

I didn't mess with it, but I'll ask my bud what he did to remove it.

Hope you have some luck!

Alive,
Andomis
"I'm choking on that four letter word, it sticks in my throat as i read the words YOU wrote..."
User avatar
Andomis
Experienced User
Experienced User
 
Posts: 75
Joined: Thu Oct 23, 2008 8:50 pm
Blog: View Blog (0)


Re: Anyone? Please?

Post by IncandescentLight on Mon Mar 09, 2009 1:02 am
([msg=19617]see Re: Anyone? Please?[/msg])

My suggestion is that you use a "System Restore" at Start>All Programs>Accessories>System tools>System Restore then restore it to an earlier date had the virus. Any dangerous settings or installations will be undone.
Speak softly and carry a big stick -Theodore Roosevelt

http://www.rhetoricalcatch.blogspot.com
User avatar
IncandescentLight
Poster
Poster
 
Posts: 216
Joined: Sun Apr 27, 2008 3:16 am
Blog: View Blog (0)


Re: Anyone? Please?

Post by ajisroot on Mon Mar 09, 2009 1:43 am
([msg=19621]see Re: Anyone? Please?[/msg])

So if you want to nuke your os, loose all your data, configuration, setup, game saves, utils etc, nuke your os. Easiest and most reliable way to go is reloading os.

As for restore to an earlier point, doesn't work, I've seen this a lot, and it never worked.

Couple months ago I found the fix for it.

Step 1: Find some way to remotely edit the file system, you'll need to be able to both copy folders and edit the registry. I'll let you decide what utility to use for that, but googleing UBCD is a good place to start for sure. There's a couple offline registry editors in there, but I mostly use the one disguised as a password removal tool.

Step 2: navigate to \*****\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
make sure there is a key there named Userinit and it's value is C:\WINDOWS\System32\userinit.exe, (<--note; Comma is not a typo... I don't make typo's ;) )
******<---depending on what utility you're using to edit the registry, this can change, so just gotta look through them.

Step3: Once you have that, the rest is a cakewalk. Boot off your windows recovery cd's, and go into the repair mode. This will give you a cmd prompt. Find a clean userinit file (either off the recovery cd which you will have to unpack, or out of your C:\I386 folder) and copy it to C:\Windows\System32\userinit.exe

For me this has worked every time. If you can't figure any steps out, let me know and I can expand upon them with a lot more detail. Other than that, any local repair shop should be able to handle it.




BTW... if this works, when you do get in to windows, save EVERYTHING. If your infected, the problem will return as soon as you reboot.
ajisroot
New User
New User
 
Posts: 4
Joined: Mon Mar 09, 2009 12:46 am
Blog: View Blog (0)


Re: Anyone? Please?

Post by Deadhead42 on Mon Mar 09, 2009 1:46 pm
([msg=19659]see Re: Anyone? Please?[/msg])

Nuking it isn't an option as I do not have the restore cds. I do have the key for the windows xp professional. So I'm guessing I could probably torrent and burn to cd if I had to take that rout? I have the 4gig dvd cds, but not dvd burner now. I'm sure my cd burner could burn off data files on them right?

I'm going to try to what yall said here in a bit.

What about hooking up the hard drive to another computer, and switching the jumper? That would allow me access to the files, and would cause the virus not to load correct?
Deadhead42
New User
New User
 
Posts: 2
Joined: Sun Mar 08, 2009 10:00 pm
Blog: View Blog (0)


Re: Anyone? Please?

Post by ajisroot on Tue Mar 10, 2009 12:21 am
([msg=19714]see Re: Anyone? Please?[/msg])

This could work for the step 3 I posted, but not the first/second. Reason being, the third one all you're doing is editing files. Once you get it loaded up on another pc, replace the userinit and you're good to go. (yes, even if it's not xp pro) If you're doing it on another xp machine, as long as it has the same sp, you could potentially steal the userinit from that machine as well if you needed to. (like if the I386 folder isn't there... which sometimes it isn't.)

As for the downloading of pirated software... I'm not a big fan, and never recommend it. On the other hand, I'm all for freeware: namely linux. Maybe this whole windows virus thing is the computer gods way of telling you it's time to get your hands dirty and switch to linux ;)

Just be advised that if you dont' have the disks for xp, there's no going back, so maybe save that as a last resort. Though if you do decide to go w/ linux, ubuntu is pretty user friendly, and has a good amount of documentation.
ajisroot
New User
New User
 
Posts: 4
Joined: Mon Mar 09, 2009 12:46 am
Blog: View Blog (0)


Re: Anyone? Please?

Post by Andomis on Tue Mar 10, 2009 1:20 am
([msg=19720]see Re: Anyone? Please?[/msg])

What brand of computer do you have?
"I'm choking on that four letter word, it sticks in my throat as i read the words YOU wrote..."
User avatar
Andomis
Experienced User
Experienced User
 
Posts: 75
Joined: Thu Oct 23, 2008 8:50 pm
Blog: View Blog (0)



Return to Malware

Who is online

Users browsing this forum: No registered users and 0 guests