Results 1 to 11 of 11
  1. #1
    Silver Lounger
    Join Date
    Jan 2001
    Location
    Swanzey, New Hampshire, USA
    Posts
    1,707
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Trying to salvage a badly infected system (XP Home SP-1)

    Okay..... here's a brief description of the issue: A client dropped off her PC that she said had a "few problems". She had no current AV software, no Antispyware, and no firewall. O/S was Win XP (Home) FAT32 with no service packs installed and Windows Update disabled. <IMG SRC=http://www.the-highway.com/Smileys/drop.gif> Yes, I knew what I might be getting into, but why else would people ask me to fix their ailing machines if they still worked? <img src=/S/grin.gif border=0 alt=grin width=15 height=15> Anyway.. ran through a couple of Antivirus scans and found most if not all of the MANY viruses, worms and trojans. Installed Ad-aware and let it do it's thing and got rid most everything. Ran Hijackthis and got rid of the remaining "baddies". And then I installed SP-1. So far it all sounds great, eh? Well, here are the issues I need help with:

    1) Cannot run "regedit" or a few programs in normal Windows mode. The applications window flashes for a second and then nothing. But I can run "regedit" in Safe Mode, using the Administrator account.

    2) The user account that has Administrator privileges is limited, i.e., I've tried doing a few tasks and I was told that the account didn't have Administrator privileges. E.g. I tried running the Microsoft Update Disk to save download time and I was not allowed, either in normal Windows mode or using the Administrator account in Safe Mode. Hijackthis can only be run in Safe Mode. Bottom line, some functions are blocked in normal Windows mode which can be done in Safe Mode and others cannot be done in either mode. So, evidently there is some kind of "security" problem which I suspect is being caused by a corrupted/missing file(s), etc.????

    3) The "Search" utility is broken. When I try and run it, an error message is displayed saying basically that a file(s) is missing necessary to run Search Companion. The Search window opens and the left side is blank.

    4) There are a number of files which are huge and which I have never seen before. I'm hoping, of course, to be able to delete them. See the screenshot below.

    I would appreciate some help on these items. My next anticipated course of action is to do a "Repair Install" of XP and if that fixes the broken Search, regedit, etc. issues, which I expect it won't because I'm guessing that the "Administrator rights" problem is related. Should I get this beast relatively back to normal, I plan on converting the FAT32 system to NTFS.

    THANKS!!

    Jeff
    Jeff
    simul iustus et peccator

  2. #2
    Uranium Lounger viking33's Avatar
    Join Date
    Jun 2002
    Location
    Cape Cod, Massachusetts, USA
    Posts
    6,308
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: Trying to salvage a badly infected system (XP Home SP-1)

    Jeff,

    How about a good ole' fashioned CLEAN reinstall?

    Anyone who leaves their system and data THAT exposed and UN updated should start from scratch and also have the necessary security tools put in place before they touch the machine again.
    You can also give them a sound tutorial on updating and maintaining a computer. ( at a fee, of course ! )

    If you can retrieve any data before using the "big eraser", so much the better.
    BOB
    http://lounge.windowssecrets.com/S/flags/USA.gif http://lounge.windowssecrets.com/S/f...sachusetts.gif


    Long ago, there was a time when men cursed and beat on the ground with sticks. It was called witchcraft.
    Today it is called golf!

  3. #3
    Silver Lounger
    Join Date
    Jan 2001
    Location
    Swanzey, New Hampshire, USA
    Posts
    1,707
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Trying to salvage a badly infected system (XP Home SP-1)

    Hey Bob,

    I hear ya! But I'm the incorrigible type and like a challenge. So far I have the problem with running regedit and Hijackthis issue resolved (found 25 more infected files), but I still can't install SP-2 nor can I convert the file system from FAT32 -----> NTFS using the command line. Here's what I get when I run this: C:> CONVERT C: /fs:ntfs
    in the command prompt:
    __________________________________________________ ____________

    Cocuments and SettingsRachael>C:
    'C:' is not recognized as an internal or external command,
    operable program or batch file.

    Cocuments and SettingsRachael>cd C:

    C:>C:> CONVERT C: /fs:ntfs
    'C:' is not recognized as an internal or external command,
    operable program or batch file.
    __________________________________________________ __________

    Sooooo, although I agree with you 100%, I'd like to give this one a little more time and see if I can't redeem it. This setup has 6 user accounts and it would be quite a chore retrieving all the documents, music, photos, etc., etc., from all of them. If you or anyone else would care to help me along with this, I'd greatly appreciate it. <img src=/S/grin.gif border=0 alt=grin width=15 height=15>

    Jeff
    Jeff
    simul iustus et peccator

  4. #4
    Uranium Lounger viking33's Avatar
    Join Date
    Jun 2002
    Location
    Cape Cod, Massachusetts, USA
    Posts
    6,308
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: Trying to salvage a badly infected system (XP Home SP-1)

    Jeff,
    You aren't putting the right hand arrow in your commands are you?
    It should be like <big>convert c: /fs:ntfs</big>
    BOB
    http://lounge.windowssecrets.com/S/flags/USA.gif http://lounge.windowssecrets.com/S/f...sachusetts.gif


    Long ago, there was a time when men cursed and beat on the ground with sticks. It was called witchcraft.
    Today it is called golf!

  5. #5
    Platinum Lounger
    Join Date
    Jan 2001
    Location
    Quedgeley, Gloucester, England
    Posts
    5,333
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: Trying to salvage a badly infected system (XP

    Jeff

    Can you install a second hard disk on that PC? If so, it might be worth installing to the new disk as C: and having the unhealthy disk available for copying files from as D:...

    That way you're guaranteed a clean install, and can retrieve some of the stuff from the other disk. (Once you have installed firewall, antivirus, antispyware, SP2, lots of other updates, etc etc, of course!)

    John
    <font face="Script MT Bold"><font color=blue><big><big>John</big></big></font color=blue></font face=script>

    Ita, esto, quidcumque...

  6. #6
    Silver Lounger
    Join Date
    Oct 2002
    Posts
    1,993
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Trying to salvage a badly infected system (XP

    Jeff,

    I agree with Bob; why not put the effort in saving as much data as possible, then do a clean install. Where is the problem with retrieving user data? I am normally not so keen on re-installing (and also like some challenge), but in some cases that is the best (and most professional) solution. Lately I have seen several examples where people somewhere in the repair process try to install a service pack, as if that would fix everything.

    As to "unknown" files, one often can compare the dates and maybe ask oneself or the one that is being helped: what did you do at that time (installing, downloading etc.).

    And as Bob mentioned, there is an extra "C:" at the command prompt. Don't rush things. <img src=/S/sorry.gif border=0 alt=sorry width=15 height=15>

    Regards,

    Argus

  7. #7
    Silver Lounger
    Join Date
    Jan 2001
    Location
    Swanzey, New Hampshire, USA
    Posts
    1,707
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Trying to salvage a badly infected system (XP

    Well, I am happy to report that my tenacity paid off and what I have is a near perfectly running machine..... one that was raised from its deathbed with the hopes that it will have a long and prosperous life. <IMG SRC=http://www.the-highway.com/Smileys/tease.gif>

    But I doubt the owner will really care that much and within a few months, I'll get another phone call from this individual crying the blues once again. <IMG SRC=http://www.the-highway.com/Smileys/ohno.gif>

    Was it all worth the hours and hours spent? <IMG SRC=http://www.the-highway.com/Smileys/Dunno3.gif> But as is typical, I learned some new things and I'm a better man for it. hehe

    Jeff
    Jeff
    simul iustus et peccator

  8. #8
    Uranium Lounger viking33's Avatar
    Join Date
    Jun 2002
    Location
    Cape Cod, Massachusetts, USA
    Posts
    6,308
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: Trying to salvage a badly infected system (XP

    Jeff,
    For the information of other loungers, why don't you post the solution or what you did to clear up the problem?
    Someone might have an identical problem and then say, " well what did he do?" <img src=/S/please.gif border=0 alt=please width=31 height=23>
    BOB
    http://lounge.windowssecrets.com/S/flags/USA.gif http://lounge.windowssecrets.com/S/f...sachusetts.gif


    Long ago, there was a time when men cursed and beat on the ground with sticks. It was called witchcraft.
    Today it is called golf!

  9. #9
    Silver Lounger
    Join Date
    Jan 2001
    Location
    Swanzey, New Hampshire, USA
    Posts
    1,707
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Trying to salvage a badly infected system (XP

    Bob,

    Normally I would do that as I greatly appreciate reading how others have resolved problems. But in this case, it would take a tome to list everything I did. What I will do, however, is list some of the fundamental things I did which would nearly always apply to any kind of problem. <img src=/S/grin.gif border=0 alt=grin width=15 height=15>

    1) Virus infection: Booted the PC with "Antivirus Boot CD" and ran a full system scan, allowing it to fix everything found. This allowed me to boot into Windows and install Kaspersky Antivirus Personal (undoubtedly the best AV I have used) and run another complete scan. FYI, KAV found dozens of additional items which the AV Boot CD didn't find.

    2) Antispyware/Malware: I installed and ran Ad-aware SE to clean out the virulents, which took quite some time since it found over 3000 items. I re-ran Ad-aware and it found more items. (Note: when I had finished with the general cleanup, I installed Microsoft Antispyware and let it do its thing, which took 8 hours to complete; it found another 3000 items.

    3) Temp files & other junk: I disabled System Restore. Then I installed CCleaner and ran both the "Cleaner" and "Issues" scans which cleaned out over 2 gigs of stuff. I then ran the inhouse "Disk Cleaner".

    4) Issues: Lots of time spent with Google and MSKB to find solutions to such problems as broken "Search", and other normal XP functions which no doubt were broken due to the vast amount of viruses, worms, trojans and spyware/malware on the system. Some fixes required the replacing of critical system files and components.

    5) Miscellaneous issues: Ran Hijackthis and removed any leftovers missed by the other utilities.

    6) Service Packs and Updates: It's ESSENTIAL to make sure that the system is virus and spyware free before attempting to install any patches or updates!!! Installed SP-1 from disk and ran through a brief running of various functions to be sure everything was working well. Installed SP-2 from my IT SP-2 disk and repeated the previous run-through.

    Part II to follow
    Jeff
    simul iustus et peccator

  10. #10
    Silver Lounger
    Join Date
    Jan 2001
    Location
    Swanzey, New Hampshire, USA
    Posts
    1,707
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Part II

    7) Installed MS Antispyware as previously mentioned and noted those items found and removed. Went back to Google and checked most of the items found by MS Antispyware to see if anyone suggested doing a manual check of the Registry for leftovers of the most stubborn ones along with any leftover files and/or folders on the drive. Having found several, I manually searched for and removed those items along with disabling and then removing some attached items in "Services".

    8) Windows Update: Visited Windows Update and installed the latest version of "Microsoft Update" and then did an automatic scan for needed updates which there were a few which I allowed to be downloaded and installed. Re-ran Microsoft Update the next day and got 6 more updates.

    9) Finishing up: Setup Windows Update, XP Firewall, and various other security settings. Configured various preferences for best performance of the disk both in the Bios and System Tools. Ran CCleaner one more time. Defragged the drive.

    10) Final run through: Opened most of the programs to be sure they worked as they should. Went online to test IE, etc. Shut her down and called the client to bring her checkbook and to plan to spend at least a half hour going over issues and tutorials. <IMG SRC=http://www.the-highway.com/Smileys/drop.gif>

    I think you will find that my procedure is what might be considered to be "standard", although some might disagree with the order of things done. What I can tell you is that my plan of attack worked well although it entailed over 30 hours of labour. It might be argued that doing an fdisk and reinstall would have been easier, and no doubt that assessment might be correct. However, there's no challenge to that and it must be not be forgotten, doing that would require the saving of all important data and installation and configuration of all the various programs, which might have required an equal amount of time.

    Jeff
    Jeff
    simul iustus et peccator

  11. #11
    Uranium Lounger viking33's Avatar
    Join Date
    Jun 2002
    Location
    Cape Cod, Massachusetts, USA
    Posts
    6,308
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: Trying to salvage a badly infected system (XP

    Jeff,

    <big>WOW!</big>

    You had to do all that to fix your problem?

    I understand that those are standard procedures to use for certain things, but ALL?
    I admire your persistence. Glad you are back up and running.
    BOB
    http://lounge.windowssecrets.com/S/flags/USA.gif http://lounge.windowssecrets.com/S/f...sachusetts.gif


    Long ago, there was a time when men cursed and beat on the ground with sticks. It was called witchcraft.
    Today it is called golf!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •