XP Home infected , cannot restore

CuMorrigu had written this in response to
http://www.secure-gear.com/antivirus/XP-Home-infected-cannot-restore-32744-.htm
 :
What I would do is boot from a jump drive into another OS and delete some
of the files off of it that way.

UBCD4Win (http://www.ubcd4win.com ) has a utility in the install directory
that will let you create a USB drive that you can boot off of and run win.
 I believe you can even modify it to run AV

If you like linux, Fedora has a new tool out that will do the same thing,
expect with linux. (https://fedorahosted.org/liveusb-creator/ )

I would reccomend ClamAV for the Linux distro, it's free and it's good.

Once you are booted off of the jump drive run the A/V scan that comes with
it on you internal HDD and clean it up that way.

That is all if you can't get into the HDD.  Once you do get into the HDD,
try running TrendMicro's Houscall (http://housecall.trendmicro.com/ ) and
Kaspersky's (it's down right now) online A/V tool.  The reason I like
running the online programs for cleaning an infected machine is that 1)
you know it's going to be clean 2) you can run multiple programs w/o
having to worry about installing them on your machine (you can only have
one A/V program)

Once I get the online A/V scans done I install my A/V program, I usually
use either AVG Free (http://free.avg.com/us-en/homepage ) or the A/V
program included in Iolo's System Mechanic Pro (http://www.iolo.com/ ).  I
REALLY like Iolo, lots of great tools to help you out for a not too bad
price.  I also know that used to (don't know if this still works) if you
downloaded the demo and then bought the product through the demo, you
could save like half of the price.

Once you get all of that done, it's time for the Malware scanners.  I
usually use a cocktail, Adaware by Lavasoft, Spybot Search and Destroy and
Windows Defender.  With those three you'll catch just about everything.  I
then usually leave Spybot SnD on there, it's got some useful tools under
the advanced settings.

CuMo


-------------------------------------
tommy wrote:

...and *then* flatten and rebuild?

On Fri, 16 Oct 2009 09:42:51 -0500, "tommy"


When are people going to learn to get themselves a program like Acronis
True Image,  or some other which backs up the entire disk,  and use it
immediately after installing Windows, and then make incremental backups
as they install more software.  It is such a simple solution to this
horrible problem of computers being turned into paperweights by malware.

Yes, I know it's hindsight in this case, but maybe someone will get a
hint from this and install True Image or Norton's Ghost *before* the
same happens to them.  Everybody on Usenet is not an old hand. There are
such things as newbies.

tommy wrote:

Had the same problem, managed to cure the system 99.99% (the "Turn
computer off" button is still not visible on the welcome screen). It
took me the better part of two _long_ days.  But I'll tell you, it's
better to flatten and rebuild. So that's what I recommend.

You may be able to boot off an external drive, CD/DVD, or USB stick, and
burn data to a DVD or two. If so, don't be tempted to repair.

FWIW, Stopzilla found and repaired the corrupted registry entries, after
which other anti-malware programs functioned. I would _not_ recommend
Stopzilla as a regular AV program; it's close to being malware itself.

When you do rebuild then:
a)  create a data partition, and save _all_ data on it. Modify
applications default settings to save to suitable folders on that data
expeditionary, and/or do a manual copy from My Documents and the other
stoopid default data locations.

b) get a partition backup program, and create system partition images at
regular intervals.

HTH
wolf k.

tommy wrote:

<~~~>


I didn't think the group policy editor came in the home edition,
unless you put it in later as I did http://tinyurl.com/gpedit-msc  


Lots of BHO's aren't unusual?

ASCII wrote:

if you want to see it [ I know this isn't the usual place to post it ]

here it is, see if you see anything [ sending to your email addr ]

tommy wrote:

As many who frequent this and other fora populated with the more esoteric
elements of usenet, I employ a bogus email addy, as you probably have found out
by now.
FWIW: I use HJT to delete "fix' any BHOs that appear,
usually after a new or re-installation of the OS.
IOW: there aren't any on my system, even one is too many.

tommy wrote:

I am now running Sophos under Multi-AV. I tricked the virus again by
changing the name of Startmenu to Startmenu2 after copying the AV-CLS folder
to the target. Its been hours. I am going to try them all, but since MBAM
usually gets this stuff, I will be amazed if its cleared up the whole
problem..

tommy wrote:

Sophos found nothing except some [ minor?] corrupted files. > 8 hrs scanning
Trend found 1 [ minor? ] spyware item . Still no improvement.
I am going to try searching for registry items after McAfee and KAV
MultiAV is a nice idea.

I suspect that Ialdabaoth created Imperfection so that on this day Sun, 18 Oct
2009 09:26:54 -0500, one purporting to be "tommy"


It must be obvious to you by now that you are in the company of some
very very strange people! Would you trust advice from the local village
idiot? You are now in the company of a cyberspace version of a
village community, complete with a troupe of performing idiots!

Now! See you all have a nuce day.

Jerry.
.
--------------------------
The Internet will become the
Sacred Sanctuary for Nutters and Idiots.
(Michel Nostradamus, December 14, 1503, July 2, 1566).
--------------------------

On Sun, 18 Oct 2009 17:55:01 +0200 (CEST), noauth


Vira is mutiple of virum.
Viri is multiple of virus.
(that is to say in old Rome about 70 years B.C.)

I do not know what a "virum" is (or was).

--
Fred W. (NL)

| On Sun, 18 Oct 2009 17:55:01 +0200 (CEST), noauth



| Wrong.


| Viri is multiple of virus.


No.
http://homepages.tesco.net/~J.deBoynePollard/FGA/plural-of-virus.html
http://linuxmafia.com/~rick/faq/plural-of-virus.html

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp  

David H. Lipman wrote:

Hoc verbum spero ultimum esse.

wolf k.

I assume that the last word will never be said.
 ;-)

--
Fred W. (NL)

On Sun, 18 Oct 2009 12:47:56 -0400, "David H. Lipman"


[Selective quote repaired]



You refer to the present time called "modern English".

I told:  "In old Rome about 70 years B.C."
(and I also do not know what a "virus" was at the time of Emperor
Augustus.)
 :-))

But I quite agree, we live in the present times.
Ancient Rome is gone (as are the emperors).
Talking in an old no longer "living" language does not make sense.

I agree that "virii", "viri" and "fora" are silly words.
One should just "form the plural in the normal manner used for other
English words."
 :-)

--
Fred W. (NL)

I suspect that Ialdabaoth created Imperfection so that on this day Sun, 18 Oct
write :


Tell The Pope that.
He employs a team of Latin Secretaries! (All male)
His Holiness communicates to the world in Latin.

Jerry

IOW (a looong time ago, I asked):

[ quot,names "X"-d ]
Hi J,

There is no plural attested in Latin. It's an odd form, virus-
viri-neuter, (the neuter is hard to parallel, maybe analogized
to venenum-veneni-neuter [regular] = poison) which would never
give a plural virii. So viruses it is!

All best, Xxx

X.Y.Z.
Professor of Greek and Latin
Chair, Department of the Classics
Ivy L. U.
[ /quot ]

J
--
Replies to: Nherr1professor2doktor31109(at)Oyahoo(dot)Tcom

GOOD ONE!