Archived from groups: microsoft.public.windowsxp.newusers (
More info?)
Bloodhound.W32.E.P. and 4 variations. I had Norton 2004 Norton quaranteened
and then I used AVG Premium to clean it. I then uninstalled Norton but did
not remove all symantec files. Thanks for the response both of you I now have
enough to keep me busy a while, I will as a last resort reinstall a clean
copy of Windows. By the way when I did the repair of the existing windows
installation it saved my files and you are right it repaired with a built in
sp1 while sp2 had not been cleanly removed. Everything else works so I will
try to remove the system restore files and see what happens, I will keep
updat ing this response until I/we get it resolved. ra42grif
"Vanguard" wrote:
> "ra42grif" <ra42griffin(removethis)@hot.rr.com> wrote in message
> news
B5753E6-BE50-4225-9E80-64EEBFA3170F@microsoft.com...
> > dell pc with windows xp pro, pentium 4 2.8, 512 mb DDR SDram.
> > After recovery from a new trojan virus, several functions would not
> > work ,
> > internet explorer browser for one. I then used the mfg installation
> > disk
> > which contained my copy of windows xp pro and used the repair an xp
> > installation feature, not the console, and everything seems to
> > function, but
> > SP2 installation fails either from download or from the disk, I get an
> > error
> > message (access denied}. In using an information diasgnostic tool it
> > say's
> > that SP2 is installed, but it is not evident in the add/remove
> > programs list.
> > Is there a documentation for manually removing all traces of SP2 so
> > that it
> > can then be reinstalled, Or is it possible that there is a backup of
> > the
> > virus in system restore? I have not disabled the system restore
> > feature.
> > --
> > just learning the hard way
>
>
> Which trojan did you get hit with and what did you do or use to remove
> it? Some anti-spyware programs keep a backup snapshot which lets you
> undo their changes. You end up with what you had before (you're
> infected again) but the system works again and you can attempt more
> research on the infection before trying to eradicate it again. However,
> since you have tried to using the Repair from the Mfr's install CD, the
> system may not be in a state that the restore from the anti-spyware
> program can return into a working state. You never said what you used
> to eradicate the trojan, or even if it was a trojan, virus, spyware,
> adware, or what. The eradicator tool you used might only know what is
> the trojan and not everything else it changed. For example (but not of
> a virus or trojan, in this case), when you install Norton AntiVirus
> (NAV), it will change the registry entries for scripting to point at its
> module and the registry entry for its module will then point at the
> modules for scripting. This is how NAV does its script blocking. If
> you remove NAV using something else than its uninstall program, these
> registry entries may not get unchained and so you're left with scripting
> that won't work.
>
> You didn't mention what "functions" no longer worked. If the problem is
> with connectivity, it could be that removing the trojan resulted in a
> corrupted chaining of LSPs (layered service providers) which prevents
> proper operation of TCP; see http://www.cexx.org/lspfix.htm. Be sure to
> read the readme.txt file that comes with it on how to use it. Like
> using regedit, this is digging into your system and can be hazardous.
> If you put this on your system, do NOT put a shortcut to it in the Start
> menu that anyone can see (i.e., only put it in admin profile's Start
> menu) and put its file in a path that requires admin priviliges to read
> it, like under the Administrator's %userprofile% path, or change
> permissions on the folder containing it so only administrators can run
> this program.
>
> You had Service Pack 2 installed in your instance of Windows XP. You
> did a repair using the Mfr install CD. It doesn't sound like it was a
> drive image because that would have overwritten and wiped out everything
> in the OS partition to the same state as how the Mfr delivers the system
> (I'm presuming all your data is there and anything else you installed
> after getting the computer). That probably did not have Service Pack 2
> slipstreamed into it, so you might've been using a SP-1 version of
> Windows to repair a SP-2 instance of Windows. Because the
> manufacturer-customized version of Windows that comes with Dell (and
> other brands) is not a Microsoft-standard installation CD, I'm not sure
> that you can slipstream a service pack into it. You could make a copy
> of the CD and try slipstreaming SP-2 into the copy
> (http://www.winsupersite.com/showcase/windowsxp_sp2_slipstream.asp).
> Then try the Repair again now with the SP-2 version of Windows on the
> CD-R[W] to repair your SP-2 patched instance of Windows XP. If trying
> to slipstream in SP-2 into the Mfr-customized version of Windows doesn't
> work, you might see if you can remove SP-2 from your installed instance
> of Windows XP; see http://support.microsoft.com/?id=875350.
>
> If nothing works to get you into a working state for the instance of
> Windows that is installed, trojaned, had the trojan removed somehow but
> broke some "functions", and a Repair was performed but which might not
> have matched on the service pack level, you might end up having to save
> all your data and do a fresh install of Windows XP. Unless using the
> trojan extractor tool's restore, reapplying SP-2, or LSPfix gives you a
> quick fix, often it takes less time to save your data and wipe the
> partition to do a fresh install of the OS and your applications than to
> repair your system from a poor trojan eradication.
>
> You might also try asking in newsgroups more focused on trojans and
> malware, like:
>
> alt.comp.virus
> alt.comp.anti-virus.
> alt.privacy.spyware
>
> --
> _________________________________________________________________
> Post your replies to the newsgroup. Share with others.
> E-mail: vanguard_help AT yahoo.com (append "#NEWS#" to Subject)
> _________________________________________________________________
>
>