System attack

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Hello:
I'd appreciate some advice. My home system, running XP, have become subject
to some strange virus which prevents me from using anything except IE or
Outlook. When I boot the only icons which appear as ready are the IE and
outlook. If I try access anything else I get a screen saying windows cannot
find the application and a question if I want to search the net. I was able
to locate Spybot's and Addaware exec file's and run them and remove some
spyware but this didn't help. Now I cannot get to norton AV and am basically
frozen out. I've also tried safe mode to no effect.Any help would be greatly
appreciated.
4 answers Last reply
More about system attack
  1. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    Dan Ross wrote:

    > Hello:
    > I'd appreciate some advice. My home system, running XP, have become subject
    > to some strange virus which prevents me from using anything except IE or
    > Outlook. When I boot the only icons which appear as ready are the IE and
    > outlook. If I try access anything else I get a screen saying windows cannot
    > find the application and a question if I want to search the net. I was able
    > to locate Spybot's and Addaware exec file's and run them and remove some
    > spyware but this didn't help. Now I cannot get to norton AV and am basically
    > frozen out. I've also tried safe mode to no effect.Any help would be greatly
    > appreciated.

    If you are unable to identify and remove the culprit, you could try
    going to a previous restore point, but I highly doubt that would work.

    Thus, I would say that your only course of action is to reinstall
    Windows, run Windows updates, and reinstall your applications, including
    your antivirus and antispyware applications. You will, of course, lose
    all data on the PC, so backup your data to a CD or other medium before
    reinstalling XP. Also be sure you have your Windows XP and applications
    CDs and CD keys available before you reinstall Windows XP. You might
    also want to download the latest XP drivers for your PC and its
    peripherals, such as the modem, NIC, printer, and video adapter.

    To minimize the chance of re-infection, use a friend's PC and download
    Windows updates to a CD(s) and download your virus definitions and
    install them before connecting to your ISP.

    Once done, and it is running properly, a good habit to get into is to
    login to the PC with an account that doesn't have administrator
    privileges, to minimize the damage that a rogue application (such as
    spyware) might do.

    --
    The reader should exercise normal caution and backup the Registry and
    data files regularly, and especially before making any changes to their
    PC, as well as performing regular virus and spyware scans. I am not
    liable for problems or mishaps that occur from the reader using advice
    posted here. No warranty, express or implied, is given with the posting
    of this message.
  2. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    Dan

    If you are still able, download and run McAfee Stinger..

    http://vil.nai.com/vil/stinger/


    Another alternative is ..


    http://housecall.trendmicro.com/housecall/start_corp.asp


    These programs will be unaffected by any incumbent virus..


    Report back here and tell us if it worked..


    --
    Mike Hall
    MVP - Windows Shell/User


    "Dan Ross" <Dan Ross@discussions.microsoft.com> wrote in message
    news:41721CB2-C7F5-4C48-AEC1-BE046CA0BA69@microsoft.com...
    > Hello:
    > I'd appreciate some advice. My home system, running XP, have become
    > subject
    > to some strange virus which prevents me from using anything except IE or
    > Outlook. When I boot the only icons which appear as ready are the IE and
    > outlook. If I try access anything else I get a screen saying windows
    > cannot
    > find the application and a question if I want to search the net. I was
    > able
    > to locate Spybot's and Addaware exec file's and run them and remove some
    > spyware but this didn't help. Now I cannot get to norton AV and am
    > basically
    > frozen out. I've also tried safe mode to no effect.Any help would be
    > greatly
    > appreciated.
  3. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    "Dan Ross" <Dan Ross@discussions.microsoft.com> wrote:

    >Hello:
    >I'd appreciate some advice. My home system, running XP, have become subject
    >to some strange virus which prevents me from using anything except IE or
    >Outlook. When I boot the only icons which appear as ready are the IE and
    >outlook. If I try access anything else I get a screen saying windows cannot
    >find the application and a question if I want to search the net. I was able
    >to locate Spybot's and Addaware exec file's and run them and remove some
    >spyware but this didn't help. Now I cannot get to norton AV and am basically
    >frozen out. I've also tried safe mode to no effect.Any help would be greatly
    >appreciated.

    Do you have another functioning computer that is also running Windows
    XP?

    If so then one option for cleaning up your problem machine is to
    remove the hard drive and install it temporarily as a second hard
    drive in the good machine.

    If you use the secondary IDE controller in the good machine for the
    temporary hard drive then this will avoid any complications with
    master/slave jumper settings. Normally the secondary IDE controller
    is used for the CD and/or DVD drives so unplug the power and data
    cables from these drives and use them to connect up the hard drive
    from the problem computer.

    Boot the good computer, with both hard drives installed, and run a
    variety of antivirus and spyware scans on the drive from the problem
    computer. That should clean it up, at least enough to allow it to
    boot properly when put back into its own machine where the final
    cleanups can be run.

    Good luck

    Ron Martell Duncan B.C. Canada
    --
    Microsoft MVP
    On-Line Help Computer Service
    http://onlinehelp.bc.ca

    In memory of a dear friend Alex Nichol MVP
    http://aumha.org/alex.htm
  4. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    I'm going to assume you are profeceint with windows, so some of the "Click
    Ok"'s are left off. Spyware and viruses have a way of placing themselves in
    the exclude list for lots and lots of software. To prevent this, you need to
    run the software as soon as you install it.

    On a 'clean' PC re-download
    spybot and the includes
    Msft's Anti-Spyware
    You might also want to check out
    http://www.wilderssecurity.net
    for spyguard and spyblaster.
    Don't forget FireFox
    Get powertoys tweakUI from the msft site, disable 'parse autoexec.bat',
    unless you upgraded from Win9x, c:\autoexec.bat should have size 0 (if it
    does, then delete autoexec.bat).

    Your AV software with the updates

    Don't forget to donate (to the shareware companies [not microsoft] ... and
    actually purchase msft software)

    Burn the software to a CD

    On your infected PC disconnect from the internet
    Next, uninstall all anti-virus and spyware protection
    reboot into safe mode

    INSIDE SAFE MODE
    Clean out suspects
    Click start | run type 'inetcpl.cpl', click ok
    Delete Cookies, Files (as well as offline), Clear Histroy
    Click Settings, Click View Objects, Right-Click each item and then select
    remove

    Start | My Computer
    For each drive, click and press ALT+ENTER
    Check Everything, except for Office and Compress DON'T CLICK OK
    Click More Options, Click the System Restore Clean Up.. Button, click yes
    Click OK

    click start | Run type 'cleanmgr.exe /sageset:101'
    check everything, except for Office Setup Files (if you have it) and
    Compress old files
    Click Ok
    Click start | run type 'cleanmgr.exe /sagerun:101'

    ***
    A better way:
    Search your hard drive for cache, cookie, content.ie5, history, recent,
    temp, tmp
    delete the contents of each folder NOT THE FOLDERS
    ***

    Now install spyguard and spyblaster (enable all protection/protect against
    items)

    Now install Spybot, Don't update or back up the registry, but immunize
    When the teaTimer prompts you, don't select remeber
    Click Mode | Advanced
    Click the Immunize button, Click the Immunize Button at the top
    Click Settings Bar,
    Click the settings label, Check All
    Click Directories, right-click the window and add a directory
    You add everything except for system volume information<-KEY STEP HERE
    then you add c:\ as the last one
    Click Ignore Products
    For each Tab Right-Click in the window select Deselect All <-KEY STEP HERE
    Click the Tools Bar
    Check Hosts File, ActiveX, BHO's, System Startup
    Under ActiveX, only java, spybot, spyguard, spyblaster, acrobat
    Under BHO, only java, spybot, spyguard, spyblaster, acrobat
    Under Hosts File, Click Add Spybot-s&d hosts list at the top

    Click File | Check for problems
    smok'em if you got'um (15-45+ minutes)

    Close Spybot
    Install the updates

    ReInstall Spybot
    Go though above again <-KEY STEP HERE

    Now Install Msft Anti-Spyware beta
    Run Scans upon install
    Run Anti-Spyware beta after install
    Click Spyware Scan
    Click Scan Options
    Check full system scan, run scan now, come back in 10 minutes

    If you're lucky, you will be prompted to have spybot run again at start up.
    After it runs in the normal gui, you can right-click the entries and select
    exclude from detection (you should also do this for the
    Settings\IgnoreProducts\Security.sbi Windows Security Center.whatever)

    Click Advananced tools, click system explorers
    Click Networking\Windows Hosts File
    Everything with 127.0.0.1 is ok, anything else, remove (could have done this
    in spybot, but msft has nice red x's)
    You might want to check the start up, for that matter, just uncheck everything

    Now install your anti-virus
    Run the check,
    install updates, install the software again, install updates and run

    Upon rebooting, either Msft Anti-Spy or spybot will prompt you about things
    trying to be installed ~ this is the virus/spyware, so don't allow it, but
    have it cleaned.

    Connect to the Internet

    Update:
    Spybot, Spyguard, Spyblaster, Anti-Spyware, your AV,
    Check the settings, and then rerun your scans.
    If you disabled start up items, re-enable, then reboot

    Now Connect to the WindowsUpdate site, and update. Click Start | All
    Programs | Microsoft Office | Msft Office Tools | App recovery

    Go to office.microsoft.com and have it run a check for updates; you might
    want to re-apply the latest service pack.

    Your system should now be clean ~ takes 4+ hours
Ask a new question

Read More

Internet Explorer Windows XP