Sign in with
Sign up | Sign in
Your question

System attack

Last response: in Windows XP
Share
Anonymous
August 18, 2005 9:44:05 AM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Hello:
I'd appreciate some advice. My home system, running XP, have become subject
to some strange virus which prevents me from using anything except IE or
Outlook. When I boot the only icons which appear as ready are the IE and
outlook. If I try access anything else I get a screen saying windows cannot
find the application and a question if I want to search the net. I was able
to locate Spybot's and Addaware exec file's and run them and remove some
spyware but this didn't help. Now I cannot get to norton AV and am basically
frozen out. I've also tried safe mode to no effect.Any help would be greatly
appreciated.

More about : system attack

August 18, 2005 1:46:39 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Dan Ross wrote:

> Hello:
> I'd appreciate some advice. My home system, running XP, have become subject
> to some strange virus which prevents me from using anything except IE or
> Outlook. When I boot the only icons which appear as ready are the IE and
> outlook. If I try access anything else I get a screen saying windows cannot
> find the application and a question if I want to search the net. I was able
> to locate Spybot's and Addaware exec file's and run them and remove some
> spyware but this didn't help. Now I cannot get to norton AV and am basically
> frozen out. I've also tried safe mode to no effect.Any help would be greatly
> appreciated.

If you are unable to identify and remove the culprit, you could try
going to a previous restore point, but I highly doubt that would work.

Thus, I would say that your only course of action is to reinstall
Windows, run Windows updates, and reinstall your applications, including
your antivirus and antispyware applications. You will, of course, lose
all data on the PC, so backup your data to a CD or other medium before
reinstalling XP. Also be sure you have your Windows XP and applications
CDs and CD keys available before you reinstall Windows XP. You might
also want to download the latest XP drivers for your PC and its
peripherals, such as the modem, NIC, printer, and video adapter.

To minimize the chance of re-infection, use a friend's PC and download
Windows updates to a CD(s) and download your virus definitions and
install them before connecting to your ISP.

Once done, and it is running properly, a good habit to get into is to
login to the PC with an account that doesn't have administrator
privileges, to minimize the damage that a rogue application (such as
spyware) might do.

--
The reader should exercise normal caution and backup the Registry and
data files regularly, and especially before making any changes to their
PC, as well as performing regular virus and spyware scans. I am not
liable for problems or mishaps that occur from the reader using advice
posted here. No warranty, express or implied, is given with the posting
of this message.
Anonymous
August 18, 2005 3:03:30 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Dan

If you are still able, download and run McAfee Stinger..

http://vil.nai.com/vil/stinger/



Another alternative is ..



http://housecall.trendmicro.com/housecall/start_corp.as...



These programs will be unaffected by any incumbent virus..



Report back here and tell us if it worked..




--
Mike Hall
MVP - Windows Shell/User



"Dan Ross" <Dan Ross@discussions.microsoft.com> wrote in message
news:41721CB2-C7F5-4C48-AEC1-BE046CA0BA69@microsoft.com...
> Hello:
> I'd appreciate some advice. My home system, running XP, have become
> subject
> to some strange virus which prevents me from using anything except IE or
> Outlook. When I boot the only icons which appear as ready are the IE and
> outlook. If I try access anything else I get a screen saying windows
> cannot
> find the application and a question if I want to search the net. I was
> able
> to locate Spybot's and Addaware exec file's and run them and remove some
> spyware but this didn't help. Now I cannot get to norton AV and am
> basically
> frozen out. I've also tried safe mode to no effect.Any help would be
> greatly
> appreciated.
Related resources
Anonymous
August 19, 2005 12:20:14 AM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

"Dan Ross" <Dan Ross@discussions.microsoft.com> wrote:

>Hello:
>I'd appreciate some advice. My home system, running XP, have become subject
>to some strange virus which prevents me from using anything except IE or
>Outlook. When I boot the only icons which appear as ready are the IE and
>outlook. If I try access anything else I get a screen saying windows cannot
>find the application and a question if I want to search the net. I was able
>to locate Spybot's and Addaware exec file's and run them and remove some
>spyware but this didn't help. Now I cannot get to norton AV and am basically
>frozen out. I've also tried safe mode to no effect.Any help would be greatly
>appreciated.

Do you have another functioning computer that is also running Windows
XP?

If so then one option for cleaning up your problem machine is to
remove the hard drive and install it temporarily as a second hard
drive in the good machine.

If you use the secondary IDE controller in the good machine for the
temporary hard drive then this will avoid any complications with
master/slave jumper settings. Normally the secondary IDE controller
is used for the CD and/or DVD drives so unplug the power and data
cables from these drives and use them to connect up the hard drive
from the problem computer.

Boot the good computer, with both hard drives installed, and run a
variety of antivirus and spyware scans on the drive from the problem
computer. That should clean it up, at least enough to allow it to
boot properly when put back into its own machine where the final
cleanups can be run.

Good luck

Ron Martell Duncan B.C. Canada
--
Microsoft MVP
On-Line Help Computer Service
http://onlinehelp.bc.ca

In memory of a dear friend Alex Nichol MVP
http://aumha.org/alex.htm
Anonymous
August 22, 2005 6:44:12 AM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

I'm going to assume you are profeceint with windows, so some of the "Click
Ok"'s are left off. Spyware and viruses have a way of placing themselves in
the exclude list for lots and lots of software. To prevent this, you need to
run the software as soon as you install it.

On a 'clean' PC re-download
spybot and the includes
Msft's Anti-Spyware
You might also want to check out
http://www.wilderssecurity.net
for spyguard and spyblaster.
Don't forget FireFox
Get powertoys tweakUI from the msft site, disable 'parse autoexec.bat',
unless you upgraded from Win9x, c:\autoexec.bat should have size 0 (if it
does, then delete autoexec.bat).

Your AV software with the updates

Don't forget to donate (to the shareware companies [not microsoft] ... and
actually purchase msft software)

Burn the software to a CD

On your infected PC disconnect from the internet
Next, uninstall all anti-virus and spyware protection
reboot into safe mode

INSIDE SAFE MODE
Clean out suspects
Click start | run type 'inetcpl.cpl', click ok
Delete Cookies, Files (as well as offline), Clear Histroy
Click Settings, Click View Objects, Right-Click each item and then select
remove

Start | My Computer
For each drive, click and press ALT+ENTER
Check Everything, except for Office and Compress DON'T CLICK OK
Click More Options, Click the System Restore Clean Up.. Button, click yes
Click OK

click start | Run type 'cleanmgr.exe /sageset:101'
check everything, except for Office Setup Files (if you have it) and
Compress old files
Click Ok
Click start | run type 'cleanmgr.exe /sagerun:101'

***
A better way:
Search your hard drive for cache, cookie, content.ie5, history, recent,
temp, tmp
delete the contents of each folder NOT THE FOLDERS
***

Now install spyguard and spyblaster (enable all protection/protect against
items)

Now install Spybot, Don't update or back up the registry, but immunize
When the teaTimer prompts you, don't select remeber
Click Mode | Advanced
Click the Immunize button, Click the Immunize Button at the top
Click Settings Bar,
Click the settings label, Check All
Click Directories, right-click the window and add a directory
You add everything except for system volume information<-KEY STEP HERE
then you add c:\ as the last one
Click Ignore Products
For each Tab Right-Click in the window select Deselect All <-KEY STEP HERE
Click the Tools Bar
Check Hosts File, ActiveX, BHO's, System Startup
Under ActiveX, only java, spybot, spyguard, spyblaster, acrobat
Under BHO, only java, spybot, spyguard, spyblaster, acrobat
Under Hosts File, Click Add Spybot-s&d hosts list at the top

Click File | Check for problems
smok'em if you got'um (15-45+ minutes)

Close Spybot
Install the updates

ReInstall Spybot
Go though above again <-KEY STEP HERE

Now Install Msft Anti-Spyware beta
Run Scans upon install
Run Anti-Spyware beta after install
Click Spyware Scan
Click Scan Options
Check full system scan, run scan now, come back in 10 minutes

If you're lucky, you will be prompted to have spybot run again at start up.
After it runs in the normal gui, you can right-click the entries and select
exclude from detection (you should also do this for the
Settings\IgnoreProducts\Security.sbi Windows Security Center.whatever)

Click Advananced tools, click system explorers
Click Networking\Windows Hosts File
Everything with 127.0.0.1 is ok, anything else, remove (could have done this
in spybot, but msft has nice red x's)
You might want to check the start up, for that matter, just uncheck everything

Now install your anti-virus
Run the check,
install updates, install the software again, install updates and run

Upon rebooting, either Msft Anti-Spy or spybot will prompt you about things
trying to be installed ~ this is the virus/spyware, so don't allow it, but
have it cleaned.

Connect to the Internet

Update:
Spybot, Spyguard, Spyblaster, Anti-Spyware, your AV,
Check the settings, and then rerun your scans.
If you disabled start up items, re-enable, then reboot

Now Connect to the WindowsUpdate site, and update. Click Start | All
Programs | Microsoft Office | Msft Office Tools | App recovery

Go to office.microsoft.com and have it run a check for updates; you might
want to re-apply the latest service pack.

Your system should now be clean ~ takes 4+ hours
!