Hello

I"m working on a PC with terrible virus issues. When booted normally, the
Start bar and desktop icons flash on then off every ~60 seconds, and the
system will not allow interaction with apps like Windows Explorer. When I do
Ctrl-Alt-Del TaskMgr comes up and I can see lots of unfamiliar apps taking a
lot of CPU time. I can't launch aps from TaskMgr.

When booted in Safe Mode, the GUI doesn't work. When booted in Safe Mode
Command Line, I can interact with the system for 1-2 minutes, then it
displays a warning about low system resources and responds slowly, then 1-2
min later it blue screens.

The result is that I can't run any antivirus apps to clean it. At this
point I think I'll settle for using Recovery Console to copy off irreplacable
files, format and reload.

Any other suggestions?

Thanks - Dave

"Dave" <(E-Mail Removed)> wrote in message
news:B2FECCD3-ED85-40FF-9D8E-(E-Mail Removed)...
> Hello
>
> I"m working on a PC with terrible virus issues. When booted normally, the
> Start bar and desktop icons flash on then off every ~60 seconds, and the
> system will not allow interaction with apps like Windows Explorer. When I
> do
> Ctrl-Alt-Del TaskMgr comes up and I can see lots of unfamiliar apps taking
> a
> lot of CPU time. I can't launch aps from TaskMgr.
>
> When booted in Safe Mode, the GUI doesn't work. When booted in Safe Mode
> Command Line, I can interact with the system for 1-2 minutes, then it
> displays a warning about low system resources and responds slowly, then
> 1-2
> min later it blue screens.
>
> The result is that I can't run any antivirus apps to clean it. At this
> point I think I'll settle for using Recovery Console to copy off
> irreplacable
> files, format and reload.
>
> Any other suggestions?
>
> Thanks - Dave
>

There is a misunderstanding here. The primary purpose of anti-virus programs
is to *prevent* an infection. Most have an ability to repair some of the
damage done by viruses but there is no guarantee here. Sometimes it works,
sometimes it doesn't. Here are a couple of options:
- Connect the disk as a slave disk (or in a USB disk case) to another WinXP
PC, then try to repair the damage there.
- Boot the machine with your WinXP CD, allow the disk to be formatted, then
reload Windows.

Note also:
- It is unlikely that you can repair the machine while in Recovery Console
mode.
- If you go for the format option, you will lose all personal files.
- If this was my machine then I would consider it compromised. I would
reload Windows.

There is a very good chance that you are seeing the effects of a hijackware
infection!

NB: If you have no anti-virus application installed or the subscription has
expired and/or the machine's not been kept fully-patched at Windows Update,
don't waste your time with any of the below: Format & reinstall Windows. A
Repair Install will NOT help!.

1. See if you can download/run the MSRT manually:
http://www.microsoft.com/security/ma...e/default.mspx

NB: Run the FULL scan, not the QUICK scan! You may need to download the
MSRT on a non-infected machine, then transfer MRT.EXE to the infected
machine and rename it to SCAN.EXE before running it.

2. [WinXP ONLY!! =>] Run the Windows Live Safety Center's 'Protection' scan
(only!) in Safe Mode with Networking, if need be:
http://onecare.live.com/site/en-us/center/howsafe.htm

3. Run a /thorough/ check for hijackware, including posting the requested
logs in an appropriate forum, not here.

Checking for/Help with Hijackware
http://aumha.net/viewtopic.php?f=30&t=4075
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/data/prevention.htm
http://inetexplorer.mvps.org/tshoot.html
http://www.mvps.org/sramesh2k/Malware_Defence.htm
http://www.elephantboycomputers.com/...moving_Malware

**Seek expert assistance in
http://spywarehammer.com/simplemachi...php?board=10.0,
http://forums.spybot.info/forumdisplay.php?f=22,
http://www.dslreports.com/forum/cleanup, http://aumha.net/viewforum.php?f=30
or other appropriate forums.**

If the procedures look too complex - and there is no shame in admitting this
isn't your cup of tea - take the machine to a local, reputable and
independent (i.e., not BigBoxStoreUSA) computer repair shop.
--
~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002


Dave wrote:
> I"m working on a PC with terrible virus issues. When booted normally, the
> Start bar and desktop icons flash on then off every ~60 seconds, and the
> system will not allow interaction with apps like Windows Explorer. When I
> do Ctrl-Alt-Del TaskMgr comes up and I can see lots of unfamiliar apps
> taking a lot of CPU time. I can't launch aps from TaskMgr.
>
> When booted in Safe Mode, the GUI doesn't work. When booted in Safe Mode
> Command Line, I can interact with the system for 1-2 minutes, then it
> displays a warning about low system resources and responds slowly, then
> 1-2
> min later it blue screens.
>
> The result is that I can't run any antivirus apps to clean it. At this
> point I think I'll settle for using Recovery Console to copy off
> irreplacable files, format and reload.
>
> Any other suggestions?
>
> Thanks - Dave

Pegasus,

Thanks for the quick response. The PC was running McAfee -- I don't know
what happened.

Do you know if Recovery Console will work with a USB drive? If it does, it
will save the time and risk of taking the drive out and trying to access it
from a different system. If Recovery Console doesn't support USB drives, is
there any other way to copy the files off the hard drive before
formatting/reloading?

Thanks again -- Dave


"Pegasus [MVP]" wrote:

>
> "Dave" <(E-Mail Removed)> wrote in message
> news:B2FECCD3-ED85-40FF-9D8E-(E-Mail Removed)...
> > Hello
> >
> > I"m working on a PC with terrible virus issues. When booted normally, the
> > Start bar and desktop icons flash on then off every ~60 seconds, and the
> > system will not allow interaction with apps like Windows Explorer. When I
> > do
> > Ctrl-Alt-Del TaskMgr comes up and I can see lots of unfamiliar apps taking
> > a
> > lot of CPU time. I can't launch aps from TaskMgr.
> >
> > When booted in Safe Mode, the GUI doesn't work. When booted in Safe Mode
> > Command Line, I can interact with the system for 1-2 minutes, then it
> > displays a warning about low system resources and responds slowly, then
> > 1-2
> > min later it blue screens.
> >
> > The result is that I can't run any antivirus apps to clean it. At this
> > point I think I'll settle for using Recovery Console to copy off
> > irreplacable
> > files, format and reload.
> >
> > Any other suggestions?
> >
> > Thanks - Dave
> >
>
> There is a misunderstanding here. The primary purpose of anti-virus programs
> is to *prevent* an infection. Most have an ability to repair some of the
> damage done by viruses but there is no guarantee here. Sometimes it works,
> sometimes it doesn't. Here are a couple of options:
> - Connect the disk as a slave disk (or in a USB disk case) to another WinXP
> PC, then try to repair the damage there.
> - Boot the machine with your WinXP CD, allow the disk to be formatted, then
> reload Windows.
>
> Note also:
> - It is unlikely that you can repair the machine while in Recovery Console
> mode.
> - If you go for the format option, you will lose all personal files.
> - If this was my machine then I would consider it compromised. I would
> reload Windows.
>
>
>

"Dave" <(E-Mail Removed)> wrote in message
news:B2FECCD3-ED85-40FF-9D8E-(E-Mail Removed)...
> Hello
>
> I"m working on a PC with terrible virus issues. When booted normally, the
> Start bar and desktop icons flash on then off every ~60 seconds, and the
> system will not allow interaction with apps like Windows Explorer. When I
> do
> Ctrl-Alt-Del TaskMgr comes up and I can see lots of unfamiliar apps taking
> a
> lot of CPU time. I can't launch aps from TaskMgr.
>
> When booted in Safe Mode, the GUI doesn't work. When booted in Safe Mode
> Command Line, I can interact with the system for 1-2 minutes, then it
> displays a warning about low system resources and responds slowly, then
> 1-2
> min later it blue screens.
>
> The result is that I can't run any antivirus apps to clean it. At this
> point I think I'll settle for using Recovery Console to copy off
> irreplacable
> files, format and reload.

Yes. Don't bother woth the recovery console, as in its default state it
won't give you access to user files.

Instead, remove the drive, attach it to another *protected* XP system with
enough space, and copy the files off. If you're going to wipe it, remove
the partition while it's connected this way, it will save you a step later.

You might also want to try scanning the drive from that other system, first
locating and clearing all of the Temp and Temporary Internet Files folders.
That alone may take you a very long way towards fixing it, though it's
likely that malware will have been copied to the windows\system32 folders
from their launchers in the TIF folders.

HTH
-pk

>
> Any other suggestions?
>
> Thanks - Dave
>

Robear,

Thanks for the rsponse. I can't launch applications, including Windows
Explorer, when the PC is booted normally, in Safe Mode, or in Safe Mode
Command Line. If I can't launch apps, I don't think I can perform any of the
steps listed in your message. If that's true, I think I'm left with trying
to copy off irreplacable files, formatting and reloading.

Pegasus offered that the drive could be mounted in a USB casing and read by
a different PC. I'm trying to save those steps by using Recovery Console to
copy the files on the hard drive to a USB drive --- then format and reload
the hard drive.

Do you know if Recovery Console can be made to work with a USB drive?

Thanks - Dave


"PA Bear [MS MVP]" wrote:

> There is a very good chance that you are seeing the effects of a hijackware
> infection!
>
> NB: If you have no anti-virus application installed or the subscription has
> expired and/or the machine's not been kept fully-patched at Windows Update,
> don't waste your time with any of the below: Format & reinstall Windows. A
> Repair Install will NOT help!.
>
> 1. See if you can download/run the MSRT manually:
> http://www.microsoft.com/security/ma...e/default.mspx
>
> NB: Run the FULL scan, not the QUICK scan! You may need to download the
> MSRT on a non-infected machine, then transfer MRT.EXE to the infected
> machine and rename it to SCAN.EXE before running it.
>
> 2. [WinXP ONLY!! =>] Run the Windows Live Safety Center's 'Protection' scan
> (only!) in Safe Mode with Networking, if need be:
> http://onecare.live.com/site/en-us/center/howsafe.htm
>
> 3. Run a /thorough/ check for hijackware, including posting the requested
> logs in an appropriate forum, not here.
>
> Checking for/Help with Hijackware
> http://aumha.net/viewtopic.php?f=30&t=4075
> http://mvps.org/winhelp2002/unwanted.htm
> http://inetexplorer.mvps.org/data/prevention.htm
> http://inetexplorer.mvps.org/tshoot.html
> http://www.mvps.org/sramesh2k/Malware_Defence.htm
> http://www.elephantboycomputers.com/...moving_Malware
>
> **Seek expert assistance in
> http://spywarehammer.com/simplemachi...php?board=10.0,
> http://forums.spybot.info/forumdisplay.php?f=22,
> http://www.dslreports.com/forum/cleanup, http://aumha.net/viewforum.php?f=30
> or other appropriate forums.**
>
> If the procedures look too complex - and there is no shame in admitting this
> isn't your cup of tea - take the machine to a local, reputable and
> independent (i.e., not BigBoxStoreUSA) computer repair shop.
> --
> ~Robear Dyer (PA Bear)
> MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
>
>
> Dave wrote:
> > I"m working on a PC with terrible virus issues. When booted normally, the
> > Start bar and desktop icons flash on then off every ~60 seconds, and the
> > system will not allow interaction with apps like Windows Explorer. When I
> > do Ctrl-Alt-Del TaskMgr comes up and I can see lots of unfamiliar apps
> > taking a lot of CPU time. I can't launch aps from TaskMgr.
> >
> > When booted in Safe Mode, the GUI doesn't work. When booted in Safe Mode
> > Command Line, I can interact with the system for 1-2 minutes, then it
> > displays a warning about low system resources and responds slowly, then
> > 1-2
> > min later it blue screens.
> >
> > The result is that I can't run any antivirus apps to clean it. At this
> > point I think I'll settle for using Recovery Console to copy off
> > irreplacable files, format and reload.
> >
> > Any other suggestions?
> >
> > Thanks - Dave
>
>

"Dave" <(E-Mail Removed)> wrote in message
news:214DE3A0-2C78-4A78-8E16-(E-Mail Removed)...
> Pegasus,
>
> Thanks for the quick response. The PC was running McAfee -- I don't know
> what happened.
>
> Do you know if Recovery Console will work with a USB drive?

In its default state, the RC allows access to only a few system file
locations, not to user folders or external drives.

> If it does, it
> will save the time and risk of taking the drive out and trying to access
> it
> from a different system.

This is actually a quick and low-risk approach as long as the other system
is properly protected with up-to-date antivirus software *and* if you don't
attempt to run files from the attached drive.

The RC is a command line utility, and even if you have already re-configured
the scope of the RC, you will spend a lot of time typing. It won't be a
fast process.

> If Recovery Console doesn't support USB drives, is
> there any other way to copy the files off the hard drive before
> formatting/reloading?

Yes, and it's attaching the drive to another, protected system. This is a
normal approach.

As well, it's common to use this external-attachment method to clear out the
main hiding places of malware without running the compromised Windows
install.

HTH
-pk

>
> Thanks again -- Dave
>
>
> "Pegasus [MVP]" wrote:
>
>>
>> "Dave" <(E-Mail Removed)> wrote in message
>> news:B2FECCD3-ED85-40FF-9D8E-(E-Mail Removed)...
>> > Hello
>> >
>> > I"m working on a PC with terrible virus issues. When booted normally,
>> > the
>> > Start bar and desktop icons flash on then off every ~60 seconds, and
>> > the
>> > system will not allow interaction with apps like Windows Explorer.
>> > When I
>> > do
>> > Ctrl-Alt-Del TaskMgr comes up and I can see lots of unfamiliar apps
>> > taking
>> > a
>> > lot of CPU time. I can't launch aps from TaskMgr.
>> >
>> > When booted in Safe Mode, the GUI doesn't work. When booted in Safe
>> > Mode
>> > Command Line, I can interact with the system for 1-2 minutes, then it
>> > displays a warning about low system resources and responds slowly, then
>> > 1-2
>> > min later it blue screens.
>> >
>> > The result is that I can't run any antivirus apps to clean it. At this
>> > point I think I'll settle for using Recovery Console to copy off
>> > irreplacable
>> > files, format and reload.
>> >
>> > Any other suggestions?
>> >
>> > Thanks - Dave
>> >
>>
>> There is a misunderstanding here. The primary purpose of anti-virus
>> programs
>> is to *prevent* an infection. Most have an ability to repair some of the
>> damage done by viruses but there is no guarantee here. Sometimes it
>> works,
>> sometimes it doesn't. Here are a couple of options:
>> - Connect the disk as a slave disk (or in a USB disk case) to another
>> WinXP
>> PC, then try to repair the damage there.
>> - Boot the machine with your WinXP CD, allow the disk to be formatted,
>> then
>> reload Windows.
>>
>> Note also:
>> - It is unlikely that you can repair the machine while in Recovery
>> Console
>> mode.
>> - If you go for the format option, you will lose all personal files.
>> - If this was my machine then I would consider it compromised. I would
>> reload Windows.
>>
>>
>>

Repost:
>> ...take the machine to a local, reputable and
>> independent (i.e., not BigBoxStoreUSA) computer repair shop.


Dave wrote:
> Robear,
>
> Thanks for the rsponse. I can't launch applications, including Windows
> Explorer, when the PC is booted normally, in Safe Mode, or in Safe Mode
> Command Line. If I can't launch apps, I don't think I can perform any of
> the steps listed in your message. If that's true, I think I'm left with
> trying to copy off irreplacable files, formatting and reloading.
>
> Pegasus offered that the drive could be mounted in a USB casing and read
> by
> a different PC. I'm trying to save those steps by using Recovery Console
> to
> copy the files on the hard drive to a USB drive --- then format and reload
> the hard drive.
>
> Do you know if Recovery Console can be made to work with a USB drive?
>
> Thanks - Dave
>
>
> "PA Bear [MS MVP]" wrote:
>
>> There is a very good chance that you are seeing the effects of a
>> hijackware
>> infection!
>>
>> NB: If you have no anti-virus application installed or the subscription
>> has
>> expired and/or the machine's not been kept fully-patched at Windows
>> Update,
>> don't waste your time with any of the below: Format & reinstall Windows.
>> A
>> Repair Install will NOT help!.
>>
>> 1. See if you can download/run the MSRT manually:
>> http://www.microsoft.com/security/ma...e/default.mspx
>>
>> NB: Run the FULL scan, not the QUICK scan! You may need to download the
>> MSRT on a non-infected machine, then transfer MRT.EXE to the infected
>> machine and rename it to SCAN.EXE before running it.
>>
>> 2. [WinXP ONLY!! =>] Run the Windows Live Safety Center's 'Protection'
>> scan
>> (only!) in Safe Mode with Networking, if need be:
>> http://onecare.live.com/site/en-us/center/howsafe.htm
>>
>> 3. Run a /thorough/ check for hijackware, including posting the requested
>> logs in an appropriate forum, not here.
>>
>> Checking for/Help with Hijackware
>> http://aumha.net/viewtopic.php?f=30&t=4075
>> http://mvps.org/winhelp2002/unwanted.htm
>> http://inetexplorer.mvps.org/data/prevention.htm
>> http://inetexplorer.mvps.org/tshoot.html
>> http://www.mvps.org/sramesh2k/Malware_Defence.htm
>> http://www.elephantboycomputers.com/...moving_Malware
>>
>> **Seek expert assistance in
>> http://spywarehammer.com/simplemachi...php?board=10.0,
>> http://forums.spybot.info/forumdisplay.php?f=22,
>> http://www.dslreports.com/forum/cleanup,
>> http://aumha.net/viewforum.php?f=30 or other appropriate forums.**
>>
>> If the procedures look too complex - and there is no shame in admitting
>> this isn't your cup of tea - take the machine to a local, reputable and
>> independent (i.e., not BigBoxStoreUSA) computer repair shop.
>> --
>> ~Robear Dyer (PA Bear)
>> MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
>>
>>
>> Dave wrote:
>>> I"m working on a PC with terrible virus issues. When booted normally,
>>> the
>>> Start bar and desktop icons flash on then off every ~60 seconds, and the
>>> system will not allow interaction with apps like Windows Explorer. When
>>> I
>>> do Ctrl-Alt-Del TaskMgr comes up and I can see lots of unfamiliar apps
>>> taking a lot of CPU time. I can't launch aps from TaskMgr.
>>>
>>> When booted in Safe Mode, the GUI doesn't work. When booted in Safe
>>> Mode
>>> Command Line, I can interact with the system for 1-2 minutes, then it
>>> displays a warning about low system resources and responds slowly, then
>>> 1-2
>>> min later it blue screens.
>>>
>>> The result is that I can't run any antivirus apps to clean it. At this
>>> point I think I'll settle for using Recovery Console to copy off
>>> irreplacable files, format and reload.
>>>
>>> Any other suggestions?
>>>
>>> Thanks - Dave

Dave wrote:
> Hello
>
> I'm working on a PC with terrible virus issues. When booted normally, the
> Start bar and desktop icons flash on then off every ~60 seconds, and the
> system will not allow interaction with apps like Windows Explorer. When I do
> Ctrl-Alt-Del TaskMgr comes up and I can see lots of unfamiliar apps taking a
> lot of CPU time. I can't launch apps from TaskMgr.
>
> When booted in Safe Mode, the GUI doesn't work. When booted in Safe Mode
> Command Line, I can interact with the system for 1-2 minutes, then it
> displays a warning about low system resources and responds slowly, then 1-2
> min later it blue screens.
>
> The result is that I can't run any antivirus apps to clean it. At this
> point I think I'll settle for using Recovery Console to copy off irreplacaeble
> files, format and reload.
>
> Any other suggestions?
>
> Thanks - Dave

Try this download to a working machine. You burn the image to a blank
CD then boot the infected machine to it; it clears out the malware
without Windows running so the malware can't get control. This is
software from Avira.

http://forums.techarena.in/tips-tweaks/1157825.htm

Just download the .exe rather than the ISO.

--
Joe =o)

Dave wrote:
> Hello
>
> I"m working on a PC with terrible virus issues. When booted normally, the
> Start bar and desktop icons flash on then off every ~60 seconds, and the
> system will not allow interaction with apps like Windows Explorer. When I do
> Ctrl-Alt-Del TaskMgr comes up and I can see lots of unfamiliar apps taking a
> lot of CPU time. I can't launch aps from TaskMgr.
>
> When booted in Safe Mode, the GUI doesn't work. When booted in Safe Mode
> Command Line, I can interact with the system for 1-2 minutes, then it
> displays a warning about low system resources and responds slowly, then 1-2
> min later it blue screens.
>
> The result is that I can't run any antivirus apps to clean it. At this
> point I think I'll settle for using Recovery Console to copy off irreplacable
> files, format and reload.
>
> Any other suggestions?
>
> Thanks - Dave
>

If for some reason you don't want to remove the drive and attach it to
another system, you can always use a bootable "live" CD that will let
you access the files you want to save and copy them to some external media.

Two that come to mind are Bart's PE and Knoppix.
http://www.nu2.nu/pebuilder/
http://www.knopper.net/knoppix/index-en.html
http://www.knoppix.net/

I like Knoppix, but several posters in this newsgroup have suggested
that they find Bart's PE easier to use.

--
Lem -- MS-MVP

To the moon and back with 2K words of RAM and 36K words of ROM.
http://en.wikipedia.org/wiki/Apollo_Guidance_Computer
http://history.nasa.gov/afj/compessay.htm