10-Jun-06
TO: Victor Laszlo
In your case it might be, as you metioned, that some critical infected files
were
deleted or quarantined by the Anti-malware or anti-virus. Happens to me a
lot. You
could Check each filename via google to see if it's a genuine windows or
malware
file. Someone here can then tell you how to find and get a replacement for a
particular file that your system might need.
--------------------------------------------
FYI
In 9 out of 10 cases I try to first kill all malware, virus and trojans via
safe mode
and/or DOS (use DOS diskette to boot) - but with help of the old XTREE GOLD
file manager, which speeds things up by about 10,000 gadzillion times. Often
things
go much faster than with endless scans and reports using commercial anti-v
and
anti-m packages.
First thing to do is to look for suspicious files in system32 folder that
arrived
there just before you noticed the problems. That takes about 3 seconds w/
XTREE
and its filespec (date range) sort. Copy and save the files w/different
extensions
and zip up and store in case one is needed later. Be sure to record original
filenames.
Check each file via google to see if there's anything suspicious on it
(There are
some sites that also explain function of all windows files - but don't have
links
handy right now).
Delete the suspect files only. Back up Registry. Check Registry for
references to
these files w/ it's 'find' command. The search string should contain a key
portion
of the files only. That's good enough and will catch more. Delete suspect
keys.
You can always replace keys or entire Registry later w/ backup, if mess up.
Do all this in DOS and/or in safe mode.
When in deep sh_t, I might run AVG, TrojanRemover, Spybot and Adaware -
either
before or after (your choice). If you use WinPatrol, it could save you a lot
of
trouble later - so long as you don't screw up and hit the wrong button.
Ted...