I recently was overrun by adware and a virus

[proxynews]

I recently was overrun by adware and a virus and now I am trying to
recover from the disaster. In the process of trying to get rid of this
malware, I deleted sais.exe from the WINNT/SYSTEM32 directory. That
made my HDDs stop booting. I have created a new boot drive and
installed Win2000, and I thought I could just copy the deleted file
over to get things to work. But the new drive does not have this file.


I don't get it. When I read up on sais.exe on the web it seems to be
essential to the initial log in to the computer. The only differences
I have between this installation and the previous ones are, I could not
get the HDD to format FAT32 so I got NTFS instead, and I did not create
any users, just administrator.


So what the heck do I do now? How do I restore my two bad HDDs?

 

[Dave]

a search on google for sais.exe points out that it is likely spyware or
adware.

typical result:
http://www.liutilities.com/products/wintaskspro/processlibrary/sais/

does your new boot drive not work??

 

[wayfarrer]

Your information about sais.exe is incorrect. it is not a Windows system file,
it's generally considered to be spyware. See this link for more details:

sais.exe - Here is the scoop on Search assistant.
http://www.auditmypc.com/process/sais.asp

Use Google for more accurate search results.

Can you bootup from the Windows 2000 CD and access the Recovery Console? (You'll
need to know the Administrator's password) If so, enter "fixboot" and then
"fixmbr" at the RC prompt.

 

[proxy]

Yes, after struggling for several days I looked at my notes and
realized that the file I should not have deleted is lsass.exe or
something similar. Restoring that file got one system up and running
and the other one was not as important. So I rebuilt the second one
from scratch.

The plus side is that I overcame my reluctance and used NTFS for the
second system. It has been running for a week and have not found any
compatibility issues. I don't have a lot of confidence in MS and don't
like moving ahead with new stuff since it often creates problems down
the road.

I think the spyware stuff is worse than the virus problem. The spyware
seems to keep loading new spyware onto your system and can be really
hard to get rid of.

To answer your question, I tried booting from the W2K CD and used the
automatic repair, but it did not work. I didn't know enough about what
to fix to try the manual method. I tried using FIXMBR on a new drive
when I couldn't figure out why it would not format as FAT32. The OS is
not very helpful about any of this. I now know that they want to push
you toward NTFS, but the tools don't make that very clear. When I
tried to format it on the other machine running W2K, it seemed to
format in FAT32, but then wouldn't work.

Thanks to both of you guys for your replies. I am up and very happy at
the moment.