Lots of troubles..

[Gilberto]

Ok, I made a big mistake on week ago. I leave windows XP SP2 without any
firewall for the weekend directly connected to Internet.

Now, when I came back on sunday, I have the following sysmtops:

1. Antivirus "hidden"/Uninstalled.. Norton Corp 9, cannot find it in control
panel or anything.

2. Cannot reinstall any antivirus, tryed with trial from norton, mcafee,
symantec, nod32, all of them says that the application file is not a valid
Win32 app.

3. CAnnot install any antispyware or run any of them. Cannot run spyboot or
HijackThis. I got the same error as antivirus sofwares.

4. cannot start on safe mode, the computer restart itself after mup.sys

5. when I try to open the windows firewall, it just say that then it will
enable the Windows ICS service. that means that before that is disabled.

5. If I try to open regedit, msconfig, or enable windows firewall, or work
in anything, after a few minutes, the computer restart itself.

6. even if I leave it alone, it restart itself after a few minutes.

After a lot of restart, I manage to delete everything from the RUN key on
all users and my user from regedit.

I also disable to load everything using the msconfig, but windows keep
totally uninstable.

I also got info from my ISP, that the computer is sending out spam emails.

Is there any way to really fix this windows installation, or do I need to
start from 0 again and make a clean windows xp installation?

 

[p]

Ok, I made a big mistake on week ago. I leave windows XP SP2 without any
firewall for the weekend directly connected to Internet.

Now, when I came back on sunday, I have the following sysmtops:

1. Antivirus "hidden"/Uninstalled.. Norton Corp 9, cannot find it in control
panel or anything.

2. Cannot reinstall any antivirus, tryed with trial from norton, mcafee,
symantec, nod32, all of them says that the application file is not a valid
Win32 app.

3. CAnnot install any antispyware or run any of them. Cannot run spyboot or
HijackThis. I got the same error as antivirus sofwares.

4. cannot start on safe mode, the computer restart itself after mup.sys

5. when I try to open the windows firewall, it just say that then it will
enable the Windows ICS service. that means that before that is disabled.

5. If I try to open regedit, msconfig, or enable windows firewall, or work
in anything, after a few minutes, the computer restart itself.

6. even if I leave it alone, it restart itself after a few minutes.

After a lot of restart, I manage to delete everything from the RUN key on
all users and my user from regedit.

I also disable to load everything using the msconfig, but windows keep
totally uninstable.

I also got info from my ISP, that the computer is sending out spam emails.

Is there any way to really fix this windows installation, or do I need to
start from 0 again and make a clean windows xp installation?

It would be quicker to reinstall XP, much quicker and far surer that you
don't have any blue meanies still lurking somewhere.

P

 

[Doug Knox - [MS-MVP]]

There's no telling how badly infected your machine is. I'd recommend
starting over from scratch with a new installation.

 

[Mir Mehdi]

If you really want to fix this without reinstalling the windows, get on to
this website http://pcsafety.us and download tools on a different computer,
then disconnect the infected computer from the internet and try to transfer
the tools downloaded using a flash dirve and then try scanning the computer.

Look for vundo fixes, i believe your computer is badly affected by vundo
virus.

Try with these tools from the website:
MalwareBytes
FixVundo
Avast

 

[PA Bear [MS MVP]]

I'd wipe & reload ASAP.

==========================

Unexplained computer behavior may be caused by deceptive software
http://support.microsoft.com/kb/827315

Run a /thorough/ check for hijackware, including posting your hijackthis log
to an appropriate forum.

Checking for/Help with Hijackware
http://aumha.org/a/parasite.htm
http://aumha.org/a/quickfix.htm
http://aumha.net/viewtopic.php?t=5878
http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/data/prevention.htm
http://inetexplorer.mvps.org/tshoot.html
http://www.mvps.org/sramesh2k/Malware_Defence.htm
http://defendingyourmachine2.blogspot.com/
http://www.elephantboycomputers.com/page2.html#Removing_Malware

When all else fails, HijackThis v2.0.2
(http://aumha.org/downloads/hijackthis.exe) is the preferred tool to use.
It will help you to both identify and remove any hijackware/spyware with
assistance from an expert. **Post your log to
http://aumha.net/viewforum.php?f=30,
http://forums.spybot.info/forumdisplay.php?f=22,
http://castlecops.com/forum67.html, or other appropriate forums for review
by an expert in such matters, not here.**

If the procedures look too complex - and there is no shame in admitting this
isn't your cup of tea - take the machine to a local, reputable and
independent (i.e., not BigBoxStoreUSA) computer repair shop.

 

[John Wunderlich]

Ok, I made a big mistake on week ago. I leave windows XP SP2
without any firewall for the weekend directly connected to
Internet.

Now, when I came back on sunday, I have the following sysmtops:

1. Antivirus "hidden"/Uninstalled.. Norton Corp 9, cannot find it
in control panel or anything.

2. Cannot reinstall any antivirus, tryed with trial from norton,
mcafee, symantec, nod32, all of them says that the application
file is not a valid Win32 app.

3. CAnnot install any antispyware or run any of them. Cannot run
spyboot or HijackThis. I got the same error as antivirus sofwares.

4. cannot start on safe mode, the computer restart itself after
mup.sys

5. when I try to open the windows firewall, it just say that then
it will enable the Windows ICS service. that means that before
that is disabled.

5. If I try to open regedit, msconfig, or enable windows firewall,
or work in anything, after a few minutes, the computer restart
itself.

6. even if I leave it alone, it restart itself after a few
minutes.

After a lot of restart, I manage to delete everything from the RUN
key on all users and my user from regedit.

I also disable to load everything using the msconfig, but windows
keep totally uninstable.

I also got info from my ISP, that the computer is sending out spam
emails.

Is there any way to really fix this windows installation, or do I
need to start from 0 again and make a clean windows xp
installation?

Boot your machine from a free Live Linux CD/DVD such as Knoppix:

<http://www.knopper.net/knoppix/index-en.html>

This will give you a virus-free environment and enable you to back up
your important files either over the network or via a USB drive.

Then re-install Windows on your machine.

HTH,
John

 

[PA Bear [MS MVP]]

I thought I've been smelling a rat ever since you first started posting to
MS newsgroups right out of the blue on 27 Jun-08!

cf.
http://www.siteadvisor.com/sites/pc...se&client_ver=2.6.0.6261&client_type=IEPlugin

Despite your sig ("Microsoft XP Platform Support), no MS employee or
representative would point anyone to that sham of a "security" website!

And anyone fully versed on Vundo infections (which are constantly morphing
and usually accompanied by ZLOB & SDBot-variants, all protected by a
rootkit) would know that no one utility or combination of utilities can
fully clean such an infected machine.

NB Gilberto & lurks: What follows *is* information and links you can trust!

Unexplained computer behavior may be caused by deceptive software
http://support.microsoft.com/kb/827315

Run a /thorough/ check for hijackware, including posting your hijackthis log
to an appropriate forum.

Checking for/Help with Hijackware
http://aumha.org/a/parasite.htm
http://aumha.org/a/quickfix.htm
http://aumha.net/viewtopic.php?t=5878
http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/data/prevention.htm
http://inetexplorer.mvps.org/tshoot.html
http://www.mvps.org/sramesh2k/Malware_Defence.htm
http://defendingyourmachine2.blogspot.com/
http://www.elephantboycomputers.com/page2.html#Removing_Malware

When all else fails, HijackThis v2.0.2
(http://aumha.org/downloads/hijackthis.exe) is the preferred tool to use.
It will help you to both identify and remove any hijackware/spyware with
assistance from an expert. **Post your log to
http://aumha.net/viewforum.php?f=30,
http://forums.spybot.info/forumdisplay.php?f=22,
http://castlecops.com/forum67.html, or other appropriate forums for review
by an expert in such matters, not here.**

If the procedures look too complex - and there is no shame in admitting this
isn't your cup of tea - take the machine to a local, reputable and
independent (i.e., not BigBoxStoreUSA) computer repair shop.
--
~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
https://mvp.support.microsoft.com/default.aspx/profile/robear.dyer

If you really want to fix this without reinstalling the windows, get on to
this website XXXX://pcsafety.us and download tools on a different
computer,
then disconnect the infected computer from the internet and try to
transfer
the tools downloaded using a flash dirve and then try scanning the
computer.

Look for vundo fixes, i believe your computer is badly affected by vundo
virus.

<snip>

 

[tashfeen]

That's a pretty overwhelming problem, followed by an overwhelming list
of instructions -- enough to freak me out!

I think a clean install would be the best bet. If there's anything
that you absolutely need to preserve (documents, mp3 collections, etc)
then disconnect your computer from the internet, and hook it up to a
different computer to copy your stuff.

Make sure the other computer has 1. an up-to-date antivirus and 2.
WinPatrol (here's a review: http://techqi.blogspot.com/2008/05/really-useful-stuff-winpatrol.html).
WinPatrol basically acts as a "software firewall", so you can catch
malicious applications before they attempt to install themselves on
the computer.

After you've copied, format your entire hard drive. Make sure your
computer isn't connected to the internet. Install the OS, drivers,
software etc. Install a good antivirus; I recommend NOD32 or Avast,
depending whether you want to go for a paid or free antivirus (here
are my reviews: http://avscan.blogspot.com). Don't forget a good
firewall; ZoneAlarm is the best in my opinion, but if you don't have a
fast system go for Comodo (on firewalls:
http://techqi.blogspot.com/2008/01/miscellaneous-security-software-part-2.html).
Don't forget WinPatrol either. You shouldn't immediately need registry
cleaners after a clean install, but here's my picks (http://
techqi.blogspot.com/2008/01/miscellaneous-security-software-
part-1.html).

Hope this helps!

 

[PA Bear [MS MVP]]

I'd be freaked out if I'd gotten OP's infections!