I am currently running Windows XP SP 1. Please note that I am the only user
on this computer and have administrator rights.
Sure, that's how I run too.
1. I can't update my computer. It will download 9 critical updates and
will seem to update fine but it never actually updates the computer. When I
reboot the same 9 updates want to be installed.
2. I can't edit my regestry. When I run regedit it does nothing.
3. Also when I try to run "System Configuration Manager" nothing happens
also.
By now, it seems obvious to me that you have, or have had, active
malware on the PC. Some malware defends itself by blocking access to
tools such as Regedit, MSConfig and updates, as well as blocking av
updates, access to av sites, and knocking down av and firewall.
Some ways of defending against such helpful tools are "sticky", i.e.
they don't require the ongoing presence 9survival) of the malware to
work You may have to undo those changes by hand.
4. I have loaded antivirus software and cleaned off my comptuer so viruses
are not the issue.
Yeah, right. You run an OS that has the virus embedded in it, and
while noting that malware has already clobbered half your toolset, you
try to install an av and scan it while it's watching. Fortunately,
the malware didn't take punitive action (few do, as at Dec 2004). But
the real folly is believing a "nothing found" result means anything.
You need to do a formal scan of all files on the system. By that I
mean, without running a single byte of code off your ?infected HD,
from the start of the boot to the end of the scanning process.
If NTFS makes that difficult, it doesn't change the need to do this.
5. Also I have tried to move back in time and restore my computer to a
newer date but it comes back and says that it will not restore back to an
older date.
Yup. Prolly another defensive move. You can't bank on malware
writers' ineptitude forever, i.e. expect their creations to sit still
while you shoot them to death with your av and other defences.
6. I have tried everything to download and update to Service Pack 2 but
there is no where on Microsofts web site that I can simply download SP2.
You have to go throught the Update routine... unfortunately my update
routine can't get pass the 9 updates that it will not load.
That's particularly doomed. It's pointless to attempt to patch an
infected system - let's just say the results may be "undefined".
As you can see I am majorly stuck. Any suggestions?
As above.
If FATxx, then I'd get a Win95 SR2 or later boot diskette, preferably
a Win98 EBD that creates a RAM drive (edit A:\Config.sys to boost the
RAM drive to 12000 i.e. 12M, and Set Temp=%RAMD% ).
Then I'd get a DOS-based av scanner, from one of:
www.f-prot.com (get data updates too!)
www.nod32.com
www.sophos.com
The last two are free for exvaluation only; you'd have to "sign in"
and I would not count on getting updates. The first is free for
personal use and you can get updates on an ongoing basis - but as the
full av you download is likely to contain old data, your first update
download is required right now.
Then I'd shut down the PC and unplug it from mains, and all networks,
including wireless if possible. Then I'd plug in mains and switch on,
and immediately go into CMOS setup. Check that A: = 1.44M, and set
boot order to boot diskette first (or better, only).
Boot off the EBD diskette, then extract or copy the DOS av and its
data to the RAMdisk and run it from there (for speed). Scan all
files, detect only. SAVE THE LOG or ballpoint *all* the details of
what it finds! Post those here or Google for caveats.
Clean malware as per caveats; often the DOS-based av can do it, but in
some cases you may need to download a specific cleaner tool and follow
instructions. Once again, keep a log of everything you do.
When done, set CMOS boot order C: before A: (or best, C: only). Stay
off all networks until you complete the cure (read on).
If NTFS, then you're at a disadvantage. Try Safe Mode Command Prompt
Only and use Trend's SysClean utility from there. As always, all
downloads have to be done from a CLEAN system (not yours!).
Few commercial malware will be as agressive as to clobber regedit etc.
but as traditional av doesn't scan for them, that's a separate process
to do next - ideally from Safe Mode Command Prompt Only, and then
repeated from "normal" mode in each user account.
Free tools for this include the AdAware and Spybot scanners (start
with them), Spyware Blaster to block known future attacks, and manual
tools such as HiJackThis et al.
Once the system is clean, you can turn your attention to residual
settings that may still block your defensive tools; fix these by hand.
Check all your risk management settings, expecting to find your fences
knocked down (e.g. firewall off, IE zone settings very lax, hostile
HOSTS redirections, etc.).
Purge web cache (and reduce sizes in all accounts, to speed things
up), purge Temp, and do a Defrag. Purge System Restore and
immediately create a new Restore point. Create your baseline state
backups in Spyware Blaster.
Now you can start patching. Once the rest of your LAN is clean,
reconnect to that. Once the firewall's up, can reconnect to 'net.
---------- ----- ---- --- -- - - - -
"He's such a character!"
' Yeah - CHAR(0) '
