Please Help! Aggressive Trojans

[Deidre]

Hello:

For two hours I have tried to repair my daughter's computer. She has the
following trojans on her computer in the following locations.

C:\HP\Vin\Terminator.exe - trojankillapp 30208
C:\Windows\downloaded program files\install026.exe - Trojan.sectho
C:\Windows\System32\gnucdna.davidlovelove - Win.exe virus

You can see most icons on her computer, but nothing can be read [not titles,
labels, etc]. The words are all gobble-de-gook. I have tried the Stinger
program, No Adware, and Trojan Remover. None of these have worked. Cannot
read anything in Add/Remove Software because of gobbled lettering. Tried to
install Norton Antivirus but cannot read to complete installation.

Can anyone PLEASE inform or suggest other methods to repair her computer.
She is driving me NUTS! [Please keep me out of the looney-bin]

Internet access is not an option at the moment. I cannot install my ISP's
software to connect her to the Internet through my network.

Thank you for any and all suggestions and information. Your assistance is
Greatly Appreciated!

Deidre

 

[Jym]

It sound like you have said that all of the files are damaged . Making them
readable may take a lot of expertise , if possible at all. Reformat seems to
be your only option. Jym

 

[Carey Frisch [MVP]]

It appears the various viruses completed their dastardly mission and
have hopeless corrupted the Windows XP operating system files.
That's why it is extremely important to install a good antivirus program!

At this point, all you can do is prepare for a "clean install".

Use the following procedure for a "clean install" of Windows XP:

The Windows XP CD is bootable and contains all the tools necessary
to partition and format your drive. Follow this procedure and allow
Windows XP to partition and format your drive:

NOTE: It would be best to physically disconnect all your peripheral hardware
devices, except the monitor, mouse and keyboard, before installing XP.

NOTE: If you have an internal Zip Drive installed, physically disconnect the
EIDE and power cable to it before proceeding, otherwise your main
hard drive may not be assigned the customary C: drive letter.
After installing Windows XP, you may then reconnect it.

1. Open your BIOS and set your "CD Drive as the first bootable device".

===> Accessing Motherboard BIOS
===> http://www.michaelstevenstech.com/bios_manufacturer.htm

2. Insert your Windows XP CD in the CD Drive and reboot your computer.
3. You'll see a message to boot to the CD....follow the instructions.
4. The setup menu will appear and you should elect to delete all the existing
Windows partitions, then create a new partition, then format the primary
partition (preferably NTFS) and proceed to install Windows XP.

5. Clean Install Windows XP
http://michaelstevenstech.com/cleanxpinstall.html

[Courtesy of Michael Stevens, MS-MVP]

6. ==> Immediately after installing Windows XP, turn on XP's Firewall.
==> http://www.microsoft.com/security/protect/

7. After Windows XP is installed, visit the Windows Update website
and download the available "Critical Updates".

8. After installing the critical updates, be sure and visit the support website
of the manufacturer of the computer to download and install any
available Windows XP compatible drivers, such as video adapter
and audio drivers.

9. If you happen to run into any installation difficulties, use the following resources:

How to Troubleshoot Windows XP Problems During Installation
http://support.microsoft.com/default.aspx?scid=kb;EN-US;310064

Troubleshooting Windows XP Setup
http://www.kellys-korner-xp.com/xp_setup.htm

[Courtesy of MS-MVP Kelly Theriot]

To secure your computer and prevent possible future security breeches,
consider installing a first-rate, comprehensive, internet security program:

Norton Internet Security 2004
http://www.symantec.com/sabu/nis/nis_pe/

-- Includes Norton AntiVirus 2004
-- Includes Norton Personal Firewall
-- Includes prevention of annoying web pop-ups
-- Includes Parental Controls
-- All in one, easy-to-install package

--
Carey Frisch
Microsoft MVP
Windows XP - Shell/User

Be Smart! Protect your PC!
http://www.microsoft.com/security/protect/

----------------------------------------------------------------------------------


| Hello:
|
| For two hours I have tried to repair my daughter's computer. She has the
| following trojans on her computer in the following locations.
|
| C:\HP\Vin\Terminator.exe - trojankillapp 30208
| C:\Windows\downloaded program files\install026.exe - Trojan.sectho
| C:\Windows\System32\gnucdna.davidlovelove - Win.exe virus
|
| You can see most icons on her computer, but nothing can be read [not titles,
| labels, etc]. The words are all gobble-de-gook. I have tried the Stinger
| program, No Adware, and Trojan Remover. None of these have worked. Cannot
| read anything in Add/Remove Software because of gobbled lettering. Tried to
| install Norton Antivirus but cannot read to complete installation.
|
| Can anyone PLEASE inform or suggest other methods to repair her computer.
| She is driving me NUTS! [Please keep me out of the looney-bin]
|
| Internet access is not an option at the moment. I cannot install my ISP's
| software to connect her to the Internet through my network.
|
| Thank you for any and all suggestions and information. Your assistance is
| Greatly Appreciated!
|
| Deidre

 

[Deidre]

Hello Carey:

Thank you for responding so quickly!

My daughter's system came with Windows XP Home Edition installed, and five
recovery disks. Can you point me in the right direction for instructions on
how to do a factory restore? Thank You so Much!

Deidre

It appears the various viruses completed their dastardly mission and
have hopeless corrupted the Windows XP operating system files.
That's why it is extremely important to install a good antivirus program!

At this point, all you can do is prepare for a "clean install".

Use the following procedure for a "clean install" of Windows XP:

The Windows XP CD is bootable and contains all the tools necessary
to partition and format your drive. Follow this procedure and allow
Windows XP to partition and format your drive:

NOTE: It would be best to physically disconnect all your peripheral hardware
devices, except the monitor, mouse and keyboard, before installing XP.

NOTE: If you have an internal Zip Drive installed, physically disconnect the
EIDE and power cable to it before proceeding, otherwise your main
hard drive may not be assigned the customary C: drive letter.
After installing Windows XP, you may then reconnect it.

1. Open your BIOS and set your "CD Drive as the first bootable device".

===> Accessing Motherboard BIOS
===> http://www.michaelstevenstech.com/bios_manufacturer.htm

2. Insert your Windows XP CD in the CD Drive and reboot your computer.
3. You'll see a message to boot to the CD....follow the instructions.
4. The setup menu will appear and you should elect to delete all the existing
Windows partitions, then create a new partition, then format the primary
partition (preferably NTFS) and proceed to install Windows XP.

5. Clean Install Windows XP
http://michaelstevenstech.com/cleanxpinstall.html

[Courtesy of Michael Stevens, MS-MVP]

6. ==> Immediately after installing Windows XP, turn on XP's Firewall.
==> http://www.microsoft.com/security/protect/

7. After Windows XP is installed, visit the Windows Update website
and download the available "Critical Updates".

8. After installing the critical updates, be sure and visit the support website
of the manufacturer of the computer to download and install any
available Windows XP compatible drivers, such as video adapter
and audio drivers.

9. If you happen to run into any installation difficulties, use the following resources:

How to Troubleshoot Windows XP Problems During Installation
http://support.microsoft.com/default.aspx?scid=kb;EN-US;310064

Troubleshooting Windows XP Setup
http://www.kellys-korner-xp.com/xp_setup.htm

[Courtesy of MS-MVP Kelly Theriot]

To secure your computer and prevent possible future security breeches,
consider installing a first-rate, comprehensive, internet security program:

Norton Internet Security 2004
http://www.symantec.com/sabu/nis/nis_pe/

-- Includes Norton AntiVirus 2004
-- Includes Norton Personal Firewall
-- Includes prevention of annoying web pop-ups
-- Includes Parental Controls
-- All in one, easy-to-install package

--
Carey Frisch
Microsoft MVP
Windows XP - Shell/User

Be Smart! Protect your PC!
http://www.microsoft.com/security/protect/

-------------------------------------------------------------------------- --------


| Hello:
|
| For two hours I have tried to repair my daughter's computer. She has the
| following trojans on her computer in the following locations.
|
| C:\HP\Vin\Terminator.exe - trojankillapp 30208
| C:\Windows\downloaded program files\install026.exe - Trojan.sectho
| C:\Windows\System32\gnucdna.davidlovelove - Win.exe virus
|
| You can see most icons on her computer, but nothing can be read [not titles,
| labels, etc]. The words are all gobble-de-gook. I have tried the Stinger
| program, No Adware, and Trojan Remover. None of these have worked. Cannot
| read anything in Add/Remove Software because of gobbled lettering. Tried to
| install Norton Antivirus but cannot read to complete installation.
|
| Can anyone PLEASE inform or suggest other methods to repair her computer.
| She is driving me NUTS! [Please keep me out of the looney-bin]
|
| Internet access is not an option at the moment. I cannot install my ISP's
| software to connect her to the Internet through my network.
|
| Thank you for any and all suggestions and information. Your assistance is
| Greatly Appreciated!
|
| Deidre

 

[Carey Frisch [MVP]]

If you cannot find the User's Guide that came with the PC,
then visit the PC manufacturer's support website for instructions
on using the PC manufacturer's Recovery CDs.

--
Carey Frisch
Microsoft MVP
Windows XP - Shell/User

Be Smart! Protect your PC!
http://www.microsoft.com/security/protect/

-------------------------------------------------------------------------------


| Hello Carey:
|
| Thank you for responding so quickly!
|
| My daughter's system came with Windows XP Home Edition installed, and five
| recovery disks. Can you point me in the right direction for instructions on
| how to do a factory restore? Thank You so Much!
|
| Deidre

 

[Doug]

Hi Deidre-
Most computers manufactured with XP have a recovery partition known as RP (D drive. If you restart your PC, depending on your computer's bios program, it will present you the option to recover from the recovery partition, if you are able to it will probably ask you to press F10 or F1 during the startup and open the recovery partition program.

Additionally, you should try to see if you can run the antivirus program in Safe Mode, this may open the anti virus program without the gobble de gook, it is recomended by the anti viral programs manufacturer to run it in Safe Mode anyway.

Remember, the last thing you want to resort to is a complete destructive restore, and if you don't backup in a regular basis you can be out some important file and settings that you have saved along the way.

To run the anti viral program in Safe Mode do this:

Restart your computer and tap the F8 function key until it prompts you with a list of startup options, use the up/down arrows to select the Safe Mode option and press enter, this will start you computer in Safe Mode with limited programs, continue following the confirmation choices till it brings you to the desktop, from there you can select the anti viral program from your start menu.

If the av program doesnt run in safe mode, select the VGA mode from the startup options I previously mentioned and follow the same remaining steps.

If updated properly and regularly, the Norton AV program will remove the virus and correct your text problem, I know it works, I have had viruses and worms on my pc and after a few av scans it caught them and got my pc up and running like new again.

Another thing to do is to run all the maintenance you can after you have removed the virus-

Start>All Programs> Accessories> System Tools
Run the utilities in the following order with a reboot after each, rebooting doesn't hurt and in some cases, with the av program set to run at startup, it may surface a worm or boot malfunctions

Disk Clean Up - check to select all the boxes except compress, keep in mind that you don't want to do anything that might enable the worm or virus to hide and surface at a later date and often many of them are timed to do so

Purge Your Systems Cache - to do this:
Start> RUN - type cmd -it will open a black window with a dos prompt type cd c:\ -then at the new C:\ prompt type sfc/purgecache
-or you can do it this way-
Start> All Programs> Windows Support Tools> Command Prompt type cd c:\ -then at the new C:\ prompt type sfc/purgecache

this will take a few minutes, you will know when it's finished by the activity indicator light on the front of the CPU, and it's worth it, viruses like to hide in this place and can ressurect themselves from this memory

System File Checker - Start> RUN> type sfc /scannow -or if you cannot run the sytem file checker from RUN you can run it by doing this:
Start> RUN type cmd in the new black dos window that opens type cd C:\ at the new prompt type sfc/scannow
this will check the integrity of all the Windows System files and repair if necessary

Disk Defragmenter - This nifty tool is my favorite, it will sort through all the files on your hard drive, organize, condense them to free up space and remove any fragmented files (files that are broken apart or not valid any longer due to damage or otherwise) or lost files (files that are no longer in use becuase they out of place and have autmatically been replaced) YOU WILL NOTICE THE DIFFERENCE!

-think of this as attacking the virus-

When your virus is history and you are certain that there is no trace of if and your system is up and running like new again for a few days, run the System Restore Program and create a system restore point, to do this:

Start> All Programs> PC Help & Tools (the title of this console may vary from system to sytem depending on the manufacturer of your pc), if you can't find it there it will most likely be in the System Tools console previously mentioned, or in desperate cases you can intiate a search for SR with the XP search tool. When you eventually get to it select "Create A New System Restore Point" and give it a unique name that you can refer to in the event you need to get back to a good operating time.

When you have created the new restore point a good idea would be to remove all the previous restore points, you may accidently restore your pc to a time when it had the virus and this will also create some breathing room for your PC, to do this:

Start> All Programs> Accessories> System Tools> Disk Cleanup
at the disk cleanup manager click at the top tab that says "More Options" when the new window opens the third one at the botton will remove all but the most recent restore point removing old registry files that may also be infected.

Noting that you mentioned this is your daughters PC, she probably uses chat rooms and that is a complete danger zone for computers and infections, creeps like to hang out in them just for the satisfaction of being able to make someone's life miserable, what happens is that they send boot codes as instant messages that knock the user off the internet or make their computer crash by including worms with the boot codes, -take it form someone who has experienced it first hand. The remedy for this is to make sure that the antivirus program is setup for messenger services like Yahoo, MSN etc, I know Norton AV has the option to do so and even better is to have the Norton Personal Firewall that runs alongside the av program. Also another good to thing to do is to make sure your av program starts with the system, it will monitor what's going on in the background and at startup.

Hope this helps! -I found some of my best solutions to real intricate problems in this newsgroup and it is always my pleasure to help when I can....

All the best

Doug
Newport, RI

Hello Carey:

Thank you for responding so quickly!

My daughter's system came with Windows XP Home Edition installed, and five
recovery disks. Can you point me in the right direction for instructions on
how to do a factory restore? Thank You so Much!

Deidre

It appears the various viruses completed their dastardly mission and
have hopeless corrupted the Windows XP operating system files.
That's why it is extremely important to install a good antivirus program!

At this point, all you can do is prepare for a "clean install".

Use the following procedure for a "clean install" of Windows XP:

The Windows XP CD is bootable and contains all the tools necessary
to partition and format your drive. Follow this procedure and allow
Windows XP to partition and format your drive:

NOTE: It would be best to physically disconnect all your peripheral hardware
devices, except the monitor, mouse and keyboard, before installing XP.

NOTE: If you have an internal Zip Drive installed, physically disconnect the
EIDE and power cable to it before proceeding, otherwise your main
hard drive may not be assigned the customary C: drive letter.
After installing Windows XP, you may then reconnect it.

1. Open your BIOS and set your "CD Drive as the first bootable device".

===> Accessing Motherboard BIOS
===> http://www.michaelstevenstech.com/bios_manufacturer.htm

2. Insert your Windows XP CD in the CD Drive and reboot your computer.
3. You'll see a message to boot to the CD....follow the instructions.
4. The setup menu will appear and you should elect to delete all the existing
Windows partitions, then create a new partition, then format the primary
partition (preferably NTFS) and proceed to install Windows XP.

5. Clean Install Windows XP
http://michaelstevenstech.com/cleanxpinstall.html

[Courtesy of Michael Stevens, MS-MVP]

6. ==> Immediately after installing Windows XP, turn on XP's Firewall.
==> http://www.microsoft.com/security/protect/

7. After Windows XP is installed, visit the Windows Update website
and download the available "Critical Updates".

8. After installing the critical updates, be sure and visit the support website
of the manufacturer of the computer to download and install any
available Windows XP compatible drivers, such as video adapter
and audio drivers.

9. If you happen to run into any installation difficulties, use the following resources:

How to Troubleshoot Windows XP Problems During Installation
http://support.microsoft.com/default.aspx?scid=kb;EN-US;310064

Troubleshooting Windows XP Setup
http://www.kellys-korner-xp.com/xp_setup.htm

[Courtesy of MS-MVP Kelly Theriot]

To secure your computer and prevent possible future security breeches,
consider installing a first-rate, comprehensive, internet security program:

Norton Internet Security 2004
http://www.symantec.com/sabu/nis/nis_pe/

-- Includes Norton AntiVirus 2004
-- Includes Norton Personal Firewall
-- Includes prevention of annoying web pop-ups
-- Includes Parental Controls
-- All in one, easy-to-install package

--
Carey Frisch
Microsoft MVP
Windows XP - Shell/User

Be Smart! Protect your PC!
http://www.microsoft.com/security/protect/

-------------------------------------------------------------------------- --------


| Hello:
|
| For two hours I have tried to repair my daughter's computer. She has the
| following trojans on her computer in the following locations.
|
| C:\HP\Vin\Terminator.exe - trojankillapp 30208
| C:\Windows\downloaded program files\install026.exe - Trojan.sectho
| C:\Windows\System32\gnucdna.davidlovelove - Win.exe virus
|
| You can see most icons on her computer, but nothing can be read [not titles,
| labels, etc]. The words are all gobble-de-gook. I have tried the Stinger
| program, No Adware, and Trojan Remover. None of these have worked. Cannot
| read anything in Add/Remove Software because of gobbled lettering. Tried to
| install Norton Antivirus but cannot read to complete installation.
|
| Can anyone PLEASE inform or suggest other methods to repair her computer.
| She is driving me NUTS! [Please keep me out of the looney-bin]
|
| Internet access is not an option at the moment. I cannot install my ISP's
| software to connect her to the Internet through my network.
|
| Thank you for any and all suggestions and information. Your assistance is
| Greatly Appreciated!
|
| Deidre