Virus attack has crippled me

N

Nandan

Hi,

I have a home PC multibooted with XP and Vista.I normally use XP as
lots of software doesnt yet work properly with vista.My problem is
that I was running my Xp without antivirus software for two
weeks.Everything was nearly fine till I installed Norton 360 and it
detected W32.Lecna.A,Invader trojan,win32.Virut.A,Downloader
trojan ,win32.brontok.q,trojan.generic,win32.Lecna.c .
I have handled lots of viruses before and have successfully cleaned
lots before but this time ,after I rebooted the PC with the newly
installed norton 360,it refuses to log in.
It logs in and then logs off.I tried the built in administrator
account and my account also,but no luck.It simply fails to log in.I
guess one of the viruses has affected the winlogon service.Safe mode
wont also work.


What can be done so that I can gain access ? I can login to vista and
it shows no problems.Can I scan from Vista and clean XP as well as
the
hard drives.It's getting really frustrating.I dont want to format
because I have so many apps installed,that It would take a really
long
time to get everything installed.


Hope you guys can help me out...


Rgds,
Nandan
 
D

Duh_OZ

Hi,

I have a home PC multibooted with XP and Vista.I normally use XP as
lots of software doesnt yet work properly with vista.My problem is
that I was running my Xp without antivirus software for two
weeks.Everything was nearly fine till I installed Norton 360 and it
detected W32.Lecna.A,Invader trojan,win32.Virut.A,Downloader
trojan ,win32.brontok.q,trojan.generic,win32.Lecna.c .
I have handled lots of viruses before and have successfully cleaned
lots before but this time ,after I rebooted the PC with the newly
installed norton 360,it refuses to log in.
It logs in and then logs off.I tried the built in administrator
account and my account also,but no luck.It simply fails to log in.I
guess one of the viruses has affected the winlogon service.Safe mode
wont also work.

What can be done so that I can gain access ? I can login to vista and
it shows no problems.Can I scan from Vista and clean XP as well as
the
hard drives.It's getting really frustrating.I dont want to format
because I have so many apps installed,that It would take a really
long
time to get everything installed.

Hope you guys can help me out...

Rgds,
Nandan
Click to expand...

==========
First - practice safe hex. Second - practice safe hex!

System restore turned off?

hijackthis - *DO NOT* post the log here though.

Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

Hook up the drive as a slave and try cleaning it.

You can also try Lipman's
 
V

VanguardLH

in message
...

Out of interest why turn system restore off, is it
because nasty stuff can hide there?
Click to expand...

Why would you think system files that are included in a System Restore
snapshot could never be infected?
 
K

Kayman

System restore turned off?
Click to expand...

Valuable advice from an AV expert, David H. Lipman
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

Question:
"Is it advisable to turn off System Restore while cleaning the OS using
AV/A-S, and if so, when do you turn it off and then on?
Also is it was recommended to delete all restore point during this
procedure?"

Answer(David H. Lipman):
"I used to be convinced that one should dump the System restore cache PRIOR
to cleaning a system. However after many discussions and based upon
personal tests and experience, I have come to the conclusion that this
should be done AFTER a system is cleaned.

Here's the problem. Most malware are binary files that the System Restore
cache will create a backup of in restore points. When one gets infected,
copies of the infector are now stored in the System Restore cache. If you
clean the system then restore to a prior Restore Point that contains
infectors, the OS become re-infected.

If you clean a PC and don't expect to restore to a previous Restore Point
then eventually the infected files will cache-out. In that situation, one
does NOT need to dump the System Restore cache.

If you dump the System Restore cache PRIOR to cleaning the system, you will
also remove a fall back point. That is, if during the cleanup the system
becomes unstable, you will not be able to restore the system from a
previous Restore Point. If you did restore the system
back to that state, you can clean the system differently such that the
system won't become unstable and/or unusable. Thus an infected Restore
Point is better than no Restore Point at all.

Later, when the system is cleaned and verified to be stable, you can then
dump the System Restore cache, reboot the PC and then re-enable the system
Restore cache and subsequently manually create an initial Restore Point.

Thus it is better the dump the cache AFTER and not BEFORE the system has
been cleaned of malware."

Be guided accordingly.
 
D

Dave Cohen

Kayman said:
Valuable advice from an AV expert, David H. Lipman
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

Question:
"Is it advisable to turn off System Restore while cleaning the OS using
AV/A-S, and if so, when do you turn it off and then on?
Also is it was recommended to delete all restore point during this
procedure?"

Answer(David H. Lipman):
"I used to be convinced that one should dump the System restore cache PRIOR
to cleaning a system. However after many discussions and based upon
personal tests and experience, I have come to the conclusion that this
should be done AFTER a system is cleaned.

Here's the problem. Most malware are binary files that the System Restore
cache will create a backup of in restore points. When one gets infected,
copies of the infector are now stored in the System Restore cache. If you
clean the system then restore to a prior Restore Point that contains
infectors, the OS become re-infected.

If you clean a PC and don't expect to restore to a previous Restore Point
then eventually the infected files will cache-out. In that situation, one
does NOT need to dump the System Restore cache.

If you dump the System Restore cache PRIOR to cleaning the system, you will
also remove a fall back point. That is, if during the cleanup the system
becomes unstable, you will not be able to restore the system from a
previous Restore Point. If you did restore the system
back to that state, you can clean the system differently such that the
system won't become unstable and/or unusable. Thus an infected Restore
Point is better than no Restore Point at all.

Later, when the system is cleaned and verified to be stable, you can then
dump the System Restore cache, reboot the PC and then re-enable the system
Restore cache and subsequently manually create an initial Restore Point.

Thus it is better the dump the cache AFTER and not BEFORE the system has
been cleaned of malware."

Be guided accordingly.
Click to expand...

And if you invested in an imaging backup program and used it from time
to time you would not only be able to go back to a known clean system,
you would be protecting yourself from all sorts of nasty happenings, bad
installs etc.
Dave Cohen
 
P

pcbutts1

Your quote from Microsoft.public.security.virus "When the menu is displayed
hitting 'H' or 'h' will bring up a more
comprehensive PDF help file. http://www.ik-cs.com/multi-av.htm "

Your quote from yesterday " Valuable advice from an AV expert, David H.
Lipman
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm "

Two of the 3 links are bad, that site was shutdown because David got busted
stealing others software.



--

Newsgroup Trolls. Read about mine here http://www.pcbutts1.com/downloads
The list grows. Leythos the stalker http://www.leythosthestalker.com, David
H. Lipman, Max M Wachtell III aka What's in a Name?, Fitz,
Rhonda Lea Kirk, Meat Plow, F Kwatu F, George Orwell
 
P

Peter Seiler

pcbutts1 - 15.09.2007 02:30 :
That's the second time you posted bad links.
Click to expand...

but no reason for your fullquoting (snipped) again.

Only a recommendation:

http://www.xs4all.nl/~hanb/documents/quotingguide.html

Please note:

For example: It is not necessary to quote the entire text of the person
you respond to. A quoting should always and first of all clarify the
context, enabling the reader to understand the flow of the thread. A
quoting is not ment to re-post the previous article.

THX in advance for your kind willing and understanding.
 
H

Heather

Peter Seiler said:
pcbutts1 - 15.09.2007 02:30 :
Click to expand...
THX in advance for your kind willing and understanding.
Click to expand...
Boy, did you get the wrong male/female/transsexual......it is not kind,
willing or understanding!!!

Nasty, pain in the ass and rude to everyone would be more like it.
 
F

Fenton

Boy, did you get the wrong male/female/transsexual......it is not kind,
willing or understanding!!!

Nasty, pain in the ass and rude to everyone would be more like it.
Click to expand...

But isn't (unnecessary) full-posting a pain in the ass and rude in its own
way?
 
H

Heather

Fenton said:
But isn't (unnecessary) full-posting a pain in the ass and rude in its
own
way?
Click to expand...

However, I didn't do that, so what are you talking about??

And yes, it is.....and yes, sometimes many of us forget to trim. But it
is not a criminal offence, OK??

HF
 
F

foghollow

Out of interest why turn system restore off, is it
because nasty stuff can hide there?
Click to expand...

I turn System Restore off, re-boot, then turn it back on, to purge possibly infected restore points.
But: AFTER finishing the cleanup.
Before that, I may _need_ System Restore to get back to something (anything!) that actually works.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Virus attack has crippled me 3

Top