Re: Post virus-removal problems

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

"g12002" <g12002@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:6C048C55-3940-4C33-AF6F-64755B391F5B@xxxxxxxxxxxxxxxx
Recently one of my machines was hit by some malware called "Antivirus
XP
2008" forcing me to remove it by doing such things as removing
registry
entries, disabling processes at startup, deleting most recent files in
System32 and Temp, stopping Security Centre under services.msc etc. I
finally
removed it by running Malwarebytes' Anti-Malware in safe mode &
running the
full scan overnight. The next morning, I carried out the removal
process of
the discovered malware. Spybot SD was then able to run after this. I
ran
Spybot (definitions updated) and it discovered and removed some more
malicious items. It now seems as if the malware has been removed
except for
its startup processes still visible but disabled in MSconfig.

The problem now is the system appears to be stuck in safe mode (I've
tried
accessing normal startup with that F8 stuff but still reverts back)
with
Windows XP themes disabled, Limited Accounts missing & the ADSL
network
connection profile in Control Panel missing. It seems to differ from
safe
mode in that the "safe mode" text is missing, monitor resolution &
framerate
is at normal. I can't access the internet from that machine or get it
back to
normal.

Please help, this is quite urgent.

Yikes!

Removing temp files is fine.

However, removing system files and registry entries is not. You may have
done irreparable damage to your system.

First, back up all your data. The last thing you want to do is to lose
it. Note all your settings, too. If possible, back them up. This page
may be of help:

http://www.aumha.org/win5/a/fast.php

Certainly try Nass's suggestions. Since you didn't copy the system files
and registry keys you deleted, you *may* luck out with System Restore
(assuming that that restore point still exists). Of course, you would
have to fight the infection all over again -- but this time, the
*proper* way.

If the above is not an option, you should just bite the bullet and
perform a clean install.

In the future, image your hard drive regularly. That way if you ever
have another serious infection, all you need to do is restore the
image -- very easy and fairly fast (especially compared to everything
you have already done and have yet to do!).


.

Relevant Pages

  • Re: Are these Trojans?
    ... but for me I had two items in my startup config ... back after reboots, so I figured that there was a service or driver involved ... had to do was re-enable registry editing. ... why are we disabling system restore? ...
    (microsoft.public.security.virus)
  • Re: renamed RtlGina.dll and wont start
    ... After I sent the post about removing the extra Line I found a Post from ... Now I still get two choices but one now says Windows default. ... I now have two copies of XP in the startup options. ... How to edit the registry offline using BartPE boot CD ?: ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: Program keeps trying to install at Boot-up
    ... and delete the "InProgress" subkey to terminate all installations in ... |I have temporarily fixed this problem by disabling ISUSPM.exe. ... | responsible for trying to load Lemontonic at startup. ... Basic searches for Lemontonic in the registry ...
    (microsoft.public.win2000.general)
  • Re: Cannot Remove "REMOVER"
    ... > Have you tried removing from Startup, Registry, and Main Memory? ...
    (microsoft.public.pocketpc)
  • Re: Program keeps trying to install at Boot-up
    ... I have temporarily fixed this problem by disabling ISUSPM.exe. ... Shield Update Service Scheduler.) ... responsible for trying to load Lemontonic at startup. ... Basic searches for Lemontonic in the registry ...
    (microsoft.public.win2000.general)