Re: Computer Infected:
- From: "PA Bear [MS MVP]" <PABearMVP@xxxxxxxxx>
- Date: Tue, 17 Feb 2009 01:21:53 -0500
The Local Settings folder and its contents will be replaced when you reinstall Windows.
Contact Dell Support or post in the appropriate forum (http://en.community.dell.com/forums/) for instructions on using the Recovery CDs or hidden Recovery Partition to return the machine to OOBE (out of box experience) state, Robert.
This may be what you need though: http://support.dell.com/support/edocs/systems/dim8200/solve.htm#1136934
NB: You do NOT want to do a Repair or Recovery install (Step 7).
If your keyboard, mouse and monitor came with the machine, you'll be reinstalling the correct drivers for them, too.
Navyguy wrote:
I just thought, what if the Trojan Horse is on one of the files in my<paste>
personal data or favorite links, since we don't know what parent
program its residing on:
Trojan horse Downloader.Generic8.TVN
It was under Local Settings\Temp Internet Files
Content.IE5\PWT3Az83\getfile-081220-aps(1).gif
I know I can do this, I just need to take things in steps and would
appreciate any help and or guildance you care to give.
I'm willing to do this and I have been backing up my files to DVD just<snip>
in case and making a file with my bookmarks so as not to loose them
but how can I do this with only a Recovery Cd? Is it capable of doing
this? I assume this will not affect anything else e.g. keyboard,
mouse, monitor etc.?
Robert, given the history of your problems (and I'm fully aware of the
Messenger problems you'd been having), I'd strongly recommend that you
back-up your personal data and then do a clean install of Windows.
--
...would
reinstalling the OS correct this or perhaps using the Recovery disk
install with repair option?
A format & reinstall would take care of it, yes, but a Repair Install
would
not.
Some notes:
=> Reinstalling will leave you with the equivalent of a "new computer" so
you'll need to take care of everything here again:
5 steps to help protect your new computer before you go
onlinehttp://www.microsoft.com/protect/computer/advanced/xppc.mspx
=> If a Norton or McAfee free-trial came with the machine when you bought
it, the free-trial will be reinstalled, too, but it will NOT be valid!
Before installing a replacement anti-virus app (see below), you'll need
to
uninstall the free-trial via Add/Remove Programs AND THEN run the
appropriate removal tool:
Norton Removal
Toolhttp://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/200503310816...
McAfee Consumer Products Removal Tool three-step fix
[Do Steps #1 & #2
only]http://service.mcafee.com/FAQDocument.aspx?id=TS100507
=> You've had AVG Free installed yet you ended up with an infection. I
would not recommend relying on it after your reinstall Windows. I can
recommend NOD32 or Kaspersky (not the suites); If cost is a factor, I'd
recommend Avira AntiVir (free).
Good luck!
Protect Your
PC!http://www.microsoft.com/athome/security/computer/default.mspx
Steps To Help Prevent
Spywarehttp://www.microsoft.com/protect/computer/spyware/prevent.mspx
Steps to Help Prevent Computer
Wormshttp://www.microsoft.com/protect/computer/viruses/worms/prevent.mspx
-- ~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
AumHa VSOP & Adminhttp://aumha.net
DTS-Lhttp://dts-l.net/
Navyguy wrote:It does seem like a mouthfull but I think I can handle it in the steps
as you outlined, and everyone has offered similar but separate advice
which I do appreaciate, but let me ask this if I may, would
reinstalling the OS correct this or perhaps using the Recovery disk
install with repair option? I want to thank everyone for being so
helpful with their suggestions, I appreciate it.
1. See if you can download/run the MSRT
manually:http://www.microsoft.com/security/malwareremove/default.mspx
2. Run this online scan (in safe mode w/networking, if need
be):http://onecare.live.com/site/en-us/center/howsafe.htm
3. Run a /thorough/ check for hijackware, including posting the
requested
logs in an appropriate forum.
Checking for/Help with
Hijackwarehttp://aumha.net/viewtopic.php?f=30&t=4075http://mvps.org/winhelp2002...
http://inetexplorer.mvps.org/tshoot.htmlhttp://www.mvps.org/sramesh2k...
**Seek expert assistance
inhttp://spywarehammer.com/simplemachinesforum/index.php?board=10.0,htt...,
or other appropriate forums.**
If the procedures look too complex - and there is no shame in admitting
this
isn't your cup of tea - take the machine to a local, reputable and
independent (i.e., not BigBoxStoreUSA) computer repair shop.
--
Navyguy wrote:I have a Dell Dimension 8200 with XP SP3, with DSL connection. I have
Windows Firewall, AVG, Spyware Blaster and Hive Cleanup. Recently it
became infected with a Trojan Horse virus:
Trojan horse Downloader.Generic8.TVN
It was under Local Settings\Temp Internet Files
Content.IE5\PWT3Az83\getfile-081220-aps(1).gif
I was able to delete it successfully but as I understand, it still
resides in my computer on another program. In addition to this, with
the aid of remote assistance I was told that my MFT was corrupted. My
question is this, is there some way of tracking down the host program
with the virus and deleting it? Also is there a way that I can tell
for myself if my MFT is actually corupted? If not, what are your
recommendations?
Whew, so much information! I hardly know where to begin!
Well let me try to encapsulate in brief; This all started when my MSN
Msgr stopped logging in automatically about a month ago. I had posted
the problem on other groups in hopes of resolving the problem but the
only suggestions were that I uninstall and reinstall which is what I
did. I was then infected with the Trojan virus and deleted it, and at
this point I accepted help via remote assistance and it was then that
it was discovered that my MFT was corrupted he said. He made many
changes to my system and at one point I couldn't access the user
accounts or system restore. After further changes it required a system
restart but it did not come back up. I had to use another computer
which I have at my disposal to help rbrin my computer back up. With
the Recovery disk inserted and with the bios changed previously to
select the cd/dvd drive but before I could select install or repair
the computer came back on its own, why or how I don't know. However
the boot sequence has changed so that this is what happens now:
Startup>Dell Splash>Windows Splash>Defragging>Logon Message> then I
get (2) boxes, the first is highlighted and says: Unable to log you on
because of an account restriction, behind that is a logon box grayed
out with username-Adminitrator and underneath password. Once I click
the OK in the first highlighted box however it says Windows starting
up, To begin, check on your username> I do this and it takes me
Windows>Desktop. MsnMsgr still does not sign in automatically however
once clicked everything works as before.
I downloaded and ran a MSRT full system scan and it found nothing.
I have uninstalled AVG and installed Avira in its place (I understand
theres a risk of uninstalling and reinstalling too much and I may have
done so with AVG). I've updated it and run a full system scan which
found (8) Detections and (3) warnings, however after the scan I could
only see the following (5) in the quarantine which it apparently put
there automatically:
.
- Follow-Ups:
- Re: Computer Infected:
- From: Navyguy
- Re: Computer Infected:
- From: Navyguy
- Re: Computer Infected:
- From: Navyguy
- Re: Computer Infected:
- From: Navyguy
- Re: Computer Infected:
- References:
- Computer Infected:
- From: Navyguy
- Re: Computer Infected:
- From: Navyguy
- Re: Computer Infected:
- From: PA Bear [MS MVP]
- Re: Computer Infected:
- From: Navyguy
- Computer Infected:
- Prev by Date: Re: Computer Infected:
- Next by Date: Re: Update KB951847 would not install
- Previous by thread: Re: Computer Infected:
- Next by thread: Re: Computer Infected:
- Index(es):
Relevant Pages
|
Loading
