Bad to Worse

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by GearHead, Dec 15, 2004.

  1. GearHead

    GearHead Private E-2

    Friends,

    It appears my browser (IE/XPpro non-sp2) has been hijacked - at boot time I get an IE page that advertises WinAnti-Virus and demands I purchase. I can close the window and continue, but there are 37 processes running and the drive is constantly active, where an identical box has 28 processes running. I have downloaded (but not run) all the software you recommend, but apparently nudged the wrong bad actor and now the system won't boot at all. I have backed up some data, but don't want to loose everything if I can help it. I don't know how to use command line recovery and I can't remember the Admin password to use it anyway.

    This happened once before and I let the system just run and reboot itself and after about 4 hours it was successful. I have about 4 hours on it now and no luck. I will let it run all night to be sure it doesn't heal itself.

    If I reload XP, will all my data still be there?

    Things started to go south about 2months ago when McAfee found Vundo and couldn't seem to kill it off.....

    thanks, GearHead.
     
  2. PhilliePhan

    PhilliePhan Guest

  3. GearHead

    GearHead Private E-2

    Friends,

    I have been unsuccessful in completing the basic task list you gave me. I have about 40 hours of into trying to repair this installation and now the disk appears to be fully corrupted.

    After leaving the computer on all night, I was finally able to get it to boot. I ran Ad-aware and spybot and deleted all the suspect files they found, and things got a little better - the computer would reboot.

    I was able to complete a basic backup to another computer on my home network.

    Trend Micro's scan found Vundo and I let it repair what it could.

    Symantec's scan found Vundo, and the Vundo fix ran and completed it's work. It told me to reboot and rescan. I did and since that, it was never able to complete a scan, always locking up. Since then, the machine had more and more troubles rebooting,finally giving a disk read error.

    I installed the disk as a slave in another pc (old P2 333) with freshly formatted master drive and tried to look at the files on the corrupted drive. I got an ASPI(?) error message that said Windows was shutting down to avoid damage to my hardware. When I disconnected the corrupted drive and booted to the fresh drive, it had been corrupted as well and I needed to reformat it before I was able to reload windows.

    There is still data I would like to recover on my corrupted drive. Here are a few questions I have;

    1- I have purchased and installed a new drive in the problem computer and an reloading software. I am installing the virus protections you suggest on my new disk before I get out on the 'net. If I restore from my backup file, is it likely to briing a bunch of nastys over and reinfect my new drive?

    2- if the drives are different ATA speeds, will that cause a problem? I connected them to different cables to try to avoid that.

    3- is there a piece of software like Norton Utilities I could use to pick data off the corropted drive?

    4- I am starting to scan the other boxes on the network. Will the viruses travel around that way? What about my Samba share files?

    I am reasonably computer literate and very patient, but the victim computer is my wife's computer and she needs it for work, that's why I am trying to recover data.

    My fault for not being on a rigorous backup schedule.

    Again, thanks for any help you can offer,

    Gearhead
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds