Got the XP Virus (XP Security or whatever..)

Re: Got the XP Anti-Virus (XP Security thing..)

Welcome to Major Geeks!

Did you run MGtools as requested? If not please do so and attach the log from it.

We do not want HJT logs nor logs from DDS unless requested.

That is a very bad idea since those instructions are wrong and could break your PC. The shlwapi.dll and wininet.dll files are required system files.

 

You need to attach the C:\MGlogs.zip file not a log of what you saw in the command prompt window. See what it said at the end of those messages.

 

Goto the below link and follow the instructions for running TDSSKiller from Kaspersky

• TDSSkiller - How to run

Be sure to attach your log from TDSSKiller


Please also download MBRCheck to your desktop

• Double click MBRCheck.exe to run (vista and Win 7 right click and select Run as Administrator)
• It will show a Black screen with some information that will contain either the below line if no problem is found:
  • Done! Press ENTER to exit...
• Or you will see more information like below if a problem is found:
  • Found non-standard or infected MBR.
  • Enter 'Y' and hit ENTER for more options, or 'N' to exit:
• Either way, just choose to exit the program at this point since we want to see only the scan results to begin with.
• MBRCheck will create a log named similar to MBRCheck_07.16.10_00.32.33.txt which is random based on date and time.
• Attach this log to your next message. (See: HOW TO: Attach Items To Your Post )

After you attach the above two logs, immediately continue on with the below.

Now download The Avenger by Swandog46, and save it to your Desktop.

• Extract avenger.exe from the Zip file and save it to your desktop
• Run avenger.exe by double-clicking on it.
• Do not change any check box options!!
• Copy everything in the Quote box below, and paste it into the Input script here: part of the window:

• Now click the Execute button.
• Click Yes to the prompt to confirm you want to execute.
• Click Yes to the Reboot now? question that will appear when Avenger finishes running.
• Your PC should reboot, if not, reboot it yourself.
• A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).

Then attach the below logs:

• C:\avenger.txt
• C:\MGlogs.zip

Make sure you tell me how things are working now!

 

Re: small quirk

TDSSKiller attempted to fix a problem with C:\WINDOWS\system32\DRIVERS\ipsec.sys

Let's see if it was really able to fix it. Please rerun TDSSKiller now and attach a new log.

Also another two bad files showed up that we will have to fix:

Code:

"C:\WINDOWS\system32\drivers\"
bolhey.sys    Jul  9 2011       61440  "bolhey.sys"
vhcpdokm.sys  Jul  9 2011       61440  "vhcpdokm.sys"

Do you have your Windows XP boot CD?

Also you are not get HijackThis to run which is automatically included in MGtools. Did you see the popup from TrendMicro to accept the license?

Run C:\MGtools\analyse.exe by double clicking on it. When the license agreement pops up, you need to click the Accept button twice in some cases ( yes twice ) to accept or it just sits there. However your logs do show that it believes HijackThis is installed so you may not even get the license agreement window. Tell me if HijackThis opens. If you still have an infection, it could be blocking this.

 

Re: attachmt

It should be and we may need to use this to boot to the Recovery Console to run fixmbr because you may have an MBR infection. The TDSSKiller log shows that now a different file seems to be a problem so this is likely due to the MBR infection. Boot the XP Home CD may result in it complaining that it does not match your Windows XP Pro installation. See if you can boot it anyway and get into the Recovery Console. See the second section in the below link where it says "How to use the Recovery Console"

http://support.microsoft.com/kb/307654

If you can get to the command prompt of the Recovery Console, type fixmbr and hit enter. After it finishes type exit to reboot and remove the CD to allow Windows to boot normally.

If you were able to run fixmbr, rerun TDSSKiller and attach a new log.

 

Re: no console

You have to change the boot order in the BIOS to boot the CD before the hard disk.

 

Re: no console

If you are not sure how to do this, the below link should help. It gives examples for a few different BIOS manufacturers.

http://www.hiren.info/pages/bios-boot-cdrom

 

Re: drives

Then it is not saving. You need to get this to work in order to fix this. You have no choice. You will not even be able to do a reinstall if it becomes necessary because you will need to boot from the CD to reinstall. You need to figure out why chaning the boot order is not working.

The other alternative would be you need to use another PC to repair your hard disks MBR.


Edit: One more thing to verify is to make sure that the CD you are trying to boot from is actually a bootable CD.

 

Re: boot

Okay let me know what happens.

Yes this was great but I was not watching it. I was watching baseball after playing my own game.

 

Re: unbootable discs

Then you will need to make one.

See what was posted in message # 12 of the below thread and see if you can get this CD to run.

whistler/black internet@mbr again!

 

Okay. Let me know what happens.

 

If the drive does not work properly even when in normal Windows mode then perhaps you have a physical problem with drive or cables. When is the last time you used the drive for anything? Maybe it would also be a good idea to double check the BIOS to make sure the drive is still enabled. Setting the boot order is one thing. Having the CD/DVD drive enabled is another.

 

You can post in the Hardware Forum to see if they have ideas about your problems with your CD/DVD drive or you can remove your hard disk and put it into another PC to perform the fix of your MBR.