Can't run Windows...

I posted this in the Malware Removal section but was recommended I come here first:

For stupid reasons I am the proud papa of a crappy malware situation. I think it's the Virtumonde and/or XP 2008 anti-virus pretender.

When I got it three days ago I ran Superspyware, PC Tools AV and that seemed to take care of it; there were 78 or so trojans/malware and the like detected and taken care of.

Then I noticed that Ctrl-Alt-Delete would'nt bring up Task Manager (admin apparently had denied me access). Then it showed (occasionally) a slpash screen of the XP 2008 anti-virus garbage. I disabled it using CCleaner's startup page.

Today at first startup the screensaver had changed to some bogus anti-spyware image. I tried to go into "Properties" but the right click on desktop>properties only brought up "Themes, Appearance, Settings" options.

Then I downloaded Ad-Aware and installed it, started to run it and the computer rebooted about 4 minutes into it. Then it got to a point (now) where I can't even get to Windows. It starts up normally then gets to the page where you can run safe mode or what have you and then no matter what choice you make, you go back to start. Looks like no soup for me!!

The only thing it lets me do is go to Setup (?) where I can access C drive (DOS) and look at it like a moron.

I'd Format and reinstall XP but the wife's got her CV and I'd like to recover some pictures in there as well.

I'm not very technical savvy so keep it in mind please.

I looked at it again this morning and on the opening page if I do F10 for System recovery, it ends up with "recover log not found" and goes back to reboot.

Thanks in advance.

 

My favorite suggestion is ALWAYS Linux.
Go to Knoppix and download the ISO. Use any ISO burning program to burn it to CD. Boot to the CD. After it loads, you should be able to get to your files using a similar interface as Windows XP. Back them all up. After they are backed up, do a clean install.
Need any more help, just post. I will help you.
Zack

 

You can most likely just boot safe mode, since I am willing to bet you can't get the CD burning program to work since you are infected so bad. After that, I would copy them over to a flash drive, which it should read it in Safe Mode. That sucks, but best fix is format/reinstall.

 

Mcfly, nope, can't boot safe mode, it just reboots computer back to start.

I'll see what the Knoppix can do. I don't know what to download there though, there's a bunch of files, up to 2 gig total....

 

The 'Nix may work for you. I would remove the hard drive and hook it up as a slave drive in another computer, and burn the needed files onto a CD or flash drive. Use some caution if you suspect it has malware on the drive.

Alternatively, you could put the drive in an external USB enclosure or just use an adapter.

E

 

just click the link below to download the ISO. That is a CD image. Click the like on the bottom to download a free cd burning application.
http://archive.cs.stedwards.edu/knoppix/KNOPPIX_V3.6-2004-08-16-DE.iso
http://majorgeeks.com/Sateira_CD&DVD_Burner_d4183.html
Zack

 

That's one heck of a large file. I'm downloading it but will this run directly off CD? I have no access to Windows at all.

When I start the computer, I can go F1 and start in recovery mode (can't do it via F10; missing recovery log). At that point I have access to D and C drives and can go to E drive and do a DIR. But I can't actually type in a command to make a listed program run or change directory. I can only give commands that are in the HELP list (such as CHKDSK, FORMAT and 20 some others).

Thanks.

 

So here's where I'm at: took out the hard drive and hooked it up to another computer. Looks like all the files are there.
Running an anti-virus on it now, so far so good, will run a spy cleaner after.

 

I know. BUT! You can burn the file to CD. You have to use the app! It burns different files (like a zip file)
You can boot right from it.

 

Anti-virus found 3 viruses, winhlp.pluma.a being in 2 locations then removed them.
Running anti-spyware now and I will decide after that what to do; I think I'll try it back on my computer first.

 

Back up your important files! If you can get it to boot into Windows on your PC, you should head over to the malware section and let them make sure you got everything.

:cool

E