SEARCH

The How-To Geek Forums Have Migrated to Discourse

How-To Geek Forums / Windows XP

(Solved) - Virus

(4 posts)
  • Started 2 years ago by spiderlucci
  • Latest reply from spiderlucci
  • Topic Viewed 2041 times

spiderlucci
Posts: 84

My Father had a virus which I removed... however, I had to reinstalled the operating system XP.
First let me tell you why and if there was a better way please say so.

I could boot up in normal mode only but the screen whould turn white right away.
I did removed the cat6 cable so it wouldn't connect and did try the Ctrl,Alt Delete key a bunch of time so i can kill the program/running processes that may have been getting in the way but it wouldn't let me.

I could not boot in safe mode
Could not boot up in safe mode with networking
not even command prompt.. nothing.

I took theinternal drive out and connected it to my pc with a usb port and scan for a virus and remove most of it.
didn't think it would worked after I connected it which happen.

I did reinstall the OS and used my recover backup from acrois ... which was the only way I could have fix it.

my question is was there a better way... "YOU TELL ME" THANKS AGAIN!!! SPIDER :)

Avira Free Antivirus
Report file date: Thursday, September 27, 2012 10:21

Scanning for 4276387 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available.

Licensee : Avira AntiVir Personal - Free Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows 7 Ultimate
Windows version : (Service Pack 1) [6.1.7601]
Boot mode : Normally booted
Username : SYSTEM
Computer name : MAKAYLA-PC

Version information:
BUILD.DAT : 12.0.0.1199 40869 Bytes 9/7/2012 22:20:00
AVSCAN.EXE : 12.3.0.33 468472 Bytes 9/23/2012 02:12:29
AVSCAN.DLL : 12.3.0.15 54736 Bytes 8/7/2012 05:30:53
LUKE.DLL : 12.3.0.15 68304 Bytes 8/7/2012 05:30:54
AVSCPLR.DLL : 12.3.0.14 97032 Bytes 8/6/2012 19:36:05
AVREG.DLL : 12.3.0.17 232200 Bytes 8/6/2012 19:36:04
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 23:18:34
VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 04:33:08
VBASE002.VDF : 7.11.19.170 14374912 Bytes 12/20/2011 19:35:51
VBASE003.VDF : 7.11.21.238 4472832 Bytes 2/1/2012 19:35:53
VBASE004.VDF : 7.11.26.44 4329472 Bytes 3/28/2012 19:35:54
VBASE005.VDF : 7.11.34.116 4034048 Bytes 6/29/2012 19:35:57
VBASE006.VDF : 7.11.41.250 4902400 Bytes 9/6/2012 02:12:10
VBASE007.VDF : 7.11.41.251 2048 Bytes 9/6/2012 02:12:10
VBASE008.VDF : 7.11.41.252 2048 Bytes 9/6/2012 02:12:11
VBASE009.VDF : 7.11.41.253 2048 Bytes 9/6/2012 02:12:11
VBASE010.VDF : 7.11.41.254 2048 Bytes 9/6/2012 02:12:11
VBASE011.VDF : 7.11.41.255 2048 Bytes 9/6/2012 02:12:12
VBASE012.VDF : 7.11.42.0 2048 Bytes 9/6/2012 02:12:12
VBASE013.VDF : 7.11.42.1 2048 Bytes 9/6/2012 02:12:12
VBASE014.VDF : 7.11.42.65 203264 Bytes 9/9/2012 02:12:13
VBASE015.VDF : 7.11.42.125 156672 Bytes 9/11/2012 02:12:13
VBASE016.VDF : 7.11.42.171 187904 Bytes 9/12/2012 02:12:14
VBASE017.VDF : 7.11.42.235 141312 Bytes 9/13/2012 02:12:14
VBASE018.VDF : 7.11.43.35 133632 Bytes 9/15/2012 02:12:15
VBASE019.VDF : 7.11.43.89 129024 Bytes 9/18/2012 02:12:15
VBASE020.VDF : 7.11.43.141 130560 Bytes 9/19/2012 02:12:16
VBASE021.VDF : 7.11.43.187 121856 Bytes 9/21/2012 02:12:16
VBASE022.VDF : 7.11.43.251 147456 Bytes 9/24/2012 12:47:33
VBASE023.VDF : 7.11.44.43 152064 Bytes 9/25/2012 12:47:10
VBASE024.VDF : 7.11.44.103 165888 Bytes 9/27/2012 14:20:01
VBASE025.VDF : 7.11.44.104 2048 Bytes 9/27/2012 14:20:01
VBASE026.VDF : 7.11.44.105 2048 Bytes 9/27/2012 14:20:01
VBASE027.VDF : 7.11.44.106 2048 Bytes 9/27/2012 14:20:01
VBASE028.VDF : 7.11.44.107 2048 Bytes 9/27/2012 14:20:01
VBASE029.VDF : 7.11.44.108 2048 Bytes 9/27/2012 14:20:01
VBASE030.VDF : 7.11.44.109 2048 Bytes 9/27/2012 14:20:02
VBASE031.VDF : 7.11.44.110 2048 Bytes 9/27/2012 14:20:02
Engine version : 8.2.10.176
AEVDF.DLL : 8.1.2.10 102772 Bytes 8/6/2012 19:36:04
AESCRIPT.DLL : 8.1.4.56 459131 Bytes 9/25/2012 12:47:39
AESCN.DLL : 8.1.9.2 131444 Bytes 9/26/2012 12:47:12
AESBX.DLL : 8.2.5.12 606578 Bytes 8/6/2012 19:36:04
AERDL.DLL : 8.1.9.15 639348 Bytes 12/15/2011 04:32:23
AEPACK.DLL : 8.3.0.36 811382 Bytes 9/23/2012 02:12:25
AEOFFICE.DLL : 8.1.2.48 201082 Bytes 9/25/2012 12:47:39
AEHEUR.DLL : 8.1.4.104 5280119 Bytes 9/25/2012 12:47:39
AEHELP.DLL : 8.1.24.0 258423 Bytes 9/26/2012 12:47:12
AEGEN.DLL : 8.1.5.38 434548 Bytes 9/26/2012 12:47:11
AEEXP.DLL : 8.2.0.2 115060 Bytes 9/26/2012 12:47:12
AEEMU.DLL : 8.1.3.2 393587 Bytes 8/6/2012 19:36:01
AECORE.DLL : 8.1.28.2 201079 Bytes 9/26/2012 12:47:11
AEBB.DLL : 8.1.1.0 53618 Bytes 12/15/2011 04:32:19
AVWINLL.DLL : 12.3.0.15 27344 Bytes 8/7/2012 05:30:53
AVPREF.DLL : 12.3.0.15 51920 Bytes 8/7/2012 05:30:53
AVREP.DLL : 12.3.0.15 179208 Bytes 8/6/2012 19:36:05
AVARKT.DLL : 12.3.0.15 211408 Bytes 8/7/2012 05:30:53
AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 8/7/2012 05:30:53
SQLITE3.DLL : 3.7.0.1 398288 Bytes 8/7/2012 05:30:54
AVSMTP.DLL : 12.3.0.32 63480 Bytes 9/23/2012 02:12:29
NETNT.DLL : 12.3.0.15 17104 Bytes 8/7/2012 05:30:54
RCIMAGE.DLL : 12.3.0.31 4445944 Bytes 9/23/2012 02:11:59
RCTEXT.DLL : 12.3.0.31 97784 Bytes 9/23/2012 02:11:59

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\Program Files (x86)\Avira\AntiVir Desktop\sysscan.avp
Logging.............................: default
Primary action......................: Interactive
Secondary action....................: Ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, E:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: extended

Start of the scan: Thursday, September 27, 2012 10:21

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'E:\'
[INFO] No virus was found!

Starting search for hidden objects.
Hidden driver
[NOTE] A memory modification has been detected, which could potentially be used to hide file access attempts.

The scan of running processes will be started
Scan process 'avscan.exe' - '89' Module(s) have been scanned
Scan process 'avcenter.exe' - '97' Module(s) have been scanned
Scan process 'jusched.exe' - '69' Module(s) have been scanned
Scan process 'avgnt.exe' - '84' Module(s) have been scanned
Scan process 'AVWEBGRD.EXE' - '51' Module(s) have been scanned
Scan process 'syncagentsrv.exe' - '54' Module(s) have been scanned
Scan process 'avguard.exe' - '62' Module(s) have been scanned
Scan process 'afcdpsrv.exe' - '36' Module(s) have been scanned
Scan process 'armsvc.exe' - '24' Module(s) have been scanned
Scan process 'sched.exe' - '42' Module(s) have been scanned

Starting to scan executable files (registry).
The registry was scanned ( '2445' files ).

Starting the file scan:

Begin scan in 'C:\'
C:\Program Files (x86)\WinRAR\rarnew.dat
[WARNING] Error no files to extract
C:\Users\Harmony\Downloads\install_flashplayer11x32_mssd_aih(1).exe
[WARNING] The file is password protected
Begin scan in 'E:\'
E:\Documents and Settings\john angelucci\Application Data\Sun\Java\Deployment\cache\6.0\22\5a701596-1c0222a9
[0] Archive type: ZIP
--> App.class
[DETECTION] Contains recognition pattern of the JAVA/Dldr.Kara.A Java virus
--> Bank.class
[DETECTION] Contains recognition pattern of the EXP/2012-1723.ES.4 exploit
--> Keos.class
[DETECTION] Contains recognition pattern of the EXP/2012-1723.CK.4 exploit
--> Koke.class
[DETECTION] Contains recognition pattern of the JAVA/Dldr.Strex.AE Java virus
--> Third.class
[DETECTION] Contains recognition pattern of the EXP/2012-1723.ET.2 exploit
--> Daizy.class
[DETECTION] Contains recognition pattern of the JAVA/Dldr.Kara.C Java virus
E:\Documents and Settings\john angelucci\Local Settings\Temp\jar_cache2301518126348529887.tmp
[0] Archive type: ZIP
--> chcyih.class
[DETECTION] Contains recognition pattern of the JAVA/Jogek.AZ Java virus
--> hw.class
[DETECTION] Contains recognition pattern of the JAVA/Jogek.BA Java virus
--> m.class
[DETECTION] Contains recognition pattern of the JAVA/Jogek.BB Java virus
--> vcs.class
[DETECTION] Contains recognition pattern of the JAVA/Jogek.AY Java virus
E:\Documents and Settings\john angelucci\Local Settings\Temporary Internet Files\Content.IE5\8MPZZZ0R\install_flashplayer11x32ax_gtbd_chrd_dn_aih[1].exe
[WARNING] The file is password protected
E:\Documents and Settings\john angelucci\Local Settings\Temporary Internet Files\Content.IE5\FU71AA6Y\80fb3[1].pdf
[0] Archive type: PDF
--> pdf_form_2.avp
[DETECTION] Contains recognition pattern of the EXP/Pidief.fcu exploit
E:\Documents and Settings\john angelucci\Local Settings\Temporary Internet Files\Content.IE5\FU71AA6Y\Firefox%20Setup%2015.0.1[1].exe
--> Object
[WARNING] The file could not be read!
[WARNING] The file could not be read!
E:\System Volume Information\_restore{A40850DD-608B-4574-9995-22009D964620}\RP28\A0007478.ini
[DETECTION] Is the TR/ATRAPS.Gen2 Trojan
E:\System Volume Information\_restore{A40850DD-608B-4574-9995-22009D964620}\RP28\A0007483.ini
[DETECTION] Is the TR/ATRAPS.Gen2 Trojan
E:\System Volume Information\_restore{A40850DD-608B-4574-9995-22009D964620}\RP28\A0007488.ini
[DETECTION] Is the TR/ATRAPS.Gen2 Trojan
E:\System Volume Information\_restore{A40850DD-608B-4574-9995-22009D964620}\RP28\A0007497.ini
[DETECTION] Is the TR/ATRAPS.Gen2 Trojan
E:\WINDOWS\assembly\GAC\Desktop.ini
[DETECTION] Is the TR/ATRAPS.Gen2 Trojan

Beginning disinfection:
E:\WINDOWS\assembly\GAC\Desktop.ini
[DETECTION] Is the TR/ATRAPS.Gen2 Trojan
[NOTE] The file was moved to the quarantine directory under the name '55f8fb0f.qua'.
E:\System Volume Information\_restore{A40850DD-608B-4574-9995-22009D964620}\RP28\A0007497.ini
[DETECTION] Is the TR/ATRAPS.Gen2 Trojan
[NOTE] The file was moved to the quarantine directory under the name '4d2cecb9.qua'.
E:\System Volume Information\_restore{A40850DD-608B-4574-9995-22009D964620}\RP28\A0007488.ini
[DETECTION] Is the TR/ATRAPS.Gen2 Trojan
[NOTE] The file was moved to the quarantine directory under the name '1f73b651.qua'.
E:\System Volume Information\_restore{A40850DD-608B-4574-9995-22009D964620}\RP28\A0007483.ini
[DETECTION] Is the TR/ATRAPS.Gen2 Trojan
[NOTE] The file was moved to the quarantine directory under the name '7944f993.qua'.
E:\System Volume Information\_restore{A40850DD-608B-4574-9995-22009D964620}\RP28\A0007478.ini
[DETECTION] Is the TR/ATRAPS.Gen2 Trojan
[NOTE] The file was moved to the quarantine directory under the name '3cc0d4ad.qua'.
E:\Documents and Settings\john angelucci\Local Settings\Temporary Internet Files\Content.IE5\FU71AA6Y\80fb3[1].pdf
[DETECTION] Contains recognition pattern of the EXP/Pidief.fcu exploit
[NOTE] The file was moved to the quarantine directory under the name '4385e6cf.qua'.
E:\Documents and Settings\john angelucci\Local Settings\Temp\jar_cache2301518126348529887.tmp
[DETECTION] Contains recognition pattern of the JAVA/Jogek.AY Java virus
[NOTE] The file was moved to the quarantine directory under the name '0f21ca54.qua'.
E:\Documents and Settings\john angelucci\Application Data\Sun\Java\Deployment\cache\6.0\22\5a701596-1c0222a9
[DETECTION] Contains recognition pattern of the JAVA/Dldr.Kara.A Java virus
[NOTE] The file was moved to the quarantine directory under the name '73748a04.qua'.

End of the scan: Thursday, September 27, 2012 11:18
Used time: 51:28 Minute(s)

The scan has been done completely.

29147 Scanned directories
435034 Files were scanned
17 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 Files were deleted
0 Viruses and unwanted programs were repaired
8 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
435017 Files not concerned
9368 Archives were scanned
5 Warnings
9 Notes
447350 Objects were scanned with rootkit scan
1 Hidden objects were found

Posted 2 years ago
Top
 
raphoenix
Posts: 14920

spiderlucci,

A Clean Install or Restore from Image is the only Sure Fire Way to fix a system once a Virus has done its damage.

You repaired the computer in the Absolute Correct Way. :)

Rick P.

Posted 2 years ago
Top
 
StringJunky
Posts: 2454

Agree with Rick.

Accepted Answer · Posted 2 years ago
Top
 
spiderlucci
Posts: 84

Thought I did.. I had to fix other friends pc that had virus in the past but this was the first I had to reinstall. good thing I had back up. Thanks guys :)

Posted 2 years ago
Top
 



Topic Closed

This topic has been closed to new replies.