SEARCH

The How-To Geek Forums Have Migrated to Discourse

How-To Geek Forums / Windows XP

Virus left me with changed settings in XP Home edition !!!

(33 posts)
  • Started 7 years ago by brucemstrs
  • Latest reply from brucemstrs
  • Topic Viewed 6102 times

brucemstrs
Posts: 15

I had a virus scan inform me of an infection which I believe was dealt with. As far as I can recall it was worm 'Nagel'. But it left me with strange changes. I tried to 'system restore', but whatever date I chose it reported restore was not possible. Now I cannot access the 'System Restore' option. Help and support page won't open. AOL live help tells me my IP address is one not allowed access. If log on to Microsoft website, any helpful items they may have for download cannot be accessed. I am worried - REALLY WORRIED - HELP PLEASE!!

Posted 7 years ago
Top
 
Scott
Scott
Posts: 5618

OK, please follow these instructions,

Download and install Stinger by McAfee
http://vil.nai.com/vil/stinger/default.aspx

It will take a while to complete. If your System Restore function returns, please disable and delete ALL old restore points.

After, download and run this free scan:
http://us.mcafee.com/root/mfs/default.asp

If successful in removal, re-enable System Restore after a reboot, but you may want to scan again with McAfee or any other like Panda, etc.

Posted 7 years ago
Top
 
brucemstrs
Posts: 15

Well, I downloaded Stinger, and run a scan which found all files to be clean.

Move on to the next download page which is accessible, but whils the end user agreement is displayed, I get no ' I AGREE ' option so cannot proceed.

This bug seems to have it all covered

Posted 7 years ago
Top
 
Scott
Scott
Posts: 5618

Do you not see a 'Scan Now' button?

If not, you can try this one:
http://www.pandasecurity.com/h.....ctivescan/

Posted 7 years ago
Top
 
Scott
Scott
Posts: 5618

And this one:
http://www.microsoft.com/secur.....fault.mspx

Posted 7 years ago
Top
 
brucemstrs
Posts: 15

Appreciate your help Scott - but none of these will allow me access. I had this when I was trying on my own. Anything likely to help just greyed out or wouldn't open. I cannot even connect to the Panda or the Microsoft pages. Is this maybe because the addresses are not complete ? We have some words missing with .......... in place of them ???

Posted 7 years ago
Top
 
Scott
Scott
Posts: 5618

No, these links should open.

You can Google to find the MS Malicious Tool Removal page, and the PandaSoft free scan as well. If that doesn't work, please report back.

Posted 7 years ago
Top
 
brucemstrs
Posts: 15

Tried and tried, but same thing. They display for me as if all is normal, but they just don't proceed when I push the button. They seem to have been included in the block of anything helpful.

Sorry - I'm lost now as well as worried !!

Posted 7 years ago
Top
 
Scott
Scott
Posts: 5618

OK, can you try to boot in Safe Mode and disable and delete Restore Points. Do you have Spybot Search & Destroy? If so, run it in Safe Mode.

Can you please open your Task Manager and look for any running process that seems suspicious? What did you download that has caused these issues?

Posted 7 years ago
Top
 
brucemstrs
Posts: 15

Thank-You Scott - sorry to take up so much of your time. I do have spybot and will try it safe mode after I finish this post.

I have opened Task manager and there is nothing showing except AOL and the My Documents folder, which I had open, apart from the system etc. I was not aware I had downloaded the worm I only got suspicious when AVG popped up and told me. I though it was minor and dealt with until I got all this starting to happen.

I'll go try the spybot in safe - mode, and hope to speak to you later.
Thanks again.

Posted 7 years ago
Top
 
Scott
Scott
Posts: 5618

You need to look for suspicious processes, not applications in TaskMan.

And again, disable Restore Points if you can. The virus can linger in a backup.

No worries about time, we are here to help.

Posted 7 years ago
Top
 
Scott
Scott
Posts: 5618

HijackThis is the next step.

http://www.trendsecure.com/por.....ckthis.php

If you've never heard of it, here's the Wiki page:

http://en.wikipedia.org/wiki/HijackThis

Posted 7 years ago
Top
 
wbouvy
Posts: 21

The question is wether it is actually worth going through all this, or just backing up your most important files on an isolated drive (usb drive or stick) and format and re-installing windows. After the reinstall you could install your virus scanner and scan and clean the backupped data before doing anything with it. Reinstalling windows and your software could be done in a few hours tops, as long as you don't reinfect yourself from your backup files.

I may be a bit to quick to suggest formatting, but it is a sure way to get everything clean.

Posted 7 years ago
Top
 
Scott
Scott
Posts: 5618

Thanks wbouvy, I'm sure Bruce understands that formatting is a last resort. Let's see if these traditional methods work.

Posted 7 years ago
Top
 
brucemstrs
Posts: 15

Thanks again Scott - got that. I ran spybot in safe mode and found only that windows firewall was turned off ?? Nothing else malicious showed at at all. A point of interest though - the system will not let me log on to the web in safe mode either.

I got 'wbouvy' on the re-install - but the trouble is this computer was bought about 5 months ago and windows XP was pre installed. I have no windows discs.

Right - I'll go try trendsecure next - back soon.

Posted 7 years ago
Top
 
Scott
Scott
Posts: 5618

You won't connect in Safe Mode, that's intended.

Can I ask where you bought the computer?

Posted 7 years ago
Top
 
brucemstrs
Posts: 15

Well, trendsecure has finished scan and says there are about a hundred minor problems throughout, mostly register items. To remove I have to take the full version for around $50. Is this a good deal?

Posted 7 years ago
Top
 
Scott
Scott
Posts: 5618

Not sure if your problem will be solved. We can take other steps.

Did you check for malicious processes in TaskManager?
From the Run command, please type in MSCONFIG and list programs listed under Startup.

There are additional free scans we can do next. I assume AVG no longer finds any issues?

Posted 7 years ago
Top
 
brucemstrs
Posts: 15

That was my point - worth it if it works, but the list seems to be a long one but all minor.

I did check and though the list is long, there was no activity displayed except on the obvious ones that we would be aware of.

OK - Next - I have msconfig displayed and the list is long and very detailed. It won't copy and paste, so I have to type it out for you. May take a while. LOL - My wife is a keyboard specialist, very very fast - and NOT HERE !!!!

Posted 7 years ago
Top
 
Scott
Scott
Posts: 5618

It's the proverbial needle in the haystack, but you're obviously distressed. It's likely to be starting with your PC, but not certain it will appear in the MSCONFIG list.

Where did you buy this computer?

Posted 7 years ago
Top
 



Topic Closed

This topic has been closed to new replies.