The How-To Geek Forums Have Migrated to Discourse


How-To Geek Forums / Windows XP

Virus left me with changed settings in XP Home edition !!!

(33 posts)
  • Started 9 years ago by brucemstrs
  • Latest reply from brucemstrs
  • Topic Viewed 6102 times

brucemstrs
Posts: 15

I had a virus scan inform me of an infection which I believe was dealt with. As far as I can recall it was worm 'Nagel'. But it left me with strange changes. I tried to 'system restore', but whatever date I chose it reported restore was not possible. Now I cannot access the 'System Restore' option. Help and support page won't open. AOL live help tells me my IP address is one not allowed access. If log on to Microsoft website, any helpful items they may have for download cannot be accessed. I am worried - REALLY WORRIED - HELP PLEASE!!

Posted 9 years ago
Top
 
Scott
Posts: 5618

OK, please follow these instructions,

Download and install Stinger by McAfee
http://vil.nai.com/vil/stinger/default.aspx

It will take a while to complete. If your System Restore function returns, please disable and delete ALL old restore points.

After, download and run this free scan:
http://us.mcafee.com/root/mfs/default.asp

If successful in removal, re-enable System Restore after a reboot, but you may want to scan again with McAfee or any other like Panda, etc.

Posted 9 years ago
Top
 
brucemstrs
Posts: 15

Well, I downloaded Stinger, and run a scan which found all files to be clean.

Move on to the next download page which is accessible, but whils the end user agreement is displayed, I get no ' I AGREE ' option so cannot proceed.

This bug seems to have it all covered

Posted 9 years ago
Top
 
Scott
Posts: 5618

Do you not see a 'Scan Now' button?

If not, you can try this one:
http://www.pandasecurity.com/h.....ctivescan/

Posted 9 years ago
Top
 
Scott
Posts: 5618

And this one:
http://www.microsoft.com/secur.....fault.mspx

Posted 9 years ago
Top
 
brucemstrs
Posts: 15

Appreciate your help Scott - but none of these will allow me access. I had this when I was trying on my own. Anything likely to help just greyed out or wouldn't open. I cannot even connect to the Panda or the Microsoft pages. Is this maybe because the addresses are not complete ? We have some words missing with .......... in place of them ???

Posted 9 years ago
Top
 
Scott
Posts: 5618

No, these links should open.

You can Google to find the MS Malicious Tool Removal page, and the PandaSoft free scan as well. If that doesn't work, please report back.

Posted 9 years ago
Top
 
brucemstrs
Posts: 15

Tried and tried, but same thing. They display for me as if all is normal, but they just don't proceed when I push the button. They seem to have been included in the block of anything helpful.

Sorry - I'm lost now as well as worried !!

Posted 9 years ago
Top
 
Scott
Posts: 5618

OK, can you try to boot in Safe Mode and disable and delete Restore Points. Do you have Spybot Search & Destroy? If so, run it in Safe Mode.

Can you please open your Task Manager and look for any running process that seems suspicious? What did you download that has caused these issues?

Posted 9 years ago
Top
 
brucemstrs
Posts: 15

Thank-You Scott - sorry to take up so much of your time. I do have spybot and will try it safe mode after I finish this post.

I have opened Task manager and there is nothing showing except AOL and the My Documents folder, which I had open, apart from the system etc. I was not aware I had downloaded the worm I only got suspicious when AVG popped up and told me. I though it was minor and dealt with until I got all this starting to happen.

I'll go try the spybot in safe - mode, and hope to speak to you later.
Thanks again.

Posted 9 years ago
Top
 
Scott
Posts: 5618

You need to look for suspicious processes, not applications in TaskMan.

And again, disable Restore Points if you can. The virus can linger in a backup.

No worries about time, we are here to help.

Posted 9 years ago
Top
 
Scott
Posts: 5618

HijackThis is the next step.

http://www.trendsecure.com/por.....ckthis.php

If you've never heard of it, here's the Wiki page:

http://en.wikipedia.org/wiki/HijackThis

Posted 9 years ago
Top
 
wbouvy
Posts: 21

The question is wether it is actually worth going through all this, or just backing up your most important files on an isolated drive (usb drive or stick) and format and re-installing windows. After the reinstall you could install your virus scanner and scan and clean the backupped data before doing anything with it. Reinstalling windows and your software could be done in a few hours tops, as long as you don't reinfect yourself from your backup files.

I may be a bit to quick to suggest formatting, but it is a sure way to get everything clean.

Posted 9 years ago
Top
 
Scott
Posts: 5618

Thanks wbouvy, I'm sure Bruce understands that formatting is a last resort. Let's see if these traditional methods work.

Posted 9 years ago
Top
 
brucemstrs
Posts: 15

Thanks again Scott - got that. I ran spybot in safe mode and found only that windows firewall was turned off ?? Nothing else malicious showed at at all. A point of interest though - the system will not let me log on to the web in safe mode either.

I got 'wbouvy' on the re-install - but the trouble is this computer was bought about 5 months ago and windows XP was pre installed. I have no windows discs.

Right - I'll go try trendsecure next - back soon.

Posted 9 years ago
Top
 
Scott
Posts: 5618

You won't connect in Safe Mode, that's intended.

Can I ask where you bought the computer?

Posted 9 years ago
Top
 
brucemstrs
Posts: 15

Well, trendsecure has finished scan and says there are about a hundred minor problems throughout, mostly register items. To remove I have to take the full version for around $50. Is this a good deal?

Posted 9 years ago
Top
 
Scott
Posts: 5618

Not sure if your problem will be solved. We can take other steps.

Did you check for malicious processes in TaskManager?
From the Run command, please type in MSCONFIG and list programs listed under Startup.

There are additional free scans we can do next. I assume AVG no longer finds any issues?

Posted 9 years ago
Top
 
brucemstrs
Posts: 15

That was my point - worth it if it works, but the list seems to be a long one but all minor.

I did check and though the list is long, there was no activity displayed except on the obvious ones that we would be aware of.

OK - Next - I have msconfig displayed and the list is long and very detailed. It won't copy and paste, so I have to type it out for you. May take a while. LOL - My wife is a keyboard specialist, very very fast - and NOT HERE !!!!

Posted 9 years ago
Top
 
Scott
Posts: 5618

It's the proverbial needle in the haystack, but you're obviously distressed. It's likely to be starting with your PC, but not certain it will appear in the MSCONFIG list.

Where did you buy this computer?

Posted 9 years ago
Top
 
brucemstrs
Posts: 15

I bought PC from PC World in Aylesbury

Posted 9 years ago
Top
 
Scott
Posts: 5618

Have you asked them if they can provide a XP disk for repair/reinsatllation?

I would think they would be helpful, it's a fairly new PC.

Are these the folks...?

Broadfields Retail Pk
Bicester Rd, Aylesbury, HP19 8BU, UK

Complaints Process
If you are not happy with the level of service provided by
PC World, please let us know by:

Contacting our Customer Service Team on
0844 561 0000 (national rate).
Opening hours
Monday to Friday: 09:00 – 20:00
Saturday: 09:00 – 18:00
Sunday: 10:00 – 17:00

Posted 9 years ago
Top
 
Scott
Posts: 5618

For what it's worth, I called the Aylesbury store and they said it's company policy to provide an OS disk. They suggested stopping by to pick one up. Seriously.

Posted 9 years ago
Top
 
brucemstrs
Posts: 15

Sorry to leave you in mid air. I was getting called from three sides and had to get the Confisys copied as well.

Crikey - it really didn't occur to me to rely on PC World.
I'm sitting here a bit red faced now.

OS Disk Means what - and what do we do with it.For what it may be worth now the deatials I copied are as follows:-

Checked NvCpl RUNDLL32.EXE C:\WINDOWS\system32\NvStartup
Checked winssnotify “C:\Program Files\Microsoft Windows One Care Live\winssnotify.exe?
Checked AOLSoftware C:\Program Files\Common Files\AOL\1172664139\ee\AOLSoftware.exe
Checked errorkiller “C:\Program Files\errorkiller\errorkiller.exe?-boot
Checked ctfmon “C:\WINDOWS\system32\ctfmon.exe
Checked msnmsgr “C:\Program Files\MSN Messenger\msnmsgr.exe? /background
Checked Registry Booster “C:\Program Files\Uniblue\Registry Booster 2\Registry Booster.exe /5
Unchecked fts “C:\Program Files\Voyager Test\fts.exe?
Unchecked Aboard “c:\apps\ABoard\Aboard.exe
Unchecked apdproxy “C\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\...
Unchecked Reader_sl “C\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe?
Unchecked ADVCHK “C\PROGRA~1\NORTON~A\AdvTools\ADVCHK.EXE
Unchecked ALCMTR ALCMTR.EXE
Unchecked AOLDial C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
Unchecked PopUpKiller C:\PROGRA~1\Ashampoo\ASHAMP~1\PopUpKiller.exe
Unchecked avp “C:\Program Files\Kaspersky Anti-Virus 7.0\avp.exe?
Unchecked NMBgMonitor “C:\rogram Files\Common Files\Ahead\Lib\NMBgMonitor.exe?
Unchecked ctfmon C:\WINDOWS\system32\ctfmon.exe
Unchecked DetectorApp C:\Program Files\Sonic\DigitalMedia LE v7\My DVD le\Detector App.exe
Unchecked dslagent C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
Unchecked dslstat C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
Unchecked AOLSoftware C:\Program Files\CommonFiles\AOL\1172664139\ee\AOLSoftware.exe
Unchecked IMJPMIG “C:\WINDOWS\IME\imjp8_1IMJPMIG.EXE?/spoil/RemAdvDef/migration32
Unchecked ISUSPM C:\Progra~1\COMMON~1\INSTAL~1UPDATE~1\ISUSPM.exe-startup
Unchecked issch “C:\Program Files\Common Files\Installshield\UdateService\issch.exe? –start
Unchecked Language “C:\Program Files\cyberlink\PowerDVD\Language\Language.exe?
Unchecked Communication
Helper “C:\Program Files\Common Files\Logitech\ComMgr\Communications_Helper...
Unchecked QuickCam10 “C:\Program Files\Logitech\QuickCam.exe/hide
Unchecked MSNmsgr C:\Program Files \MSN MMessenger\MsnMsgr\.exe/background
Unchecked YSTER~1 C:\DOWNLO~1\MYSTER~1.EXE/r
Uncheck NeroCheck C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
Uncheck NvCpl RUNDLL32.EXE C:\WINDOWS\System32\NavCpl.dll,NvStartup
Uncheck NvMcTray RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
Uncheck nwiz nwiz.exe/install
Uncheck scureapp C:\Apps\Softex\Omnipass\scureapp.exe
Uncheck PCMService “cAPPS\Powercinema\PCMService.exe?
Uncheck TINTSETP C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE/IMEName
Unchecked TINTSETP C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE/SYNC
Unchecked qttask “C:\Program Files\QuickTime\qttask.exe?-atboottime
Unchecked Realplay C:\Program Files\Real\Real Player\Real Play.exe SYTEMBOOTHIDE….
Unchecked PDVDServ “C:\Program FilesCyberlink\PowerDVDServ.exe?
Unchecked RTHDCPL RTHDCPL.EXE
Unchecked Sky Tel SkyTel.exe
Unchecked Application
Launcher “C:\Program Files\Sony Ericson\Mobile2\Application Launcher\Appli……
Unchecked jusched C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
Unchecked vaderato_oe “C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderato_oe.exe?
Checked AOL 9 Tray Icon C:PROGRA~1\AOL(~1.OA\oaltray.exe-check
Unchecked AOL Companion C:\PROGRA~1AOLCOM~1\COMPAN~1.EXE/s
Unchecked Google Updater C:\PROGRA~1\Google\GOOGLE~2\GOOGLE~1.EXEsystray-startup
Unchecked Kodak EasyShare C:\PROGRA~1\Kodak\KODAKE~1\bin\EASYSH~1.EXE-hx
Windows Desktop Search C:\PROGRA~1\W1459E~1\WINDOW~1.EXE/startup
OneNote 2007 Screen
Clipper and Launcher C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE/tsr

Posted 9 years ago
Top
 
Scott
Posts: 5618

I'm checking this, in the meantime would you be so kind as to call PC World, tell them you were never given a disk with the XP operating system (OS). If all else fails, we can help you reinstall your computer. Possibly to a better state than how it was shipped.

Posted 9 years ago
Top
 
brucemstrs
Posts: 15

I called the store Scott, but I'm getting the auto answer service and there are about 48 levels. I guess it's getting a bit late.

I'm about 15 minutes away from the store in Aylesburi, I live in a village about 5 miles up the road.

Ill go in there tomorrow and see them face to face to get a disc

I really am grateful to you. I was getting really panicky and thought I was sinking ever faster. Thanks a lot for your help. I'll speak to you tomorrow I hope. Have a good evening.

Bruce

Posted 9 years ago
Top
 
Scott
Posts: 5618

OK, just keep in mind even if you're able to get your deserved XP install disk, you probably still will have issues.

I'll check in tomorrow and have you run HijackThis and post to a relevant forum.

Scott

-edit, the number i called was 870 242 0444

Posted 9 years ago
Top
 
brucemstrs
Posts: 15

Morning !!! I went to the PC World store at 9am when they open, but the technical guy there tells me they never keep any system discs in the store ???

He explained that the operating system is installed within a separate partition on the drive, inaccessible to any infections, and re-install can be done from there.

Maybe he is right - I'm not certain.

Posted 9 years ago
Top
 
brucemstrs
Posts: 15

Since my last post, I have spoken to the Technical Help people at PC World ( the number you called yesterday) and they say that there is some confusion. Disks are not given out - but they are available by copying the OS from windows partition in the pre-installed hard drive.

This is what they are recommending we do.

Posted 9 years ago
Top
 
brucemstrs
Posts: 15

In fact they said that it is important to do it within the first 12 months. After that the only way is to purchase new discs.

Posted 9 years ago
Top
 
Scott
Posts: 5618

OK Bruce,

Give me a little time, we'll get this right.

Posted 9 years ago
Top
 
Scott
Posts: 5618

Do you have a chat client?

Posted 9 years ago
Top
 
brucemstrs
Posts: 15

Chat Client ??

Posted 9 years ago
Top
 



Topic Closed

This topic has been closed to new replies.