System Security Malware Keeps Coming Back (Part 1)

View previous topic View next topic Go down

Re: System Security Malware Keeps Coming Back (Part 1)

Post by Belahzur on 29th April 2010, 9:13 pm

Okay, try Safe Mode first.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: System Security Malware Keeps Coming Back (Part 1)

Post by curunduraj on 29th April 2010, 11:48 pm

I've tried Safe Mode (all variations) and Last Known Good Configuration, but cannot load Windows XP. Was this caused by Combo-Fix? Can you suggest how to fix this?
Thanks.

curunduraj
Novice
Novice

Posts Posts : 21
Joined Joined : 2010-04-19
OS OS : XP
Points Points : 24551
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security Malware Keeps Coming Back (Part 1)

Post by curunduraj on 30th April 2010, 5:34 pm

Hello. I have tried copying userinit.exe to wsaupdater.exe in the c:\windows\system32 folder. I have also copied and expanded userinit.exe from my Recovery CD to c:\windows\system32. So far nothing works. XP boots to the "welcome" screen but takes me right back there when I try to access any of the accounts.

curunduraj
Novice
Novice

Posts Posts : 21
Joined Joined : 2010-04-19
OS OS : XP
Points Points : 24551
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security Malware Keeps Coming Back (Part 1)

Post by Belahzur on 30th April 2010, 7:07 pm

No, Combofix wouldn't do this, the malware has locked us out.

Avira AntiVir Rescue System is a Linux-based application that allows accessing computers that cannot be booted anymore.

  • Download The Avira AntiVir Rescue System from [You must be registered and logged in to see this link.].
  • Just double-click on the rescue system package to burn it to a CD/DVD.
  • Then please use that CD/DVD with Avira Rescue System to boot your computer.
You'll get a boot option to either boot from hard drive or AntiVir Rescue System.


Press the number 2 on your keyboard to boot into AntiVir Rescue System.

Please wait until drivers are loaded and Main menu shows. Then please select the second option “Scan your system with AntiVir” and hit Enter.


Under Configuration, please select Scan all files, Try to repair infected files and Rename files if they cannot be removed?.


Then please start the scan.

The Avira AntiVir Rescue System wil now

  • repair a damaged system,
  • rescue data,
  • scan the system for virus infections.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: System Security Malware Keeps Coming Back (Part 1)

Post by curunduraj on 30th April 2010, 8:54 pm

OK, I was able to scan the computer but it does not appear to have made any difference. I still cannot log in. After the scan completed, there were no further instructions or any indication that a log file was being created. I will run it again. By the way, the Main Menu does not appear. Do you know where on the hard drive I should look for the log file using the Commandline? Thanks.

curunduraj
Novice
Novice

Posts Posts : 21
Joined Joined : 2010-04-19
OS OS : XP
Points Points : 24551
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security Malware Keeps Coming Back (Part 1)

Post by curunduraj on 30th April 2010, 10:15 pm

I ran Avira again...no change, but I do see the log file information but not sure if I can copy the file onto my thumbdrive in DOS mode so I can post it. I'm also not sure which files are being scanned. I know there are many more files on the hard drives than were reported as having been scanned. The scan results are:

scanned files: 178001
scanned directories: 13499
records: 7
suspect files: 0
warnings: 2219

curunduraj
Novice
Novice

Posts Posts : 21
Joined Joined : 2010-04-19
OS OS : XP
Points Points : 24551
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security Malware Keeps Coming Back (Part 1)

Post by Belahzur on 30th April 2010, 11:53 pm

Hmmm.
We can keep trying, but if we can't fix this because of the damage done by the malware, the end result maybe formatting.

If there is nothing important on the machine, then a quicker way would be formatting right now.

Let me know.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: System Security Malware Keeps Coming Back (Part 1)

Post by curunduraj on 1st May 2010, 12:58 am

Yes, I am thinking along the same lines, although I am thinking a new C drive and a fresh install of XP may be in order. There are a lot of important files on the current drive but I am assuming they are OK and I will be able to access them after the new drive is up and running XP again. The other thing I may try to do before installing a new HD is to connect my 1.5 TB external drive and copy data files in DOS mode. I assume there is feasible. What do you think? Thanks for all your help...it is truly appreciated.

Also, if this is the wsaupdater.exe malware, should I consider trying to manually edit the registry from the command prompt?

curunduraj
Novice
Novice

Posts Posts : 21
Joined Joined : 2010-04-19
OS OS : XP
Points Points : 24551
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security Malware Keeps Coming Back (Part 1)

Post by Belahzur on 1st May 2010, 2:50 pm

Hello.
No, if there is a file infecter infection, regardless of what we do, it wont help.

If you hook the current C:\ drive to another machine as a slave, you should be able to access your files that way.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum