Win XP Virus: Help Requested
Ok, I'm not an idiot when it comes to computers. I know more than enough to work around in settings without worrying about fucking things up. However, I am not by any stretch an expert. I'm aware that some here are, so I'm going to give this a shot. I can't really expect a full fix, because I don't have an XP disc to reload windows, so formatting isn't an option, even if it was an option.
Ok, so my roomates win XP has been infected, and I don't have a lot of time or money to spend on this issue. This PC sadly did not have an antivirus on it. Or, it did, but somewhere along the line it was apparently removed without installing a replacement, hence the problem.
This virus is a fuck. It went straight for administration, and has now completely locked out the control panel, as well as any other admin tasks. I can't even install the anti-virus programs I attempted to install, because the admin settings are now set to not allow such installation. Very good...assholes....
Ahem. Anyway, if anyone has any advice to offer, I'll appreciate it, even if it amounts to "you're fucked". At least then I'll know for sure, and terminate with extreme prejudice.
I do have one semi-hope should no advice be forcoming. I have a second PC available which is fully secured and virus free. The problem is that computer is running on Win 98, and is decidedly obsolete even in comparison to the infected PC. So I doubt its capabilities to disinfect the XP virus. Should no advice be available, my question for those of you well knowledgeable in hardware/software is whether or not I can install my Win 98 HDD on the Win XP PC as the main HDD, and do a scan of the infected HDD with my old Win 98? Or am I going to have to have an XP OS to do the scan? Or am I just fucked? lol.
Enlightened Atheist, Gaming God.
- Login to post comments
You could open the task manager and look at the processes tab to find out what the offending program is, then select it and choose "end process" and try to install your antivirus software.
There are twists of time and space, of vision and reality, which only a dreamer can divine
H.P. Lovecraft
I can't remember if I can get into the task manager or not. I'll be home and have tested that within an hour or so. If it works, I'll bang my head into a wall, because that should have been the first thing I tried.
Enlightened Atheist, Gaming God.
If that doesn't work you still found out what the offending process was. Remove the registry keys (be careful of course) so that it wont launch at startup then restart your computer and install your antivirus software.
There are twists of time and space, of vision and reality, which only a dreamer can divine
H.P. Lovecraft
As suggested you can open windows task manager and click on processes. Look for typical virus execs to try to ID what it has. You can run removal tools from Symantec found at the following link:
http://www.symantec.com/norton/security_response/removaltools.jsp
They also have a premium service where they will charge you to find and remove the the offending virus.
McAfee also has free virus removal tools found on the following link.
http://home.mcafee.com/VirusInfo/VirusRemovalTools.aspx
You also can go to your local store and buy a version of Norton or McAfee but probably you can't install until after you get the virus out.
You can also start your PC in safe mode or in a controled startup and not allow certain services to start. This can get complex and I suggest you try the free virus removal tools first.
As to your Win 98 HDD, it likely used FAT 32 and usually XP is formatted as NTFS so no you can't use it to scan.
____________________________________________________________
"I guess it's time to ask if you live under high voltage power transmission lines which have been shown to cause stimulation of the fantasy centers of the brain due to electromagnetic waves?" - Me
"God is omnipotent, omniscient, omnibenevolent, - it says so right here on the label. If you have a mind capable of believing all three of these divine attributes simultaneously, I have a wonderful bargain for you. No checks please. Cash and in small bills." - Robert A Heinlein.
Well, you could try moving the hard drive but if you are going to have a problem scanning it from win98. The fact is that win98 only supports the FAT32 file system and the XP drive is almost certainly formatted with NTFS. So your windows98 install may not even see the drive as installed hardware.
Do your self a favor and boot from a CD that supports NTFS. Ubuntu linux would be my first pick.
There is also a great tool called winternals that will do it as well. But be careful with that one as you can pretty much do anything at all on your machine with that.
=
Make a windows PE disk using bart PE and boot that up and scan the drive.
You could also backup everything, and install Windows 7 beta on it. The latest build is running very stable, and it gives some nice benefits over XP while hardly being slower. (Much faster than Vista)
It's actually faster at some things.
And it's shiny.
Theism is why we can't have nice things.
I made a post while working on it while not logged in; obviously didn't want to be using passwords on that pc. Didn't remember that posts made that way have to be approved.
If the mods approve it, ignore it. lol. If the mods read this before approving it, don't bother approving it.
I managed to get one or two of them, but it didn't take care of it completely. I didn't have time to run them all though, so I'll get back when I have time to do more.
Incidentally, I don't have any cd to use. I'd have to buy one, and I don't currently have the money.
Enlightened Atheist, Gaming God.
I'm bumping this for easier retrieval over the next couple of days(so I don't have to search for the topic), seeing as its a long weekend, there's a good chance I'll have the motivation and time to work on it more.
There's a registry problem now(which prevents the running of certain programs as well as updating windows), and while I've fixed such problems before via persistance and the internet, that was many years ago, and WinXP is a lot more obsolete now than it was then. Actually, I'm not even sure I fixed such a problem on XP in the first place, so there's a possibility I have no experience with this particular problem. I'll post the exact issue when I get the chance.
Enlightened Atheist, Gaming God.
Not that I am doubting your word but how do you know? Not all computer problems are caused by viruses. Some problems are caused by malware and others are caused by the individual operating it, and also third party software.
See if AdAware helps to find malware on it. Also get HijackThis to see what is running.
If you're at a school (since you have a roommate) I'm assuming the school is your internet provider, if so they should have a virus checker to protect all the machines on that system.
Sounds like you've lost administration permissions.
You can still log into it, though ... by rebooting into 'Safe Mode'. Press F8 when Windows begins to boot, and you'll be given a list of boot options, one of which is 'Safe Mode'. Select that, and the 'Administrator' account will appear on the login screen.
From here it's easy. Once you've signed in as 'Administrator':
Right-click on My Computer
Click on Manage
Expand Local Users and Groups
Click on Groups
Double click on Administrators
Click on Add
Enter the account name on this machine that you want to assign administrative privileges to
OK your way back out.
Now reboot your machine normally, and the account you selected should now have administrative access.
People who think there is something they refer to as god don't ask enough questions.
I don't intend any offense with this response, but I think I can tell the difference between malware/spyware/etc and a virus.
Also, I can't run adaware. The registry has been damaged in the process of removing one or two of the virus' that had infected the computer, making adaware and spybot both useless.
No, I have a townhouse. The company Bell is our service provider.
I'm well aware of that thanks. I was simply spelling it out in detail.
Actually, I got back into administration. Turning the computer on disconnected from the net appeared to criple the virus' capabilities to fuck around with it in that particular area.
Enlightened Atheist, Gaming God.
I wouldn't trust the machine, personally. I clean machines on a regular basis, and frankly, I would have slaved the drive to another PC, backed up the user data and nuked it by that point.
If you are running XP Home edition and have a valid product key, I can burn you an installation CD and mail it if you cover postage(and want to go this route). Then, you can just nuke the drive and do a reinstall. Any of the OEM XP Home Edition CDs will work with any OEM licence key, so you might ask around locally for a disk, too. If you can, at least find a disk with service pack 2 preinstalled. It's a long install otherwise.
EDIT: If you are slaving it to another machine, it should be something like a Linux machine. Some of the more retarded Windows autoplay features have been used to auto-run virus payloads, so you can end up spreading the infection.
All that is necessary for the triumph of good is that evil men do nothing.
If I had a OS to install on it I'd probably just nuke it. I might anyway, just to preserve other PC's from catching anything. The more I think about it, the more I realize there isn't anything really necessary on the HDD. Most of it is easily replaced. That which isn't is simply game progression info, which I can simply replace by replaying the games. The nasty bit is losing all my StarCraft and WarCraft maps....but oh well. Shit happens.
*Kicks a wall*
Thanks for the offer, but it's XP Pro 2002.
Thanks for the advice.
Enlightened Atheist, Gaming God.