Re: XP Home infected , cannot restore

sounds like the whole operation needs to be nuked! Holy crap
on all of that!!!!


"tommy" <tommylee9_2000@xxxxxxxxxxxxxxxxxxx> wrote in message

The Central Scrutinizer wrote:
How are you certain this was caused by a virus?

"tommy" <tommylee9_2000@xxxxxxxxxxxxxxxxxxx> wrote in message

I have an XP home pc, 2.5ghz, 500mb system that I cannot restore a
normal windows screen to. It boots to a desktop wallpaper, no icons,
no taskbar, no
systray. Have to use task manager to run programs [ with the "create
new task / run" function ].

The virus has somehow modified permissions to stop AV programs [ and
others with error message insufficient permissions ] from running. I
it by installing to alternate directories, like program
and programfiles\HJT2, and have run these in safe mode. Mbam told me
that it
found 6 trojans, and removed them, but I still cannot boot to the
destop with icons again. I see only the wallpaper when booted up. [
nothing in safemode except the safemode stamps in the corners ]

I cannot find the gpedit.msc. I cannot open windows explorer to allow
files to show.
I can open mmc.msc, but cannot find the gpedit snap-on available.

I ran the latest McAfee Stinger. Found nothing. Ran mbam full scan
found no
additional viruses.

Process list is very clean: Very little cpu activity is seen . Every
is at zero after booting. It is so clean that I suspect somebody
else has come in and cleaned the extraneous processes.

Running processes:
C:\Program Files\Trend Micro\HijackThis2\HijackThis.exe

The HJT log shows that there is lots of BHOs, other entrys etc, and
I can see nothing unusual in it, but as above, when booted, no
activity is noted.


The guy said he had experienced re-direction dating back to 6 mos ago.
He has little pc experience.
There were viruses on there. Malwarebytes took off 6 of them.
Important programs were blocked by policy [permissions], including all
antivirus pgms. [ I had to change names for any AV client to run ]
He has a restore partition, but wants to do that himself.
I was able to install gpedit, but no policies had been set.