Re: XP Home infected , cannot restore

sounds like the whole operation needs to be nuked! Holy crap
on all of that!!!!

--



"tommy" <tommylee9_2000@xxxxxxxxxxxxxxxxxxx> wrote in message
news:hbpo0k$pqu$1@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx



The Central Scrutinizer wrote:
How are you certain this was caused by a virus?


"tommy" <tommylee9_2000@xxxxxxxxxxxxxxxxxxx> wrote in message
news:hba0pd$i4f$1@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx

I have an XP home pc, 2.5ghz, 500mb system that I cannot restore a
normal windows screen to. It boots to a desktop wallpaper, no icons,
no taskbar, no
systray. Have to use task manager to run programs [ with the "create
new task / run" function ].

The virus has somehow modified permissions to stop AV programs [ and
certain
others with error message insufficient permissions ] from running. I
tricked
it by installing to alternate directories, like program
files\malwarebytes2
and programfiles\HJT2, and have run these in safe mode. Mbam told me
that it
found 6 trojans, and removed them, but I still cannot boot to the
destop with icons again. I see only the wallpaper when booted up. [
nothing in safemode except the safemode stamps in the corners ]

I cannot find the gpedit.msc. I cannot open windows explorer to allow
hidden
files to show.
I can open mmc.msc, but cannot find the gpedit snap-on available.

I ran the latest McAfee Stinger. Found nothing. Ran mbam full scan
found no
additional viruses.

Process list is very clean: Very little cpu activity is seen . Every
process
is at zero after booting. It is so clean that I suspect somebody
else has come in and cleaned the extraneous processes.

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis2\HijackThis.exe

The HJT log shows that there is lots of BHOs, other entrys etc, and
I can see nothing unusual in it, but as above, when booted, no
activity is noted.



--
Tommy

The guy said he had experienced re-direction dating back to 6 mos ago.
He has little pc experience.
There were viruses on there. Malwarebytes took off 6 of them.
Important programs were blocked by policy [permissions], including all
antivirus pgms. [ I had to change names for any AV client to run ]
He has a restore partition, but wants to do that himself.
I was able to install gpedit, but no policies had been set.

--
Tommy







.

Relevant Pages

  • Re: clean reinstall all ports
    ... reinstalling doesn't seem to correct all permission errors, ... why doing some sort of clean reinstall that would produce squeaky ... clean versions of all my ports would be great. ... Yeah, this is what I was using, but it doesn't seem to recreate permissions properly... ...
    (freebsd-questions)
  • Exchange 2k ADC Failure
    ... New 2k server - and dcpromo was clean. ... right permissions for this error but still getting it. ... When running ADC from Exchange CD I get the ...
    (microsoft.public.exchange2000.setup.installation)
  • Re: clean reinstall all ports
    ... I kind of messed up the permissions of my /usr/local directory. ... reinstalling doesn't seem to correct all permission errors, ... why doing some sort of clean reinstall that would produce squeaky ... clean versions of all my ports would be great. ...
    (freebsd-questions)
  • clean reinstall all ports
    ... I kind of messed up the permissions of my /usr/local directory. ... I notice that manually reinstalling doesn't seem to correct all permission errors, which is why doing some sort of clean reinstall that would produce squeaky clean versions of all my ports would be great. ...
    (freebsd-questions)