Go Back   Tech Support Forum > Microsoft Support > Windows XP Support

Need help reinstalling windows on netbook w/rootkit that won't go away...how???

This is a discussion on Need help reinstalling windows on netbook w/rootkit that won't go away...how??? within the Windows XP Support forums, part of the Tech Support Forum category. i NEED SOME HELP REINSTALLING MY WINXP OS ON A NETBOOK (ACER) WITH A NASTY ROOTKIT. AFTER 2 DAYS OF


Closed Thread
 
Thread Tools Search this Thread
Old 08-04-2009, 08:42 AM   #1
Registered Member
 
Join Date: Aug 2009
Posts: 11
OS: winxp sp3





i NEED SOME HELP REINSTALLING MY WINXP OS ON A NETBOOK (ACER) WITH A NASTY ROOTKIT.

AFTER 2 DAYS OF SCANS, I AM STILL FINDING DIFFERENT THING EACH SCAN.

I STILL CANNOT ACCESS E-RECOVERY AND WHEN THE SYSTEM IS ON IN REGULAR MODE, IT JUST FREEZES WITH THE SUPERANTSPYWARE RECTANGLE ON SCREEN.

I HAVE NO CD DRIVE...ONLY E-RECOVERY (ACER'S) AND I CAN'T GET INTO THAT.

I AM CONCERNED, TOO, BECAUSE I HAVE 2 OTHER SYSTEMS ON THE NETWORK AND ANOTHER IS BEGINNING TO BEHAVE AS THIS ONE DID AT FIRST. (MY SYSTEM WENT OFFLINE FOR A LITTLE BIT AT FIRST).

ANY HELP IS APPRECIATED.

__________________
crunch127 is offline  
Old 08-04-2009, 10:22 AM   #2
Registered Member
 
Join Date: Jun 2009
Location: Deer Park, Washington
Posts: 177
OS: Windows 7, Windows XP



First of all, disconnect the infected computer(s) from your network and the internet (especially your network) and run virus/malware scans on all the computers on your network.

Next, you're going to want to back up your files (preferably on all your computers since it seems whatever is on your computer is spreading on your network). Copy and paste them onto an external hard drive/flash drive or burn them to a cd(s) (it's also a good idea to do this in safe mode). Don't use a back-up program and don't copy any large folders so as to minimize the risk of backing up an infected file.

After that's done, you'll be needing a Windows XP installation disk (I assume that, when you say that you "have no cd drive," you mean that you don't have a Windows XP disk). Either call up the manufacturer of your computer to see if they will send you a disk or borrow one from a friend (if you borrow one from a friend, be sure to use the Code of Authenticity that should be attached to your computer) and reinstall Windows.

EDIT: You might want to download the drivers for your computer and burn them to a cd or save them to a flash/external hard drive before reinstalling windows so as to speed up the process of getting your computer back up and running.

Also, try to lay off the caps lock as talking in all caps is taken as yelling.

__________________
Acenator is offline  
Old 08-04-2009, 10:54 AM   #3
Registered Member
 
Join Date: Aug 2009
Posts: 11
OS: winxp sp3



Acenator, thanks for the reply.

Since I have a netbook, I have no cd drive; is there an alternate method of install?

And sorry for the caps; I was using for emphasis.
__________________
crunch127 is offline  
Old 08-04-2009, 11:12 AM   #4
Registered Member
 
Join Date: Jun 2009
Location: Deer Park, Washington
Posts: 177
OS: Windows 7, Windows XP



I believe there's a way to boot off of usb devices that might work, but I have no experience with such things (I wonder if you could get a usb cd drive and use that (?) ).

That said, go ahead and scan all the computers on the same network as the infected machine and back up any files that you don't want to lose and wait for someone more experienced than myself to reply.

Good luck!
__________________
Acenator is offline  
Old 08-04-2009, 12:22 PM   #5
TSF Enthusiast
 
Join Date: Aug 2006
Posts: 601
OS: Windows 7 x64



have you thought of going to the malware forum on this site? They may be able to help and save you from reinstall, though I appreciate they are busy. Just a thought.
__________________
auntiej is offline  
Old 08-04-2009, 01:54 PM   #6
Registered Member
 
Join Date: Aug 2009
Posts: 11
OS: winxp sp3



My Bad...should have done that, I guess.

Thanks for the suggestion/reminder:)
__________________
crunch127 is offline  
Old 08-04-2009, 02:00 PM   #7
Administrator

Team Manager
- Networking
- Microsoft Support
- Hardware
 
Old Rich's Avatar
 
Join Date: May 2007
Location: Houston, Texas
Posts: 46,738
OS: XP, Win 7



If you do end up having to reinstall, you will need an external drive like this:

http://www.newegg.com/Product/Produc...82E16827151184
Old Rich is offline  
Old 08-04-2009, 02:13 PM   #8
Registered User
 
Join Date: Apr 2009
Posts: 2,854
OS:



You have a restore partition on your computer. Here are instructions for accessing the restore partition:http://forum.notebookreview.com/showthread.php?t=74919
__________________
deleted010511 is offline  
Old 08-07-2009, 11:43 AM   #9
Registered Member
 
Join Date: Aug 2009
Posts: 11
OS: winxp sp3



I accessed the restore partition and restored my system to factory settings and updated everything--

Ran Malwarebytes, Iobit Security 360, and Avira.

Found the following:

All were located in my Documents and Settings: Opera 10 cache

Trojan.Ezurl
Backdoor.ClientMan
Rogue.Downloader
Win32.Virus.Sality
Spyware.SillyFDC
Adware.msnsniffer
Trojan.CDT
Keylogger.Adbars
TR/Trash.Gen

These are all quarantined.

Malwarebytes found:

Trojan.BHOs in the following:

HKEY_Local_machine\system
HKEY_classes_root\c lsid_root\kt_bho
HKEY_local_machine_system\softwar
HKEY_currentuser|software
local_machine\system
_classes_root\typelib

Disabled security in:

local machine\software

Avira also found 63 warnings.

I ran several scans in regular and safe networked mode since and all have come up clean.

WHAT is going on?

PLEASE can someone offer me guidance as to what to do? Am I safe now that scans are reading clean?

Also, can someone tell me what these bugs affect? The keylogger really has me concerned.

I changed all my passwords about 4 times in the past two days. Can I do anything else?

I have Avira, Malwarebytes, ComodoBClean, and Iobit Security 360 installed. Are there any other programs I should have?

I am really concerned.
__________________
crunch127 is offline  
Old 08-07-2009, 12:08 PM   #10
Registered Member
 
Join Date: Jun 2009
Location: Deer Park, Washington
Posts: 177
OS: Windows 7, Windows XP



I am NOT, by any means, an expert on malware/virus removal, so I can't say if your computer's clean or not (only the analysts in the Virus/Trojan/Spyware Help forum will be able to do that for you*), but it is a good sign if the scans are coming up clean and if you don't seem to be having any problems.

As for other things you can do security wise, you might try reading this thread.

*NOTE: If you decide to get an analyst's opinion, read and follow the instrucions in the "NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help" thread before starting a new thread in the Virus/Trojan/Spyware Help forum. Be patient with them as they are very busy and it might take a while for them to get to you.
__________________
Acenator is offline  
Old 08-07-2009, 12:37 PM   #11
Registered User
 
Join Date: Apr 2009
Posts: 2,854
OS:



Where ever your browsing on Opera, you are downloading viruses.
__________________
deleted010511 is offline  
Old 08-07-2009, 01:01 PM   #12
Registered Member
 
Join Date: Aug 2009
Posts: 11
OS: winxp sp3



There was a link I clicked on in either zafu or truejeans that gave me a warning of a suspected malware site. Before I could click not to proceed, it automatically forwarded me to the site.

Right after that I ran scans and the problems began.

And all I wanted to do was find a good-fitting pair of pants...


What do you think about the new unknown files sophos just detected--and deleted-- in my system\restore file?
__________________
crunch127 is offline  
Old 08-07-2009, 03:36 PM   #13
Registered User
 
Join Date: Apr 2009
Posts: 2,854
OS:



Well there you go, stick to known sites, like Amazon etc. Also, before doing a Virus scan be sure to turn off System Restore, as this is a place where viruses are stored. After scanning and deleting malware, restart your computer and turn System Restore back on if you like.

__________________
deleted010511 is offline  
Closed Thread

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2


All times are GMT -7. The time now is 02:27 AM.


Copyright 2001 - 2014, Tech Support Forum

Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts