Should I fix or re-install XP?

vitaeterna · 11-13-2008, 08:52 AM

I had zlob and brastk.exe as well as Trojan Horse Downloader.Agent.AOON, Trojan Horse Generic12.GVU, Trojan Horse Agent.AHRN, Trojan Horse Agent.3.R, Trojan Horse Agent.AHRN, Trojan Horse Generic12.GVU AVG was able to quarantine them in Safe Mode but they would keep coming back when I would start the computer not in Safe mode. I found 3 executables inside Documents and Settings, one of which had the following path: C:\Documents and Settings\MYNAME\Local Settings\Application Data\wejudem.exe The other two looked like a movie file but ended with exe and they were created after I got the virus so I deleted the 3 executables from the C command prompt and now Zlob and brastk.exe are not coming back at least. I still have a DNS changer as I cannot access the symantec website, nor AVG. In trying to follow the instructions from exterminate-it.com, I discovered other suspicious files inside C:\Windows\System32\ specifically wupibupavo.exe, idiwuwade.dll, ujaw.bin, piretu.dl, ladasaxa.inf I suspect these files because they are all created the same time as when I downloaded the brastk virus. My brother says I should just reinstall XP, since who knows what else is on there. Which is better fix through the other forum or re-install?

GhostRiderDad · 11-13-2008, 09:10 AM

Have you cleaned up windows restore? You usually do this by going to my computer...Right-click) select properties and then system restore "Tab" and checking the "turn off system restore on all drives" checkbox. This prevents the virus from propagating itself from Restore archives. Also...make sure your windows updates up to date. Then restart in safe mode and use your virus program to scan and remove the viruses and hijackers. When you run in safe mode intitially...choose the non networked option so that the virus cannot detect a connection. from the "run" menu...enter MSCONFIG and let that run. You'll see a window appear. Choose "Startup" and note what is being loaded there. YOu can uncheck things that look suspicious and restart your PC (again, in safe mode, this time with networking. rescan the PC with the virus scanner. Hope this helps.

Ben

vitaeterna · 11-13-2008, 09:54 AM

System restore is off and has been off. The virus would still come back even with it off until I deleted those 3 files. Windows is up to date. I doubt running AVG 8.0 will help as it never found those other files which would re-install the brastk and Zlob virus/Trojan Horse. I'll give it a try and re-post.

**Glaswegian** · 11-13-2008, 10:05 AM

Hi

Turning off System Restore removes your only backup, even if it is an infected backup.

If you think you are infected then please start here and follow the instructions.

http://www.techsupportforum.com/secu...ml#post1771806

Do not post your logs back in this thread - follow the guidance in the above link!

Please note that the Security Forum is always busy, so I would ask for your patience while waiting for a reply - it may take a few days.

vitaeterna · 11-13-2008, 01:20 PM

The DNS changer is stopping me from getting to the forum from my infected computer, so I'll just re-install the operating system.

alpenadiver · 11-16-2008, 04:03 AM

You could always slave the infected drive to a computer and run your AV and spyware / malware programs. If you don't like cracking open your case this is a nice piece of equipment to have for any type of hardrive maintenance or data recovery
http://www.newegg.com/Product/Produc...82E16812232002

sjb007 · 11-16-2008, 09:37 AM

For me personally, formatting is always the last option.

If you have access to another computer and a USB memory stick to transfer the necessary logs across then I would advise trying to save your system first by following the link above as advised by Glaswegian. Re-installing may be the quickest option but then you loose all data stored. By the time you have re-installed software and reinstalled personal data then it is not always as quick as it seems. Just a little patience goes a long way.

Iif you should choose to format, then that is your choice alone. I have placed advice below for you to read first to help you decide

Reformatting Considerations
When Should I Format, How Should I Reinstall?

Good luck!

vitaeterna · 11-18-2008, 06:29 AM

I had no idea how to slave one computer to another, nor do I have a USB memory stick. I didn't have much data on the computer that I didn't have backed up, so I think, in my case, it was the best decision. The last straw was when I tried to open the CD drawer and it wouldn't open when not in safe mode. One thing I was curious about though was how to delete files at the C prompt. When I was at C:\Documents and Settings\MYNAME I just deleted files by typing del "Local Settings\Application Data\wejudem.exe" as I recall but it didn't work at the WINDOWS/SYSTEM 32 C prompt. Was I missing something or do I remember the delete command wrong?

rdc500 · 11-19-2008, 09:53 AM

When a computer get to a certain point where I think yours is. You will be better off reinstalling the OS. This may not be popular with the guys here but that's my opinion. I would do the following
Allow windows to format in NTSF Slow not Quick
Reinstall the OS.
Buy a Thumb Drive or some sort of backup device and on a weekly basis backup My Docs, and anything else you want to keep.
If you have the money get Nod32 and it will keep those nasty virus files for your PC
Later
Ron

alpenadiver · 11-19-2008, 12:25 PM

Another thing you may want to check out is a custom host file located at:
http://www.mvps.org/winhelp2002/hosts.htm

it blocks a large group of suspected spyware / malware and other undesirable websites

11-13-2008, 08:52 AM	#1 (permalink)
vitaeterna Registered User Join Date: Nov 2008 Posts: 8 OS: xp sp3	Should I fix or re-install XP? I had zlob and brastk.exe as well as Trojan Horse Downloader.Agent.AOON, Trojan Horse Generic12.GVU, Trojan Horse Agent.AHRN, Trojan Horse Agent.3.R, Trojan Horse Agent.AHRN, Trojan Horse Generic12.GVU AVG was able to quarantine them in Safe Mode but they would keep coming back when I would start the computer not in Safe mode. I found 3 executables inside Documents and Settings, one of which had the following path: C:\Documents and Settings\MYNAME\Local Settings\Application Data\wejudem.exe The other two looked like a movie file but ended with exe and they were created after I got the virus so I deleted the 3 executables from the C command prompt and now Zlob and brastk.exe are not coming back at least. I still have a DNS changer as I cannot access the symantec website, nor AVG. In trying to follow the instructions from exterminate-it.com, I discovered other suspicious files inside C:\Windows\System32\ specifically wupibupavo.exe, idiwuwade.dll, ujaw.bin, piretu.dl, ladasaxa.inf I suspect these files because they are all created the same time as when I downloaded the brastk virus. My brother says I should just reinstall XP, since who knows what else is on there. Which is better fix through the other forum or re-install? Last edited by vitaeterna; 11-13-2008 at 08:54 AM.

11-13-2008, 09:10 AM	#2 (permalink)
GhostRiderDad Registered User Join Date: Nov 2008 Posts: 8 OS: Windows Vista sp1	Re: Should I fix or re-install XP? Have you cleaned up windows restore? You usually do this by going to my computer...Right-click) select properties and then system restore "Tab" and checking the "turn off system restore on all drives" checkbox. This prevents the virus from propagating itself from Restore archives. Also...make sure your windows updates up to date. Then restart in safe mode and use your virus program to scan and remove the viruses and hijackers. When you run in safe mode intitially...choose the non networked option so that the virus cannot detect a connection. from the "run" menu...enter MSCONFIG and let that run. You'll see a window appear. Choose "Startup" and note what is being loaded there. YOu can uncheck things that look suspicious and restart your PC (again, in safe mode, this time with networking. rescan the PC with the virus scanner. Hope this helps. Ben

11-13-2008, 09:54 AM	#3 (permalink)
vitaeterna Registered User Join Date: Nov 2008 Posts: 8 OS: xp sp3	Re: Should I fix or re-install XP? System restore is off and has been off. The virus would still come back even with it off until I deleted those 3 files. Windows is up to date. I doubt running AVG 8.0 will help as it never found those other files which would re-install the brastk and Zlob virus/Trojan Horse. I'll give it a try and re-post.

11-13-2008, 10:05 AM	#4 (permalink)
Glaswegian Moderator/ Rangemaster TSF Academy; Analyst, Security Team; Oor Wullie; TSF Surgeon and Resident Comic Join Date: Sep 2005 Location: Glasgow Posts: 23,945 OS: Win XP Pro SP3 / Win 7 RC My System Blog Entries: 10	Re: Should I fix or re-install XP? Hi Turning off System Restore removes your only backup, even if it is an infected backup. If you think you are infected then please start here and follow the instructions. http://www.techsupportforum.com/secu...ml#post1771806 Do not post your logs back in this thread - follow the guidance in the above link! Please note that the Security Forum is always busy, so I would ask for your patience while waiting for a reply - it may take a few days. __________________ Iain - Defender of the Haggis and all things Scottish. I don't help by PM - post in the Forums. Ad-Aware::SpywareBlaster::SpyBot::SpywareGuard::SnoopFree::AVG Free::HOSTS File::HijackThis::Donate::Photographers Corner

11-13-2008, 01:20 PM	#5 (permalink)
vitaeterna Registered User Join Date: Nov 2008 Posts: 8 OS: xp sp3	Re: Should I fix or re-install XP? The DNS changer is stopping me from getting to the forum from my infected computer, so I'll just re-install the operating system.

11-16-2008, 04:03 AM	#6 (permalink)
alpenadiver Registered User Join Date: Jul 2007 Location: Alpena, Michigan Posts: 288 OS: Windows XP Pro, Windows 7 RC, Debian 5.0 My System	Re: Should I fix or re-install XP? You could always slave the infected drive to a computer and run your AV and spyware / malware programs. If you don't like cracking open your case this is a nice piece of equipment to have for any type of hardrive maintenance or data recovery http://www.newegg.com/Product/Produc...82E16812232002

11-16-2008, 09:37 AM	#7 (permalink)
sjb007 Analyst, Security Team Join Date: Dec 2007 Location: Lincoln UK Posts: 2,091 OS: Vista Premium 64x My System	Re: Should I fix or re-install XP? For me personally, formatting is always the last option. If you have access to another computer and a USB memory stick to transfer the necessary logs across then I would advise trying to save your system first by following the link above as advised by Glaswegian. Re-installing may be the quickest option but then you loose all data stored. By the time you have re-installed software and reinstalled personal data then it is not always as quick as it seems. Just a little patience goes a long way. Iif you should choose to format, then that is your choice alone. I have placed advice below for you to read first to help you decide Reformatting Considerations When Should I Format, How Should I Reinstall? Good luck! __________________ Better to die than be a coward - The Gurkha Motto The Gurkha Justice Campaign If we have helped you then please consider donating Last edited by sjb007; 11-16-2008 at 09:38 AM.

11-18-2008, 06:29 AM	#8 (permalink)
vitaeterna Registered User Join Date: Nov 2008 Posts: 8 OS: xp sp3	Re: Should I fix or re-install XP? I had no idea how to slave one computer to another, nor do I have a USB memory stick. I didn't have much data on the computer that I didn't have backed up, so I think, in my case, it was the best decision. The last straw was when I tried to open the CD drawer and it wouldn't open when not in safe mode. One thing I was curious about though was how to delete files at the C prompt. When I was at C:\Documents and Settings\MYNAME I just deleted files by typing del "Local Settings\Application Data\wejudem.exe" as I recall but it didn't work at the WINDOWS/SYSTEM 32 C prompt. Was I missing something or do I remember the delete command wrong?

11-19-2008, 09:53 AM	#9 (permalink)
rdc500 Registered User Join Date: Aug 2008 Posts: 36 OS: Vista Ultimate	Re: Should I fix or re-install XP? When a computer get to a certain point where I think yours is. You will be better off reinstalling the OS. This may not be popular with the guys here but that's my opinion. I would do the following Allow windows to format in NTSF Slow not Quick Reinstall the OS. Buy a Thumb Drive or some sort of backup device and on a weekly basis backup My Docs, and anything else you want to keep. If you have the money get Nod32 and it will keep those nasty virus files for your PC Later Ron Last edited by rdc500; 11-19-2008 at 09:55 AM.

11-19-2008, 12:25 PM	#10 (permalink)
alpenadiver Registered User Join Date: Jul 2007 Location: Alpena, Michigan Posts: 288 OS: Windows XP Pro, Windows 7 RC, Debian 5.0 My System	Re: Should I fix or re-install XP? Another thing you may want to check out is a custom host file located at: http://www.mvps.org/winhelp2002/hosts.htm it blocks a large group of suspected spyware / malware and other undesirable websites