Fatal Errors Using Virus Scanning (Norton Systemworks)

[rozel]

OK I hear what you say, but when a site such as this gives a link, then maybe you ought to underline any matters of importance such as "remember this program deletes temporary folders as well as temporary files". I cannot argue with what you say but I sure as hell don't remember seeing this when I clicked on the download to install and run CleanUp. Coming from a so called trusted forum such as this I went on to install and run the program. You certainly didn't give me any warnings initially and now I think you are covering your backside.

I do not want a war - I simply do not agree that you are not at least partially to blame. I have never blamed you entirely but cannot understand why the versions have changed and why you need to explore deep inside Cleanup's help files to learn of the registry adjustment to prevent it form cleaning all but your boot drive's temporary files (I mean folders or do I mean both lol!). No this is poor software. It is not bad practice as the site says to store files in temporary folders and I sure as hell don't need to be treated as an imbocile as you seem intent on doing in the manner of your responses. After all it was you who asked the question as to why my software didn't have the option wasn't it? This here implies you did not know beforehand and this admission is all I need. To cover yourself by stating the small print on the site gives rise to my feelings as already said that you had no idea what the problem was and went off shooting in the dark. This indirectly and contributantly caused my files to be deleted.

I sincerely trust that other members will hede this thread before downloading and running Cleanup! I also sincerely hope that once my system is clean, that I can recover my files - oh and thankyou for wishing me luck in this respect (NOT!).

Sheeeeeeeeeeeeeeesh

Unless I get a response from a senior member who can at least acknowledge what I'm saying, then I'm outta here!

Paul

[MoralTerror]

I told you that you had downloaded the newer version of cleanup this is why I asked about the check box. I myself do not have the newer version and was unaware the checkbox wasn't in the newer version. After checking with cleanup and my mentors I then realised that cleanup didn't require the box in the newer version and I informed you of that right away.

I am not covering my backside just stating that you were instructed to make backups at CleanUps download page. I realise I should have put it more obvious in my instructions and I have offered several apologies. I have also taken the necessary steps to make sure it doesn't happen to other users.

I geniunly meant it when I wished you luck, I know you have a lot of work to do to recover from this incident. If you can't accept that my wishes were of good intention then that's up to you.

I will try my best to hurry a response from my seniors on this matter.

[rozel]

Thankyou for this further explanation. I genuinely mean that I do not want to upset anyone on this forum due to my frustration and would apologise if I did so.

I will be satisfied provided others can learn from this situation - yourselves as Analysts and members seeking to rid themselves of viruses produced by sicko's.

This seems to be the spirit of your last response for which I thankyou. I still think that the latest version of CleanUp is a backward step by insisting that all drives are scanned, with no visible way of stopping it from doing so, without a registry fix.

I am having difficulties now with Symantec to be honest and think that a clean system will not come about without a full format and reinstall.

Can I ask a final question please: -

If I clean partition C:\ with a full format and Norton SystemWorks (fully updated to 26th April) suggests there are no files infected on all my other drives, can I take it that my whole system will be clean? I'm worried now that by recovering my files on D, E,F,G and H, that my system may become re-infected. Any help here would be appreciated.

By the way there is no need now to put this up the line anymore - please continue with the dialogue with me please.

Paul

[MoralTerror]

I will continue with your line of enquiry regarding the new version of CleanUp and will notify you as soon as possible about it.

Given the fact that Norton does detect polip then yes it will detect definate findings. Bear in mind that this virus is still very new and some files may not even be detected yet. With your virus definitions out of date today so to speak then this puts you at more risk of not detecting any that are added to this virus' definitions and indeed any other new viruses. Data files should be ok to keep however if you want to keep exe files then they should be treated as suspect and quarantined for a period of 1 or 2 months when most Anti-Virus products should be able to fully clean infected files.

[skate_punk_21]

Hi there rozel, I'm just gonna jump in here if thats alright.

Quote:

can I take it that my whole system will be clean? I'm worried now that by recovering my files on D, E,F,G and H, that my system may become re-infected. Any help here would be appreciated.

There is no guarantee. If there happens to have been an executable file on any of those drives that HAS BEEN RUN it will likely have been penetrated by this infection.

As MoralTerror has already told you this is a very unfortunate infection with very few tools that can remove it. HOWEVER I would like to offer the following as a last chance at disinfection. I have tested this procedure on my own test machine and has worked flawlessly but as always, there is no guarantee.

<edit> Have a few ideas for recovering your files as well, but we will address that later</edit>

Please print out these instructions or save this Page to your desktop for later viewing while in safe mode.

Downloads
Please Download Dr.Web CureIT! and save it to your desktop. DO NOT RUN IT YET


Boot Into Safe Mode
Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work.


Run Downloaded Tools
Once in safe mode, double click the file "drweb-cureit.exe" on your desktop and click "ok" in the prompt that follows.

It will first make a quick scan of your systems running processes, let it clean what it finds (if anything). When You are shown a map of your computers drives, " Click on the green screwdriver button at the top. Then, under the actions tab, use the 5 dropdown menus on the right and select "delete" for each one. Then hit "apply" and "ok."

Now Click on the drive(s) you want to scan. A red dot will mark the selected drive(s) . Then hit the green arrow on the center right side. It will now scan your drive(s), say yes to all prompts for cleaning.

When finished Reboot back to normal mode and give us the heads up that you've finished,then we will likely follow up with another online scan.

Good Luck
Skate

[rozel]

OK Thanks - I will attend to that and notify you when everythings has been completed. For what it's worth, SYMANTEC can no longer help me and they have refunded me the 69 Euros I had previously paid for there virus removal.

I have a defunct OS - it will boot into Windows but I cannot get online due to iexplore and outlook express .exe files being corrupted and now deleted. As previously stated these two files along with 445 others have already been deleted out of Norton SystemWork's Quaratine folder which represents 447 pieces of software, which I can no longer run. In addition I have untold software on my other drives which may have been infected. Can I please therefore have a full plan rather than follow instructions, step by step.

I need to know first how I can reinstall my OS - after running the software above what do you prpopose to do - me thinks as helpful as you are trying to be, that you have overlooked my inability to use Internet Explorer and Outlook Express. Of course I can download the tool you have described onto my LapTop and transfer this to my Main PC via a memory stick. But how do I then set about reinstating my OS? The third party software, I have already discounted/written off as I can always sort this out afterwards.

My main requirements now are: -

1. Repair my OS long enough to backup/export my Outlook Express folders, Address Book and Settings

2. Backup/export my Internet Explorer Favourites

3. Anything else which I can not think about just now! If subsequently we need to undertake a full format reinstall of XP Pro, then sobeit, but only after these previous steps ok?

4.. Then I need a stratedgy for recovering my deleted files followed by disinfection followed by restore.

Please therefore outline the requisite steps to cover these requirements viz a viz your own suggestions. I need a cohesive plan, knowing at the outset that my requirements will be taken into account, realising that the 447 files have already been deleted and ending up with my system as near as possible to that I enjoyed before the virus took effect. My Outlook Express folders and address book is absolutely paramount to reinstate - I recall that this is on my F:\ or E:\ Drive - I forget which.

I look forward to having this plan very shortly as I would like to start next week.

Paul

[skate_punk_21]

Still formulating a full plan. Will be afk until tomorrow late evening. Should have more details then.
Skate

[rozel]

Thanks very much - I am away for the Bank Holiday Week-end so will not be around from here on until Monday late afternoon. My hope is that I can get going on Tuesday with a view to having everything sorted by next week-end.

Thank you for taking such an interest in this case, I am very grateful

Paul

[skate_punk_21]

This is the plan...
You've already got the disinfection instructions so i will not go through that again, my hopes *Crossing fingers* is that after the removal tool has run its course will will be able to merely replace whatever system files are missing from the CD WITHOUT reinstalling. Now, outlook and IE can both be installed from the MS web site, so i wouldnt worry about their lack of functionality at the moment. As for backing up those folders/documents...

1: backing up outlook express:

I suggest you read through this page below thoroughly, as it is the most promising option out of any 3rd party solution that ive found thus far:
http://www.argentuma.com/backup/outlook-backup.html

If we proceed I would intend to run this after disinfection to hopefully prevent the application from corruption.


2: backing up favouites:

Simply zip & move this folder:
C:\documents and settings\{your username}\favourites


3: wasnt a question

4: I am REALLY hoping here, that we wont have to do a reinstall. Because if we do it is damn near impossible to recover things without professional software.

I will soon be upload the installer of a very good file recovery program that has helped me many times before, but i would like to do this AFTER we attempt to disinfect your computer so as to prevent the installer, and application itself, from becoming corrupt.

Let me know if that suits ya.
Skate

[rozel]

Great thankyou Skate. I am now in the mood to go for it, starting tomorrow. The plans sounds fine. So if you can advise how I start then I will take matters from there, starting after I get home from work and have slept tomorrow.

Paul

[skate_punk_21]

Terribly sorry for the delay, didnt get my email notification like normal Here is the installer for the file recovery tool, Have your windows XP Cd Ready, and Start with the disinfection tool, (i have posted the instructions here.

After you reboot back to normal mode, insert your windows CD and go to Start >>Run and type:

Code:

SFC /scannow

Allow it to replace any files that are found to be changed. Following this, post back a reply and let me know how everything went, then we will decide the next course of action from my previously stated action plan.
Skate

[rozel]

Thanks for that Skate - I just came on here just now to give you an update on what has transpired since my last post and saw your's - yes this is what I was wondering about when I posted last lol!

Please also do not think me rude either because I have been busy preparing for my how shall I put it "Recovery"?

Firstly, I bought a pair of Cosair "TwinX" 1Gb Matched Memory sticks - can't be bothered fiddling with my existing memory - when I opened my system up earlier this week, I remebered that I did not have 2 x 1Gb sticks - I had 4 x 512Mb sticks!, so testing for the faulty stick (if indeed it was faulty) would have been a long winded process. I also had a faulty Floppy A drive and this was replaced too. I finally bought 2 x 4USB2 self-powered hubs.

Thinking about things a little, my USB problems are "power" related and I wondered whether this was because of a faulty USB device. I have eliminated many of my devices as being faulty by just removing them. One that I had overlooked was a Trust multi-card reader, built-in to one of my spare 5.25" drive bays. Earlier today I took my system apart and gave it a bloody good clean out. I do this once in a while, but not maybe as often as I should. For once I "pulled" the Trust card reader out and I could not believe the amount of dust it had accumulated. I cleaned it thoroughly and checked the connections - previously I recall this device being hit and miss when using it. By that I mean sometimes the power light would not come on and sometimes it would flash intermittedly. More often than not it would not work when acessing my numerous memory cards, reverting to the very slow card reader built in to my printer.

After the spring-clean, installing the new memory and Floppy drive I booted up and the first thing I noticed was that my Trust Card Reader Power light was stable! I have not fully tested everything yet but I have run The download tools scan and I can report a virtually clean scan apart from 4 irrelevant files on my E:\ Partition, which I naturally deleted.

Last week I successfully undertook a full System Scan using Norton SystemWorks 2005, fully updated to 26th April (now to 3rd May) and since then my BSOD's have not reocurred. That said after speaking to the Symantec Technician, the 447 files that had been Quarantined from this scan were deleted, but only after I saved a log giving me full details as to what was deleted! This is compiled in a 72-page Word Document, because my Note-pad and Word-pad progs are just two more progs that will not work because of the file deletion.

So I am ready now to restore everything as you explained, then I will run the file-checker/restorer as you mentioned in your post yesterday. I then propose to update my Windows OS using Microsoft's Update Web Site and after that run a full defragmentation. Following that if everything works, I want to restore my other deleted files (not the ones deleted above but the ones deleted by CleanUp) but I will report further before then.

Thankyou once more - for the first time in what seems like ages, I feel more confident that I will reach the end point successfully. That said if I have problems with the Windows file checker/restorer, I will do a clean install of Windows on my existing C:\ partiton.

Cheers again and please bear with me a while longer - I will try to post again before tomorrow evening, when I leave for work again.

Paul

[rozel]

Oh well! - tried SFC, which I thought would be the best attempt at putting things back to nearly where they were, but I am running into the "Insert Windows CD" error. This would not be a problem to overcome normally, but I cannot run regedit to amend the registry !! Another one of those 447+ deleted files!!! So what now - I am going to reinstall windows - maybe this will allow me to at least run my file recovery progs.

Await my further report...................

Paul

[skate_punk_21]

thats wonderful news Rozel!
I'm curious do you have a C:\i386 folder on you computer (C:\ just being whatever your root drive is) If so, i can possibly give you a substitute for regedit.exe and have sfc /scannow point to that folder.

Lemme know whats up
Skate

[rozel]

Thanks - I think I'm getting somewhere - but terribly slowly - I "borrowed" a few files from my wife's pc - IEXPLORE.exe, MSIME.exe and regedit.exe !! - now at least I can get Internet Explorer, Outlook Express and regedit to work. Exploring the article on SFC.exe, I have copied the I386 folder to my C:\'s root folder as suggested and have pointed the sourcepath to C:\. However I now keep getting "please insert your XP CD" due to files needed to be written to the dllcache. When I press Retry it carries on, but is it copying the files? - I suspect not. When I click on to More Information, it says your copy of the XP CD is not the correct one - but it definately is!

I get appx 3 occurences of this during the scan but then it finishes and does not say anything further. The first time I did a scan after adjusting the sourcepath entry in the registry, when rebooting I noticed that "A please Wait" screen appeared - I'm assuming that this was so files could be copied/changed etc. However once booted up I still cannot get Notepad or Windows Media Player to work - just 2 of possibly many others which do not work, so I must assume SFC hasn't done it's job. I've read the article several times and I am not sure what to do next. I have tried pointing to C:\ and also my K:\ - this is my CD-Rom but I always get the 3 occurences of this error - so I guess this is now my main problem.

My boot up process now takes forever too - something is very very wrong but at least I can still boot. The OS seems sick.

Could you please tell me if a reinstall of Windows, over the existing copy will do any harm/good? - assuming of course that you cannot overcome this error. This would at least save a complete reformat but would it cause more problems?

Paul

[rozel]

Hi again! - sorry to push, but I'm still struggling. That said BSOD's seem to have disappeared and USB's working a little better although not perfectly - my beloved mouse and keyboard are still sometimes not recognised on boot-up but this I think may be because of the weight the cable loads on to the ps2 connector at the back of my tower. It uses a USB plug which then fits into a USB to ps2 converter which in turn plugs into the pc. Maybe with a bit of fiddling I can get this to work. New Floppy drive works ok.

However I still cannot get the file checking prog to work and before doing anything else I would like to give this a try as a full reinstall will be painstakingly slow!

So please see if you can overcome my above difficulties

Thanks again

Paul

[skate_punk_21]

Hi Rozel,
We can do a repair installation which would restore your machine to a beautiful state but the more that we move files around on your machine, the less chance we have of recovering the lost documents. so before we try to restore your machine, i would suggest your run the file recovery apps. and get back whatever you can. Repair installations are the easy part.

[skate_punk_21]

If you use the installer i have uploaded...

• Run the application
• select english (or your most proficient language) and click the check mark
• Select the top left-most with the up arrow & recycling bin labelled "Recover Deleted Files"
• Select the drive from which the files were lost, and again, click the check mark
  <<computer will now be scanned for existing and lost files\folders\documents (please be patient)>>
• Green folders contain can be recovered, if you know where the lost files were located, you can navigate to that location and they will hopefully be listed
• when you find the files you want recovered select it (hold shift to select more than one) then right click and select "Save to..." and save it to one of you alternate storage drives.
  *Note: you can also search for specific files via clicking the magnifying glass on the center left of the program interface.

[rozel]

Skate - thanks. However I would like to do the repair install first if that's ok - you see all my deleted files are on partitions other than C:\ I have nothing at all on C:\ that has been deleted other than some of the 447 files deleted as a result of infection. I am not using the other partitions - those from which files were deleted by CleanUp. So if you agree, I would like to press on with the repair of my Windows OS.

I draw comfort from the fact that you can repair my OS and this is my priority now - given that anything we do here should not affect any subsequent file recovery from my other Partitions.

If you agree, could you let me know what to do - if you don't then please explain why and I will abide by your decision. I will be going to work in 2 hours and I really would like to sort this tomorrow if possible

Paul

[skate_punk_21]

Ohhhhhhhh! that makes good sense then
Everything you will need is HERE.