Nasty virus attack – Impossible to clean my PC, Assistance Please

[YoKenny]

Read about Comodo as it will interfere with avast!
http://forum.avast.com/index.php?topic=46737.0

DrWeb is another anti virus application and you can not run 2 concurrent anti virus applications together as they interfere with on another.

If you must use a software firewall then either Outpost or PC Tools are recommended.

I like Malwarebytes Anti-Malware (MBAM) and I use the resident protect version as it adds an additional layer of protection and it is only $28.34CDN one time charge.

[cdestefani]

YoKenny,

Thanks for your answer. Very good comments and link. I think PCTools will be the choice since it is installed in another PC.

[micky77]

but my Safe Mode still does not work. How do I restore it?

Have a look at these 2 links http://blog.didierstevens.com/2007/02/19/restoring-safe-mode-with-a-reg-file/

http://blog.didierstevens.com/2006/06/26/restoring-safeboot/

Be careful though, and read carefully. Also you have xp3, the registry file may not work, maybe you could export from another xp3 pc,if you not what your doing.
Also to make sure you restore before the infection, so not to restore the virus

[cdestefani]

I had visited the link for the "Safe Mode" problem and it is excellent! The zip file also has a file for WinXP SP3. After 3 attempts the file merged and I recovered the Safe Mode. This was yesterday, I run Avast but in safe mode at that time the report says the PC is clean.

Previously this is what I have done:

- I uninstalled the Comodo Firewall and Antivirus
- Installed Avast
- Installed PC Tools Firewall
Once this was finished I set a Boot Scan with Avast and found 18 files in the Volume System Information folder, most of them with the Beagle virus and some with Trojans. The report is attached.

Then:
- Installed the Foxit reader and set it as default reader.
I left Adobe Acrobat 7 installed I need it to generate my pdf files. I hope that with the Firewall I will be able to block its access to the net whenever it tries.

Now, I have pending to visit the Hive Cleanup Service from Microsoft.

What I noticed is that it takes longer to boot and switch off the PC after this virus attack. Is there any way to recover this? Is it of any use  or does it help the CCleaner facility?

[.: L' arc :.]

 Use CCLeaner to disable some unnecessary startup items like AdobeSpeedLauncher.

[cdestefani]

I just would like to thanks all the assistance received during this virus attach.

Safe Mode was fixed, it is working now.

Now, I need further work with the registry mainly to make a faster booting and switching off. I believe this is not the place to discuss this issue, but if anyone knows of a handy tool or how to approach it, I will appreciate it too. Thanks.

[mikaelrask]

hey! yes Comodo antivirus will interfere with avast sens you should not run two antivirus programs at the same time but you could unchecked that option to install Comodo antivirus and only running Comodo firewall side by side of avast or uninstall avast and use the suite of Comodo with firewall and antivirus.

there is a new version of acrobat reader you can download 9. something otherwise you can use foxit reader that was sad earlier in this topic.

[cdestefani]

Thanks, yes I am aware of the Comodo options, but I prefer Avast as antivirus.

The pdf issue (Adobe and Foxit) was answered in my previous answeres too.

[mohdnaseim]

About 3 days my PC got infected with several viruses. This is what I have done so far:

First thing was to disconnect it from the internet.

Then I tried to start the PC in safe mode and it didn't boot. I forced the Safe Mode with the msconfig selecting in Boot.ini “SafeMode/Minimal” and it took me to a nonstop starting loop. It took me over a day to fix the boot.ini file and make it start again. The PC has an ASUS P5GC MX/1333 and I can't make it boot in safe mode.

With Windows XP SP3 in standard mode Avast and SpyBot were disabled,every time I want to run them a message says "they are not Win 32 applications". Malwarebites is the only antivirus that works and every time it runs find 2 or 3 registry keys and 4 or 5 infected files. I delete them all, but to delete some of them the PC must be reboot and in the process all of them are either not deleted or regenerated.

So I tried Avira Rescue CD with several files renamed, some of them in System Volume Information folder that I could not get access to delete them, the other were deleted but I could also see were regenerated.

Today I downloaded the DrWeb Rescue CD and attempted to clean it in the starting process but it stopped in the System Volume Information folder. I run it a few times I managed to stop it whenever I saw a virus (Trojan.StartPage) and restarted the scan hoping that will continue in the critical stop point without these files. But there were no differences.

I can't install HijackThis, it is blocked by the viruses.

So, from my understanding what I could do are two options:

Try to find another Rescue CDs and run them and eventually the PC may become clean or ask for some assistance in this forum.

Can anyone offer me some assistance with this nasty problem? I am lost, not knowing what is the best solution. I can't reformat the HD, I have a lot of data that I can't copy (too many GBs) and I can't afford to loss it.

Thanking you in advance,

Carlos
=

[Brickstin]

About 3 days my PC got infected with several viruses. This is what I have done so far:

First thing was to disconnect it from the internet.

Then I tried to start the PC in safe mode and it didn't boot. I forced the Safe Mode with the msconfig selecting in Boot.ini “SafeMode/Minimal” and it took me to a nonstop starting loop. It took me over a day to fix the boot.ini file and make it start again. The PC has an ASUS P5GC MX/1333 and I can't make it boot in safe mode.

With Windows XP SP3 in standard mode Avast and SpyBot were disabled,every time I want to run them a message says "they are not Win 32 applications". Malwarebites is the only antivirus that works and every time it runs find 2 or 3 registry keys and 4 or 5 infected files. I delete them all, but to delete some of them the PC must be reboot and in the process all of them are either not deleted or regenerated.

So I tried Avira Rescue CD with several files renamed, some of them in System Volume Information folder that I could not get access to delete them, the other were deleted but I could also see were regenerated.

Today I downloaded the DrWeb Rescue CD and attempted to clean it in the starting process but it stopped in the System Volume Information folder. I run it a few times I managed to stop it whenever I saw a virus (Trojan.StartPage) and restarted the scan hoping that will continue in the critical stop point without these files. But there were no differences.

I can't install HijackThis, it is blocked by the viruses.

So, from my understanding what I could do are two options:

Try to find another Rescue CDs and run them and eventually the PC may become clean or ask for some assistance in this forum.

Can anyone offer me some assistance with this nasty problem? I am lost, not knowing what is the best solution. I can't reformat the HD, I have a lot of data that I can't copy (too many GBs) and I can't afford to loss it.

Thanking you in advance,

Carlos
=

wait what kind of spybot? Spybot search and destroy? I heard that wasn't very legit.. = / .

[scythe944]

wait what kind of spybot? Spybot search and destroy? I heard that wasn't very legit.. = / .

It's a very legit program, just not as useful as it once was.