Author Topic: xp virus  (Read 11532 times)

0 Members and 1 Guest are viewing this topic.

Offline ady4um

  • Massive Poster
  • ****
  • Posts: 2667
Re: xp virus
« Reply #45 on: December 06, 2011, 10:26:07 PM »

 _ _ | _  _   _    _    _  __|_      _ _ ._ _
_\(_||(/__\  (a)  (_|\/(_|_\ |   o  (_(_)| | |
ADD/REMOVE PROGS -> avast -> CHANGE/REMOVE -> REPAIR & REBOOT
Avast! 7 FAQ | FAQ & KB | Docs | Removal Utils | Configure Mail Shield | report FP | License Registration | UNSECURED?

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40627
  • Dragons by Sasha
    • Malware fixes
Re: xp virus
« Reply #46 on: December 06, 2011, 10:36:46 PM »
This at the moment is just a variant of the TDL4 MBR virus.. Although it has taken a new twist to all the others by stealing a bit of hard drive rather than infecting a file. At the moment it can be seen using disk management although I have just had one where the partition was hidden.  So a revamp in my detection is needed  ;D

Alas I am just a user like you so I have no influence with Avast

How is the computer behaving now ? Anything odd happening or is it good ?

If you are happy let me know and I will remove my tools

Offline avastment

  • Jr. Member
  • **
  • Posts: 66
Re: xp virus
« Reply #47 on: December 07, 2011, 04:58:50 PM »
7:55am.
Seems to be working as it was before TDL4 MBR virus.  Thanks very much I am surprised I was able to follow your directions.

Yes you can remove your tools.

As for that white or gray window showing up prior to main XP log in window it has something to do with primary enable, admin enable, configure disabled or configure enable in setup.  I change one of them earlier and I'll see what happens later when I restart.

Again thanks very much for your help.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40627
  • Dragons by Sasha
    • Malware fixes
Re: xp virus
« Reply #48 on: December 07, 2011, 09:21:45 PM »
A quick tool removal  ;D

Subject to no further problems   :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems 

Now the best part of the day ----- Your log now appears clean  :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset  System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Quote
    :Commands
    [resethosts]
    [emptytemp]
    [CLEARALLRESTOREPOINTS]
     [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
.

Run OTL and hit the cleanup button.  It will remove all the programmes we have used plus itself. 
.
We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.
.
    Your Java is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.
.
 Upgrading Java:
  • Go to this site  and click Do I have Java
  • It will check your current version and then offer to update to the latest version
.
Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
.
Malwarebytes.
.
Update and run weekly to keep your system clean
.
Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link
.
It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit .
To learn more about how to protect yourself while on the internet read our little guide  How did I get infected in the first place ?Keep safe  :wave:

Offline DonZ63

  • Poster
  • *
  • Posts: 469
Re: xp virus
« Reply #49 on: December 07, 2011, 10:03:43 PM »
Essexboy,

I forgot that CCleaner, aka crap cleaner, has a wipe utility in its Tools box. Will do various wipes including DoD.

Looks like a no-brainer to run. Only two options, wipe free free space(default) or wipe entire drive. Note: anyone reading this, never ever select wipe entire drive unless you plan to install you OS and applications from scratch.

I haven't used the wipe feature myself. Will test it when I get a chance.

Personally, I believe anyone with a TDSS rootkit infection should minimally wipe free space at DoD level.

I am old fashioned. I boot from an old Norton Ghost Enterprise CD I have and run GDISK at DoD level.
« Last Edit: December 07, 2011, 10:10:29 PM by DonZ63 »
AMD QUAD 945, 8 GB, NVidia GTS 450, 3 HDDs
Dual boot, MBAM Pro - both OSes, WIN 7 x64 SP1, NAV 2012, IE9; XP SP3, NIS 2011, IE8

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40627
  • Dragons by Sasha
    • Malware fixes
Re: xp virus
« Reply #50 on: December 07, 2011, 10:10:34 PM »
The bad partition though is not free space... I may have a look at that though

Offline avastment

  • Jr. Member
  • **
  • Posts: 66
Re: xp virus
« Reply #51 on: December 08, 2011, 05:30:23 PM »
I started about 7:15am and finished a few minutes ago. Little more than an hour.
1-  that white gray screen at start up on this xp32 is fixed by disabling password on primary, admin and system if after enter password in gray white screen at startup F2 and then alt-p 6 or 7 times to get to password window.
2-  OTL found directory DC31 which was not empty so I continued.  When OTL was done it was stuck on screen so I did a start and reboot.  Avast does not like OTL but I let it open normally.
  When you say click Yes to confirm could that also mean apply?
3- I downloaded Java version 6 and update 24 for this xp32
4- Downloaded IE8 for this XP32, rebooted, and install took forever downloading, installing and checking for malicious software.
It's all done except.  I owe you something and going back to this forum looking for my subject and hour ago I got a quick glance of other subjects saying they are unhappy with paid Avast.  I'm going to read them now.
How can we exchange email address?


Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40627
  • Dragons by Sasha
    • Malware fixes
Re: xp virus
« Reply #52 on: December 08, 2011, 09:50:24 PM »
Quote
When you say click Yes to confirm could that also mean apply?
I do, unfortunately I sometimes lapse from the correct terminology

Quote
I got a quick glance of other subjects saying they are unhappy with paid Avast
I must have a look at them.. As an aside I have been using Avast since prior to when they first created the webshield, so 4. something.  And in all that time I have never been infected or had any problems (outside of the beta trials that is).  Although I do know that as no two systems are the same there will be some that experience system stability problems, but I guess you could say that of any security programme.

I have just had one where the only way to get the system functioning perfectly was to totally uninstall Zone Alarm go figure  ;D

Is the computer still behaving properly ? 

 


Offline DonZ63

  • Poster
  • *
  • Posts: 469
Re: xp virus
« Reply #53 on: December 08, 2011, 10:30:53 PM »
Quote
I have just had one where the only way to get the system functioning perfectly was to totally uninstall Zone Alarm go figure
More and more third party firewalls are integrating HIPS/IPS/IDS protection. Sometimes these features smack you in the face such as Comodo's Defense+. Other times the functionality is hidden.

Couple that with the self-protection and other protection mechanisms modern AVs are adopting and you have "the perfect storm" of conflicts.

That is what my option is of the rash of network issues that have appeared after the .1367 Avast update. Most of the current third party firewalls protection includes shutting down networking when a perceived threat exists in the form of modification of core system components.

Problably best procedure and most simple to perform after an AV update is is to delete existing firewall rules applying to the AV network components and then let the firewall redetect them and generate corresponding rules. Why because most people do not know how to properly configure their firewall.

As far as malware goes that affects networking after cleaning, my standard procedure for years has been to uninstall the network adapter, reboot, and let the OS reinstall the adapter drivers. Of course, this assumes standard OS drivers otherwise the drivers have to be manually installed.
AMD QUAD 945, 8 GB, NVidia GTS 450, 3 HDDs
Dual boot, MBAM Pro - both OSes, WIN 7 x64 SP1, NAV 2012, IE9; XP SP3, NIS 2011, IE8