Posted 05 July 2008 - 09:59 AM
My friend has always called on me when her computer gets infected with anything. I'm not an expert, but have a good knowledge of how to fix most problems. Not the case this time. Her computer is a Windows 2000 Pro.
She called me and said she had three virus'. Spy.Banker.EGJ, Small.GEN and Virtumonde. She has Spyware Doctor, but said that every time she ran it, it said it had disinfected the computer, but that all three kept returning.
I did a bit of research and discovered Virtumonde is a real bad apple. Every site I looked at seemed to have different ideas on how to remove this. I finally settled on a plan of attack and went to look at her computer.
First I went into safe mode with networking and downloaded Vundofix. Then I loaded Spyware Doctor and ran the update files. I stopped it from running the autoscan. Then I downloaded Spybot-Search and Destroy, installed it, ran the backup, updated the files and ran the program. It found one Virtumonde file (sorry, I didn't note what it was). I hit the fix problem button and then there appeared to be some kind of blip... the screen went black for a split second, then all appeared to be fine again. I immunized and closed the program.
I rebooted into safe mode and went to run Vundofix. The specified path does not exist.
My first thought was that somehow S&D had done something wrong, so I went to reopen it. The specified path does not exist.
Unsure what to do next, I decided to redownload S&D. I rebooted into safe mode with networking and clicked on Internet Explorer. The specified path does not exist.
I played around for a bit, tried opening Spyware Doctor and several other programs. Each time I was told... The specified path does not exist.
I decided to check out the registry, but when I did regedit... The specified path does not exist.
I decided I needed to do some more research and told her I would return.
I discovered on one site there was a possibility that all the .exe files had been changed to something else. I went back and did a search for *.exe. All the files were there.
Back home again to do more searching.
The following were all attempted in safe mode.
I tried to run the Windows compatibility wizard. The specified path does not exist.
I went into Control Panel/System/Advanced/Environment Variables/System Variables... The specified path does not exist. I had downloaded Registery Repair onto a flash drive. When I went to run it... The specified path does not exist.
As administrator I added a new user, having read that someone had luck with doing this. Under the new user, she was able to run all her programs. Not so for me. Same old notice every time. The specified path does not exist.
I tried to run Disk Cleanup. The specified path does not exist.
I clicked on Defrag... and lo and behold it actually worked! I came back home, as defragging always takes forever. I told my friend to try running Disk Cleanup again after it finished defragging. She did and had no luck.
She does not have the Windows 2000 installation disk as the program was already installed when she purchased the computer. She has no problem with reformatting, but the only disk she has is a Windows 98. She is a single mom and cannot afford to take it in and have it professionally fixed. Neither of us know anyone with a Windows 2000 disk. I run Windows XP, but do not have the disk for it either, as the program was loaded when I bought the computer.
What is my next move please? I understand that an orphaned registry entry (posting from boopme) is probably causing the problem, but with no internet access I can't download autoruns, and a flash drive doesn't appear to work either.
Thank you for any suggestions.