I'm new to this site and this is my first post. Hi and thanks for having me. I love what you've done with the place! ;-D
I'm running XP with SP2 on a Toshiba Satellite Pro A100 laptop, equipped for both wired and wireless net access (the latter managed by Intel PROSet) and ended up with this worm - unsurprising since I use P2P software quite a lot. About 10mins after it exploded onto my desktop - without a peep of warning from my AVG freeware I might add - I disconnected my 2 external drives, tried to sever the (wireless) net connection using IntelPROSet and, when that didn't seem to respond, I turned off the wireless adaptor using my machine's hardware switch.
I then went and fired up the house computer to look for help on the web and quickly found http://www.bleepingcomputer.com/forums/t/161001/wormwin32netbooster/
, which helped me identify what had happened to my computer. I turned my laptop back on, reconnected to the web, downloaded Malwarebytes' Anti-Malware and continued exactly as Quietman7's post instructed. As I removed all the selected objects I received the same "Malwarebytes' Anti-Malware will now enable Regedit" pop-up Robttt had received and, like him, clicked "OK". (I didn't delete anything in Quarantine.) I then rebooted my computer (although unlike Robttt I don't think I purposely disconnected from the internet first) and found my pc clock had returned, the fake desktop icons were gone and I had access to my control panel again - i.e. all the infection-related changes I had previously noticed were back to normal. I rescanned with MBAM, which found one new object, and I deleted that, then rebooted again.
This is where my path seriously departs from Robttt's ...
Upon rebooting, there was my user account but instead of being able to click and login (which I never have to do anyway - I never created a separate administrator account) I got a pop-up telling me I wouldn't be able to log in unless I activated my copy of Windows (which of course was done a year and a halp ago when the laptop was new). I went through the process but the activation software couldn't connect to the internet, so then I tried the (automated) phone option but that was stymied too (most of the sticker with the authentification code that was on the base of my laptop rubbed off about 6months ago). The only remaining option was to phone Toshiba CustServ, so I put that aside til next business hous.
SO... next I restarted and got into safe mode, at which point an administration account appeared, and I couldn't log into that so I logged in, w/out password as usual, to my own user account. I ran the MBAM scan again - all clear - and then decided to try and finish following Quietman7's suggestions to Robttt and download ATF Cleaner and SUPERAntiSpyware Free, but found IE wasn't connecting to the web. When I opened Intel PROSet, it informed me that no wireless network adapters were installed. I looked for some more advice on the web, couldn't find much but tried, in Add/Remove programs, selecting the Repair option for Intel PROSet. That didn't work, and there I shut down and went to bed.
Next day, I found I was unable to boot up even into Safe Mode, it just kept bringing me back to ordinary XP login and then informing me I'd have to activate windows to log in. I called Toshiba and they were no help - best advice was to use my Windows recovery disc (which is in a nonspecific box in a friend's house in Wales, while I'm in Northern Ireland) and reformat everything, thereby losing everything on my hard drive (~75GB). Since most of it's recently backed up that wouldn't be entirely disastrous, just a bit logistically difficult, and it seemed I had no other options, But after I hung up I tried booting in up in Safe Mode again and 'got in' on the third try!!!
I'm sure something can be done from here: my registry undoubtedly needs repair (and I don't have a purposely made back-up anywhere - yes, I'm kicking myself) but I don't know how or in what way; it's time for situation-specific advice so I don't mess up now, and I'm obviously hesitant to restart and boot up again before I achieve anything worthwhile in case I can't even get back into Safe Mode. Wireless is still a no-go, MBAM scan is still reading no infected objects (just doing a thorough scan now to check that), and I don't know for sure but I've tracked down the relevant cable and I may be able to get cabled net access going, provided that adapter hasn't been uninstalled.
So has anyone got any suggestions, or could advise me from here?? I have no idea if this would be Quietman7's area of expertise, so if I don't hear from him I'd just like to say thanks for getting me this far - I'm guessing I'm now virus free and this is just aftermath. I'm optimistic ;-D. So, any offers?!?!
Many thanks in advance to anyone who can help. And, in the words of Robttt, hope I'm using this site the way you all intended. Cheers and a big fat blessing on your house.
Optimistic, Norn Irn