Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HELP im infected and dont know what to do


  • Please log in to reply
13 replies to this topic

#1 zebono2

zebono2

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:15 PM

Posted 27 December 2008 - 05:05 AM

hi there

ok ill start with the computer spec
windows xp sp3 (running vista theam)
modem = speedtouch
Router = Netgear wireless-N router WNR2000
browser = Firefox 3.0.5
anti virus/ fire wall = zone alarm secrity sute version 7.0.470.000



Problems

(1) Fire fox is redirecting web pages

(2) Unable to download files

(3) A pop up is popping up every min
(one just poped up)
URL http://c5.zedo.com bla bla bal
its about anti virus
its in internet explorer (i use fire fox3)

(4) anti virus will not update

(5) cannot get in to router to change settings



OK so this is what i have done

ran zone alarm and done a full scan (if only found some tracking cookies)

ran ad-aware 2007 found some files (i cant rember what thay are now)

installed avast 4.8 and done a full boot scan found 11 file and deleted them

tried a system restore but after i click my restore point and click next nothing happens

when i click a link down the bottom of fire fox an the left it come up with (wating for copy-book.com

OK just got a windows internet explorer pop up message

ATTENTION! If your computer is struck by spywhere, you could suffer data loss, erratic behaviour, PC fresses and crashes

Detect and remove viruses befor thay damage your computer
antivirus 2009 will perform a 00% FREE and quick sacn fo your computer for viruses, spywhere and adwhere.

Do you want to install anti virus 2009 to scan your computer for malware now? (recommended)

[ok] [cancel]

i clicked cancel and a internet explorer browser poped up
http://liveanitviruspcheck.com/2009/1/en/f....php?id77001103

so i close that window



I dident know what you guys want so i tryed to put al the infomation i could think that would help you

thanx in advanced
zebono2

BC AdBot (Login to Remove)

 


#2 zebono2

zebono2
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:15 PM

Posted 27 December 2008 - 05:14 AM

update

boot.com is trying to copy to all my hardrives and flash drives

E:\resycled\boot.com
Win32:Fabot [Trj]
Trojan Horse
081226-0, 26-12-2008


action delete file

J:\resycled\boot.com
Win32:Fabot [Trj]
Trojan Horse
081226-0, 26-12-2008

action delete file



E:\resycled\boot.com
Win32:Fabot [Trj]
Trojan Horse
081226-0, 26-12-2008


action delete file


pop up browser

Edited by zebono2, 27 December 2008 - 05:19 AM.


#3 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:06:15 AM

Posted 27 December 2008 - 07:26 AM

from your router's manual

Restoring the Default Configuration and Password
This section explains how to restore the factory default configuration settings that reset the router’s
user name to admin, the password to password, and the IP address to 192.168.1.1.
You can erase the current configuration and restore factory defaults in two ways:
• Use the Erase function of the router. To use the Erase function, see “Erasing the
Configuration” on page 6-9.
• Use the restore factory settings button on the rear panel of the router. Use this method for cases
when the administration password or IP address is not known.
To use the restore settings button:
1. Locate the restore factory settings button on the rear panel of the router.
2. Use a sharp object such as a pen or a paper clip to press and hold the restore factory settings
button for about 5 seconds, until the Power light begins to blink.
3. Release the restore factory settings button, and wait for the router to restart, and for the Power
light to stop blinking and become solid green.
The factory default settings will be restored so that you can access the router from your Web
browser using the factory defaults.
Warning: These procedures erase all current configuration settings.


You need to use a clean computer to then set a strong password

I would then use another computer to download to and run MBAM after transfering the installer and updates to the infected computer which I would leave offline


http://www.bleepingcomputer.com/forums/ind...t&p=1059827


I would immunize the clean computer and a flash drive for the transfer of files or logs

http://www.techsupportforum.com/sectools/s...Disinfector.exe

download Flash_Disinfector.exe by sUBs and save it to your desktop.

* Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
* The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well. Hold down the Shift key when inserting the drive until Windows detects it to keep autorun.inf from executing if it is present.
* Wait until it has finished scanning and then exit the program.
* Reboot your computer when done.

Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive that is plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.
Chewy

No. Try not. Do... or do not. There is no try.

#4 zebono2

zebono2
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:15 PM

Posted 27 December 2008 - 07:47 AM

Malwarebytes' Anti-Malware 1.31
Database version: 1550
Windows 5.1.2600 Service Pack 3

27-Dec-08 11:49:27 PM
mbam-log-2008-12-27 (23-49-27).txt

Scan type: Quick Scan
Objects scanned: 66624
Time elapsed: 3 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 16
Registry Values Infected: 6
Registry Data Items Infected: 2
Folders Infected: 5
Files Infected: 33

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\vumeburi.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\defupabo.dll (Trojan.Vundo.H) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d6653329-df29-45cc-bbba-cc73b25f29c5} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d6653329-df29-45cc-bbba-cc73b25f29c5} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2ff811e6-8925-4084-a649-c159955e67e8} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\videosoft (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\RegSweep (Rogue.RegSweep) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webvideo (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{aa6cb4fc-0787-4ec4-91c5-92d215e69399} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{c2f24e19-38f9-4e41-af32-07249d1df5bd} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{49d4259b-4db2-4c10-b32c-bd31e0c61649} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{49d4259b-4db2-4c10-b32c-bd31e0c61649} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\rafbsvnx.bnvr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\rafbsvnx.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0888d6b2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm0bbbe52e (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vogolorozi (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{49d4259b-4db2-4c10-b32c-bd31e0c61649} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\defupabo.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\defupabo.dll -> Quarantined and deleted successfully.

Folders Infected:
C:\resycled (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Documents and Settings\zebono2\Application Data\RegSweep (Rogue.RegSweep) -> Quarantined and deleted successfully.
C:\Documents and Settings\zebono2\Application Data\RegSweep\Log (Rogue.RegSweep) -> Quarantined and deleted successfully.
C:\Documents and Settings\zebono2\Application Data\RegSweep\Registry Backups (Rogue.RegSweep) -> Quarantined and deleted successfully.
C:\Documents and Settings\zebono2\Start Menu\Programs\videosoft (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\vumeburi.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\irubemuv.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wolijuke.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ekujilow.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\defupabo.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\msqpdxalmkvrns.dll (Trojan.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\dajidomu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\selukune.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\romopifo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\~.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\Components\iamfamous.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Documents and Settings\zebono2\Local Settings\Temp\tmp225.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\zebono2\Local Settings\Temp\tmp26.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\zebono2\Local Settings\Temp\tmp8F.tmp.vzr (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\zebono2\Local Settings\Temp\~nsu.tmp\Au_.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\zebono2\Local Settings\Temporary Internet Files\Content.IE5\6ABTNTS9\style[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\zebono2\Local Settings\Temporary Internet Files\Content.IE5\ZTT0DYDX\style[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\resycled\boot.com (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Documents and Settings\zebono2\Application Data\RegSweep\Registry Backups\2007-11-17_14-04-25.reg (Rogue.RegSweep) -> Quarantined and deleted successfully.
C:\Documents and Settings\zebono2\Application Data\RegSweep\Registry Backups\2007-11-17_14-04-48.reg (Rogue.RegSweep) -> Quarantined and deleted successfully.
C:\Documents and Settings\zebono2\Application Data\RegSweep\Registry Backups\2007-11-17_14-05-08.reg (Rogue.RegSweep) -> Quarantined and deleted successfully.
C:\Documents and Settings\zebono2\Application Data\RegSweep\Registry Backups\2007-11-17_16-01-03.reg (Rogue.RegSweep) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\msqpdxbwyrgixg.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\msqpdxcfmxnlij.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\msqpdxhoymqgut.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\msqpdxpaibqtoo.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\tqwolser.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\rafbsvnx.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tempo-26F.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tempo-4B3.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tempo-745.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tempo-907.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tempo-E27.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.

#5 zebono2

zebono2
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:15 PM

Posted 27 December 2008 - 08:16 AM

ok i just rebooted my computer and i got this

be for i got to the log on screen



services.exe - bad image

The application or dll c:\windows\system32\defupabo.dll
is not a valid windows image check agenst your installation disks



lsass.exe - bad image

The application or dll c:\windows\system32\defupabo.dll
is not a valid windows image check agenst your installation disks



after i logged on

userinit.exe - bad image

The application or dll c:\windows\system32\defupabo.dll
is not a valid windows image check agenst your installation disks


explorer.exe - bad image

The application or dll c:\windows\system32\defupabo.dll
is not a valid windows image check agenst your installation disks


razerhide - bad image

The application or dll c:\windows\system32\defupabo.dll
is not a valid windows image check agenst your installation disks



rondll32 - bad image

The application or dll c:\windows\system32\defupabo.dll
is not a valid windows image check agenst your installation disks


zlclinent - bad image

The application or dll c:\windows\system32\defupabo.dll
is not a valid windows image check agenst your installation disks

i tunes helper - bad image

The application or dll c:\windows\system32\defupabo.dll
is not a valid windows image check agenst your installation disks


dvd_43 - bad image

The application or dll c:\windows\system32\defupabo.dll
is not a valid windows image check agenst your installation disks



nwiz - bad image

The application or dll c:\windows\system32\defupabo.dll
is not a valid windows image check agenst your installation disks


rundll - bad image

The application or dll c:\windows\system32\defupabo.dll
is not a valid windows image check agenst your installation disks


ctfmon - bad image

The application or dll c:\windows\system32\defupabo.dll
is not a valid windows image check agenst your installation disks


ashdisp - bad image

The application or dll c:\windows\system32\defupabo.dll
is not a valid windows image check agenst your installation disks


speed fan - bad image

The application or dll c:\windows\system32\defupabo.dll
is not a valid windows image check agenst your installation disks


ebooster cp - bad image

The application or dll c:\windows\system32\defupabo.dll
is not a valid windows image check agenst your installation disks


taskmgr - bad image

The application or dll c:\windows\system32\defupabo.dll
is not a valid windows image check agenst your installation disks


trans bar - bad image

The application or dll c:\windows\system32\defupabo.dll
is not a valid windows image check agenst your installation disks


vbericon - bad image

The application or dll c:\windows\system32\defupabo.dll
is not a valid windows image check agenst your installation disks


yz shadow - bad image

The application or dll c:\windows\system32\defupabo.dll
is not a valid windows image check agenst your installation disks


rocketdock - bad image

The application or dll c:\windows\system32\defupabo.dll
is not a valid windows image check agenst your installation disks

razerofa - bad image

The application or dll c:\windows\system32\defupabo.dll
is not a valid windows image check agenst your installation disks


rundll32 - bad image

The application or dll c:\windows\system32\defupabo.dll
is not a valid windows image check agenst your installation disks


then i got a pop up error

error c:\windows\system32\defupabo.dll
% 1 not a valid win32 applacation



then zonealarm picked up

NOT-A-VIRUS: ad/ware.win32.agent.lvf

ACTION TAKEN
DELETED

#6 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:06:15 AM

Posted 27 December 2008 - 08:34 AM

http://www.bleepingcomputer.com/forums/ind...p;#entry1050976

See if you can get ATFCleaner and SAS to run from safe mode

Since this is a very nasty infection I am refering this thread to a very qualified expert, be patient
Chewy

No. Try not. Do... or do not. There is no try.

#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,056 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:15 AM

Posted 27 December 2008 - 10:19 AM

The error message "Not a valid Win32 application" can be symptomatic of a serious malware infection which disables anti-virus and security tools. It adds a hidden service and a dangerous rootkit which can be difficult to remove as well as compromises the affected machine to other malware attacks. In your case there is additional evidence of a DNSChanger with rootkit components. The current removal tools you have tried are ineffective.

Rootkits and backdoor Trojans are very dangerous because they use advanced techniques (backdoors) as a means of accessing a computer system that bypasses security mechanisms and steal sensitive information which they send back to the hacker. Many rootkits can hook into the Windows 32-bit kernel, and patch several APIs to hide new registry keys and files they install. Remote attackers use backdoor Trojans and rootkits as part of an exploit to gain unauthorized access to a computer and take control of it without your knowledge.

If your computer was used for online banking, has credit card information or other sensitive data on it, all passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums. You should consider them to be compromised. They should be changed by using a different computer and not the infected one. If not, an attacker may get the new passwords and transaction information. If using a router, you need to reset it with a strong logon/password so the malware cannot gain control again. and credit card institutions should be notified of the possible security breach. Because your computer was compromised please read How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

Although the rootkit was identified and removed, your PC has likely been compromised and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume that because this malware has been removed the computer is now secure. In some instances an infection may have caused so much damage to your system that it cannot be completely cleaned or repaired. The malware may leave so many remnants behind that security tools cannot find them. Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Please read:

• "When should I re-format? How should I reinstall?"
• "Help: I Got Hacked. Now What Do I Do?"
• "Where to draw the line? When to recommend a format and reinstall?"

Should you decide not to follow that advice, disinfection will require the use of more powerful tools than we recommend in this forum. Before that can be done you will need you to create and post a DDS/HijackThis log for further investigation.

Please read the pinned topic titled "Preparation Guide For Use Before Posting A Hijackthis Log". If you cannot complete a step, then skip it and continue with the next. In Step 6 there are instructions for downloading and running DDS which will create a Psuedo HJT Report as part of its log.

When you have done that, post your log in the HijackThis Logs and Malware Removal forum, NOT here, for assistance by the HJT Team Experts. A member of the Team will walk you through, step by step, on how to clean your computer. If you post your log back in this thread, the response from the HJT Team will be delayed because your post will have to be moved. This means it will fall in line behind any others posted that same day.

Start a new topic, give it a relevant title and post your log along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. An expert will analyze your log and reply with instructions advising you what to fix. After doing this, we would appreciate if you post a link to your log back here so we know that your getting help from the HJT Team.

Please be patient. It may take a while to get a response because the HJT Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT "bump" your post or make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

If after 5 days you still have received no response, then post a link to your log in the thread titled "Post in this thread when you haven't received an answer in five days.".
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 zebono2

zebono2
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:15 PM

Posted 27 December 2008 - 06:16 PM

ok im going to format the computer

but i have a some questions

1 i have 4 hardrives do i need to format them all?

2 what is the best way to back up all the data i want?

i need a step by step instructions to do a full format

#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,056 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:15 AM

Posted 28 December 2008 - 08:42 AM

That's the decision I would have made if this were my system.

Some types of malware can result in a system so badly damaged that a Repair Install will NOT help!. Reinstalling Windows without first wiping the entire hard drive with a repartition and/or format will not remove the infection. The reinstall will only overwrite the Windows files. Any malware on the system will still be there afterwards. Starting over by wiping your drive, reformatting, and performing a clean install of the OS or doing a factory restore removes everything and is the safest action.

In case you need help with this, please review "How to partition and format a hard disk in Windows XP".

These links include step by step instructions:
"Clean Install Windows XP".
"Reformat & Clean Install Windows XP or Vista".
"XP Clean Install Interactive Setup".
"Windows Vista Clean Install".

Reformatting a hard disk deletes all data. If you decide to reformat, you can back up all your important documents, data files and photos. The safest practice is not to backup any autorun.ini or .exe files because they may be infected. Some types of malware may disguise itself by adding and hiding its extension to the existing extension of files so be sure you take a close look at the full name. After reformatting, as a precaution, make sure you scan these files with your anti-virus prior to copying them back to your hard drive. Don't forget you will have to go to Microsoft Update and apply all Windows security patches after reformatting. Also see "How to keep your Windows XP activation after clean install"

Note: If your using an IBM, HP, Compaq or Dell machine, you may not have an original XP CD Disk. By policy Microsoft no longer allows OEM manufactures to include the original Windows XP CD-ROM on computers sold with Windows preinstalled. Instead, most computers manufactured and sold by OEM vendors come with a vendor-specific Recovery Disk or Recovery Partition for performing a clean "factory restore".

If you need additional assistance with reformatting, you can start a new topic in the Windows XP Home and Professional forum.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#10 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:06:15 AM

Posted 28 December 2008 - 09:05 AM

And a full format will not disinfect your router, make sure that it's using the default settings
Chewy

No. Try not. Do... or do not. There is no try.

#11 zebono2

zebono2
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:15 PM

Posted 29 December 2008 - 04:54 AM

so my router is infected to

i have a nother computer connected the a cable to this router

and also my ps3 wirless connected

will thay be infected to?

also i copyed a movie to a flash drive from the infected computer
and copyed the file to my ps3 will i need to format that to


also
what a bugger to format 4 hd takes ages
the i installed xp on the wrong drive and the windows recoved one of my hard drives
so i had to start again


thanx for the help guys

Edited by zebono2, 29 December 2008 - 04:56 AM.


#12 zebono2

zebono2
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:15 PM

Posted 29 December 2008 - 05:29 AM

im trying to install windows xp

and im getting a blue serees cant rember what is says

A problem has been detected and windows has been shut down to prevent damage to your computer

KERNEL_DATA_INPAGE_ERROR

iF this is the first time you have seen this stop error screen restart your computer. if the screen appares again follow these steps

check to make sure any new installed hardware or software is installed propley. if this is a new instlation ask your harware or software manufacture for any windows updates you may need

If this problem continues, disabel or remove and newly installed hardware of software disable BIOS memery optuions such as catching or shadowing


techinal infomation

xxx STOP:0X0000007A (0XE1200CAC,0XC000000,0XBF8ED7DD,0XIB8EE860)

XXX WIN23K.SYS -ADRESS BF8ED7DD

BASE AT BF800000, DATESTAMP 3B7DE698

Edited by zebono2, 29 December 2008 - 05:59 AM.


#13 zebono2

zebono2
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:15 PM

Posted 30 December 2008 - 10:54 PM

ok i fix the windows install prob but what about the router?

#14 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:06:15 AM

Posted 31 December 2008 - 12:10 AM

disconnect the router from the internet

reset it to factory defaults as I already posted

use a clean computer and set a strong password
Chewy

No. Try not. Do... or do not. There is no try.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users