Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

browser redirects and malwarebytes not running


  • Please log in to reply
15 replies to this topic

#1 mikeyw

mikeyw

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:54 PM

Posted 12 March 2009 - 11:54 AM

Hi, I think I have managed to infect my system. Basically now when I google anything it redirects to a random site or it just says not connected. I tried to run malwarebytes but no luck so I renamed the .EXE file and got it to run. It found 6 problems which it said were Trojan DNS changers. I deleted these but I still have the symptons.

Can you help please?

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,964 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:54 AM

Posted 12 March 2009 - 01:56 PM

Please post the results of your MBAM scan for review.

To retrieve the MBAM scan log information, launch MBAB.
  • Click the Logs Tab at the top.
    • The log will be named by the date of scan in the following format:
      mbam-log-2009-01-12(13-35-16).txt <- your dates will be different from this example
      -- If you have previously used MBAM, there may be several logs showing in the list.
  • Click on the log name to highlight it.
  • Go to the bottom and click on Open.
  • The log should automatically open in notepad as a text file.
  • Go to Edit and choose Select all.
  • Go back to Edit and choose Copy or right-click on the highlighted text and choose copy from there.
  • Come back to this thread, click Add Reply, then right-click and choose Paste.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
If using a router, disconnect from the Internet and reset the router with a strong logon/password so the malware cannot gain control before connecting again. Many users seldom change the default username/password on the router and are prone to this type of infection.

Go to Start > Run and in the open box, type: cmd
Press OK or Hit Enter.
At the command prompt, type or copy/paste: ipconfig /flushdns
Hit Enter.
You will get a confirmation that the flush was successful.
Close the command box.

Reset your network settings and Configure TCP/IP to use DNS.
  • Go to Start > Control Panel, and choose Network Connections.
  • Right-click on your default connection, usually Local Area Connection or Dial-up Connection if you are using Dial-up, and and choose Properties.
  • Double-click on Internet Protocol (TCP/IP) or highlight it and select Properties.
  • Under the General tab, write down any settings in case you should need to change them back.
  • Select the button that says "Obtain an IP address automatically".
  • Select the button that says "Obtain DNS servers automatically".
  • If unknown preferred or alternate DNS servers are listed, uncheck the box that says "Use the following DNS server address".
  • Click OK twice to get out of the properties screen and restart your computer. If not prompted to reboot go ahead and reboot manually.
CAUTION: It's possible that your ISP (Internet Service Provider) requires specific DNS settings here. Make sure you know if you need these settings or not BEFORE you make any changes or you may lose your Internet connection. If you're sure you do not need a specific DNS address, then you may proceed.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 mikeyw

mikeyw
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:54 PM

Posted 12 March 2009 - 02:58 PM

Hi Thx for replying. I did do a few MBAM scans and the last 2 showed clear so just to clarify, you want me to paste the log which showed the initial infections? p.s I still get the issues even though the latest scans show clean.

#4 mikeyw

mikeyw
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:54 PM

Posted 12 March 2009 - 03:18 PM

Ok router password changed, DNS flushed and network settings were already set to obtain auto.

Just let me know which MBAM log you want, latest or the original with the Trojans showing.

#5 mikeyw

mikeyw
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:54 PM

Posted 12 March 2009 - 03:34 PM

these are the logs with infections showing:
1;
Malwarebytes' Anti-Malware 1.30
Database version: 1408
Windows 6.0.6001 Service Pack 1

13/02/2009 12:01:49
mbam-log-2009-02-13 (12-01-49).txt

Scan type: Quick Scan
Objects scanned: 58461
Time elapsed: 5 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

2;
Malwarebytes' Anti-Malware 1.30
Database version: 1408
Windows 6.0.6001 Service Pack 1

12/03/2009 15:29:41
mbam-log-2009-03-12 (15-29-41).txt

Scan type: Quick Scan
Objects scanned: 56957
Time elapsed: 8 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 6
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.124,85.255.112.233 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8f1e2725-1e36-4aa7-9e01-ffa62f5c8d18}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.124,85.255.112.233 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.124,85.255.112.233 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{8f1e2725-1e36-4aa7-9e01-ffa62f5c8d18}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.124,85.255.112.233 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.124,85.255.112.233 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{8f1e2725-1e36-4aa7-9e01-ffa62f5c8d18}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.124,85.255.112.233 -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

3;
Malwarebytes' Anti-Malware 1.34
Database version: 1749
Windows 6.0.6001 Service Pack 1

12/03/2009 16:58:53
mbam-log-2009-03-12 (16-58-53).txt

Scan type: Full Scan (C:\|N:\|)
Objects scanned: 213039
Time elapsed: 56 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\autorun.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\RECYCLER\S-6-7-33-100019507-100015925-100016971-6581.com (Trojan.Agent) -> Quarantined and deleted successfully.


Next one is clean.

Other info is that it wont let me update MBAM and its turning off the firewall each time I boot up.

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,964 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:54 AM

Posted 12 March 2009 - 06:51 PM

Your MBAM log indicates you are using an older version of MBAM with an outdated database). Please download and install the most current version (1.34) from here.

Since you cannot use the Internet or download any programs to the infected machine, you are going to need access to another computer (family member, friend, etc) with an Internet connection. Save mbam-setup.exe to a flash (usb, pen, thumb, jump) drive or CD, transfer it to the infected machine, then install and run the program. If you cannot transfer to or install on the infected machine, try running the setup (installation) file directly from the flash drive or CD by double-clicking on mbam-setup.exe so it will install on the hard drive.

You will also need to manually download the latest definition database from another computer, save and transfer them to the infected machine. After installing MBAM, double-click on mbam-rules.exe to apply the update.Mbam-rules.exe is not updated daily. Another way to get the most current definitions is to update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 mikeyw

mikeyw
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:54 PM

Posted 13 March 2009 - 03:26 AM

Hi I installed MBAM from a USB key OK. I had to rename the .exe file to get it to run which I did. I could not follow the path you said to update from a clean PC as Im using Vista and that path exists only in XP. C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' .

So I downloaded the latest DB 1826 which was available through the MBAM website. The latest avail through the application is 1842 but only 1826 is available manually.

I ran the scan and got the following:
Malwarebytes' Anti-Malware 1.34
Database version: 1826
Windows 6.0.6001 Service Pack 1

13/03/2009 08:14:22
mbam-log-2009-03-13 (08-14-22).txt

Scan type: Quick Scan
Objects scanned: 77608
Time elapsed: 3 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DecodingHQ (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DecodingHQ (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Files Infected:
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DecodingHQ\Uninstall.lnk (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\gaopdxcounter (Trojan.Agent) -> Quarantined and deleted successfully.

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,964 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:54 AM

Posted 13 March 2009 - 08:15 AM

I don't use Vista but I believe the location of rules.ref in that OS is:
Documents and Settings\Users\All Users\Malwarebytes\Malwarebytes' Anti-Malware

Please check and confirm, then update if you can.

Now rescan again with MBAM but this time perform a Full Scan in normal mode and check all items found for removal. Don't forgot to to reboot afterwards. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. When done, click the Logs tab and copy/paste the contents of the new report in your next reply.

Edited by quietman7, 13 March 2009 - 08:16 AM.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 mikeyw

mikeyw
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:54 PM

Posted 13 March 2009 - 12:50 PM

OK, MBAM is updated now and Im using the latest datase.

Here's the log:

Malwarebytes' Anti-Malware 1.34
Database version: 1842
Windows 6.0.6001 Service Pack 1

13/03/2009 17:46:59
mbam-log-2009-03-13 (17-46-59).txt

Scan type: Full Scan (C:\|D:\|E:\|N:\|)
Objects scanned: 240837
Time elapsed: 1 hour(s), 0 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\System32\gaopdxcounter (Trojan.Agent) -> Quarantined and deleted successfully.

#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,964 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:54 AM

Posted 13 March 2009 - 01:08 PM

If using a router, disconnect from the Internet and reset the router with a strong logon/password so the malware cannot gain control before connecting again. Many users seldom change the default username/password on the router and are prone to this type of infection.

Go to Start > Run and in the open box, type: cmd
Press OK or Hit Enter.
At the command prompt, type or copy/paste: ipconfig /flushdns
Hit Enter.
You will get a confirmation that the flush was successful.
Close the command box.

Reset your network settings and Configure TCP/IP to use DNS.
  • Go to Start > Control Panel, and choose Network Connections.
  • Right-click on your default connection, usually Local Area Connection or Dial-up Connection if you are using Dial-up, and and choose Properties.
  • Double-click on Internet Protocol (TCP/IP) or highlight it and select Properties.
  • Under the General tab, write down any settings in case you should need to change them back.
  • Select the button that says "Obtain an IP address automatically".
  • Select the button that says "Obtain DNS servers automatically".
  • If unknown preferred or alternate DNS servers are listed, uncheck the box that says "Use the following DNS server address".
  • Click OK twice to get out of the properties screen and restart your computer. If not prompted to reboot go ahead and reboot manually.
CAUTION: It's possible that your ISP (Internet Service Provider) requires specific DNS settings here. Make sure you know if you need these settings or not BEFORE you make any changes or you may lose your Internet connection. If you're sure you do not need a specific DNS address, then you may proceed.

Please download ATF Cleaner by Atribune & save it to your desktop. DO NOT use yet.
alternate download link

Please download and install SUPERAntiSpyware Free
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen and exit the program.
  • Do not run a scan just yet.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Double-click ATF-Cleaner.exe to run the program.
  • Under Main "Select Files to Delete" choose: Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

Scan with SUPERAntiSpyware as follows:
  • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you cannot boot into safe mode, then perform the above instructions in normal mode.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 mikeyw

mikeyw
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:54 PM

Posted 14 March 2009 - 01:37 AM

Ok, All done and here's the log.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/13/2009 at 10:19 PM

Application Version : 4.25.1014

Core Rules Database Version : 3784
Trace Rules Database Version: 1741

Scan type : Complete Scan
Total Scan Time : 01:44:29

Memory items scanned : 294
Memory threats detected : 0
Registry items scanned : 8921
Registry threats detected : 0
File items scanned : 132310
File threats detected : 0


Although nothing found I still have the following symptons.

windows firewall keeps being turned off - able to turn back on
Pop up saying "Host process for windows services stopped working and was closed"
Small pop up which only shows a part of the header
Redirects from IE
Not able to go to spyware websites such as Malwarebytes
Not able to update spyware programs online
Not able to run such programs without changing name.
Sound is turned off
Windows Updates fail with code 80244019

But a MBAM scan showed the same trojan as last time:

Malwarebytes' Anti-Malware 1.34
Database version: 1842
Windows 6.0.6001 Service Pack 1

14/03/2009 06:44:03
mbam-log-2009-03-14 (06-44-03).txt

Scan type: Quick Scan
Objects scanned: 64615
Time elapsed: 4 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\System32\gaopdxcounter (Trojan.Agent) -> Quarantined and deleted successfully
.

Edited by mikeyw, 14 March 2009 - 02:09 AM.


#12 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,964 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:54 AM

Posted 14 March 2009 - 08:11 AM

Your infection is related to a rootkit component. Rootkits, backdoor Trojans, Botnets, and IRCBots are very dangerous because they compromise system integrity by making changes that allow it to by used by the attacker for malicious purposes. Many rootkits can hook into the Windows 32-bit kernel, and patch several APIs to hide new registry keys and files they install. Remote attackers use backdoors as a means of accessing and taking control of a computer that bypasses security mechanisms. This type of exploit allows them to steal sensitive information like passwords, personal and financial data which is send back to the hacker. To learn more about these types of infections, you can refer to:If your computer was used for online banking, has credit card information or other sensitive data on it, all passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums. You should consider them to be compromised. They should be changed using a clean computer and not the infected one. If not, an attacker may get the new passwords and transaction information. If using a router, you need to reset it with a strong logon/password so the malware cannot gain control again. and credit card institutions should be notified of the possible security breach. Because your computer was compromised please read:Although the rootkit was identified and removed, your PC has likely been compromised and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume that because this malware has been removed the computer is now secure. In some instances an infection may have caused so much damage to your system that it cannot be completely cleaned or repaired. The malware may leave so many remnants behind that security tools cannot find them. Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Please read:Should you decide not to follow that advice, we will do our best to help clean the computer of any infections but we cannot guarantee it to be trustworthy or that the removal will be successful. Let me know how you wish to proceed.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#13 mikeyw

mikeyw
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:54 PM

Posted 14 March 2009 - 02:07 PM

Ok, it the end of the road for this OS then, time to format and reinstall.

Thx for your time and support!!!

Mike

#14 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,964 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:54 AM

Posted 14 March 2009 - 05:06 PM

Sometimes a reformat or a factory restore is the best solution. In some instances an infection may have caused so much damage to your system that it cannot be completely cleaned, repaired or trusted.

If you're not sure how to reformat or need help with reformatting, please review:These links include step-by-step instructions with screenshots:Don't forget you will have to go to Microsoft Update and apply all Windows security patches after reformatting.
Also see How to keep your Windows XP activation after clean install.

Reformatting a hard disk deletes all data. You can back up all your important documents, personal data files, photos to a CD, external hard drive or USB drive. The safest practice is not to backup any executable files (*.exe), screensavers (*.scr), autorun (.ini) or script files (.PHP, .ASP, and .HTML) files because they may be infected by malware. Some types of malware may even disguise itself by adding and hiding its extension to the existing extension of file(s) so be sure you look closely at the full file name. After reformatting, as a precaution, make sure you scan these files with your anti-virus prior to copying them back to your hard drive.

Note: If you're using an IBM, Sony, HP, Compaq or Dell machine, you may not have an original XP CD Disk. By policy Microsoft no longer allows OEM manufactures to include the original Windows XP CD-ROM on computers sold with Windows preinstalled. Instead, most computers manufactured and sold by OEM vendors come with a vendor-specific Recovery Disk or Recovery Partition for performing a clean "factory restore" that will reformat your hard drive, remove all data and restore the computer to the state it was in when you first purchased it. See Technology Advisory Recovery Media

If you need additional assistance with reformatting or have questions about multiple hard drives, you can start a new topic in the Windows XP Home and Professional forum. If you don't get a reply, please send me a PM and I will get someone to take a look.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#15 mikeyw

mikeyw
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:54 PM

Posted 17 March 2009 - 06:29 AM

Ok all reformatted and re installed but can you help me with some info of creating an image file once I have my system set up how i want it?

Thx




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users