Posted 01 September 2009 - 06:03 PM
Last week I caught the AntiSpy Protector 2009 malware virus on a machine running Windows XP. (My recovery XP disk is for SP2, but I get regular updates and hotfixes). Anyway, I cannot tell you specially what I was doing at the time, just regular browsing. I run McAfee AntiVirus and Ad-Aware and both were up-to-date at the time.
Because I had had a similarly-named virus last year on my old machine, a Dell running Windows 2000, I thought all I had to do was run Malwarebytes and it would take care of the problem. And it did find items marked TROJAN. But, I knew I still had the virus because my desktop was still plastered with the logo and my browser was getting hijacked. I found and used several more malware programs and whatever was found, I removed. And one of them did a pretty good job because my desktop returned to normal and my browser was no longer hijacked.
But I knew it was still there, it just morphed into another problem because every time I clicked on something, I got a ". . . grouproot. . . bad image file. . . . check against your installation disk" error. So I kept running Malwarebytes and some online malware scanners and found some bad .dll and .sys files beginning with "k". I thought I would just find the location of these bad files and remove them manually in Safe Mode, in essence, to chip away at the virus' grip only to discover that my computer would not go into Safe Mode. It would go into a type of "loop" where I could see a flash of some blue screen with some white text, but it was too fast to read. Then, I would get one black screen that said something to the effect of "windows cannot launch into safe mode" (sorry, I don't remember the exact screen text), but it still had an option to launch into Windows "normally" which worked, then.
After trying to get into Safe Mode about five or six times, something else was triggered, because now, I cannot even get the Safe Mode / Launch Windows Normally screen. It just keeps looping. I cannot seem to get back into Windows at all.
Now, I know I have every reason to be scolded, but I have not backed up in awhile. In frustration, I put in my Windows Reinstallation Disk, and it said that "My Documents" may be replaced. I cancelled the reinstallation to see if there's any hope at all or am I a lost cause.
I thought I might install windows again (I have plenty of room for a second copy) under a new folder like C:\Windows2, just to be able to launch, but I thought I would ask about this strategy first. I seem to remember my Windows 2000 Reinstallation disk having an option (I'm fairly new to XP) to just overwrite the operating system files without touching your data, but my Windows XP disk does not seem to have that option.
At work, I researched this specific virus and there's a lot of confusing information out there, but it seems that bleepingcomputer has been a good place that helps others get rid of this really intrenched virus.
Over the years, I have been able to remove all the viruses that I have caught by myself. I have never had to submit a post to a forum before (so I hope I doing this right), but I am at a loss with this one. I know everyone says this, but any and all assistance would be appreciated. I did a search here and it does not seem like anyone else has caught this virus as badly as I have.