Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

XP - crippled


  • Please log in to reply
5 replies to this topic

#1 deftone

deftone

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:29 PM

Posted 27 April 2010 - 09:40 AM

Hi there,

A friend asked me to check out his XP SP3 computer. It has a number of problems which I cannot figure out:
  • No network (all adapters are missing)
  • Forced to Windows classic theme
  • McAfee is disabled - you can click the icon in the taskbar but nothing happens
  • I can scroll through event logs but cannot open them
  • Several computer services appear to be stopped, and I cannot start them
  • System Restore is not working with a message "System restore cannot protect your computer"
This leads me to believe that this is a virus of some kind, however a boot disk with AVG did not detect anything, and HiJackThis does not point out anything obvious (besides 023 services - file missing, but I cannot 'fix' those)

Is there anything I could do in Windows before resorting to further malware removal attempts?

Cheers

BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 55,233 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:04:29 PM

Posted 27 April 2010 - 09:50 AM

Not to be misunderstood...are you saying that you don't think it's a malware situation?

If you do...then chances are that any action you might take...is only going to compound removal of malware.

If you don't think it's malware...your initial post seems to have a number of stereotypical malware indicators, IMO.

Louis

#3 deftone

deftone
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:29 PM

Posted 27 April 2010 - 09:55 AM

No, I clearly said the above symptoms "lead me to believe" it is a virus, otherwise I would have not used AVG and HiJackThis to detect it - but those did not help me much in finding anything.

Hence why I turned to this forum...

#4 hamluis

hamluis

    Moderator


  • Moderator
  • 55,233 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:04:29 PM

Posted 27 April 2010 - 10:52 AM

Just wanted a clarification...before I move this thread to the appropriate forum.

The Am I Infected forum will provide the assistance which you seem to need...good luck :thumbsup:.

Louis

#5 frmarine

frmarine

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:marietta, georgia
  • Local time:04:29 PM

Posted 27 April 2010 - 04:17 PM

deftone, i'm having the exact same problems. when mcafee virus updated the signatures last wed nite, it mistakenly deleted a file in xp>sp3.problems on my relative's pc started the next morn.
it did this to many people's computers all over the world who have mcafee anti-virus. i still haven't corrected the problems yet. go to the "news" section on this forum & click on the "how to restore svchost.exe" post by member "grinler". good luck.

#6 deftone

deftone
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:29 PM

Posted 28 April 2010 - 02:25 AM

frmarine,

Thanks for pointing me in the right direction :thumbsup: I managed to solve the issue by restoring the svchost file, and it wasn't that hard.

Here are the steps I found from the McAfee forums:

1. Start the computer in Safe Mode. (When starting press F8 and pick Safe Mode)
2. Open My Computer
3. Double Click C:
4. Double Click Program Files
5. Double Click McAfee
6. Double Click VirusScan
7. Delete the DAT folder
8. Press Click Start>Run Type cmd and Click OK
9. In the command prompt window type CD\
10. Now type dir svchost.exe /s /b
11. See the screenshot below. The command will return the location of svchost files.
12. C:\Windows\ServicePackFiles\i386\svchost.exe is very common on XP so hopefully you find it there.
13. Once you find it copy it from that location to C:\Windows\system32
14. For example copy C:\Windows\ServicePackFiles\i386\svchost.exe c:\windows\system32
15. Once the file is copied reboot
16. If functionality is restored uninstall and reinstall McAfee to get updated DATs.


In my case for step 16, I'm removing McAfee and installing AVG :D




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users