Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Struggling with Adware popups


  • Please log in to reply
18 replies to this topic

#1 The_Pabst_Man

The_Pabst_Man

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:44 PM

Posted 22 July 2010 - 07:05 PM

I am using Windows XP. I am getting occasional advertisement pop-ups that happen through Windows explorer even though I am a FireFox user. Sometimes these pop-ups happen when I am not doing anything internet related.

I've spent a lot of time already on trying to remove them. They started when I let my wife use my account for some internet browsing -- I'll never do that again! I've done virus scans with Trend Micro Internet Security, Spyware Doctor, Malware Bytes Anti-Malware, IO Bit Security 360, Housecall, and AVG -- none of them turned up anything (though my Malware Bytes version is old and I was not able to get updates -- it told me to check my firewall settings and I have not done that yet because I know nothing about firewalls). The one that did turn up something was Spybot Search and Destroy, which found Win32.Sdbot.aad. I think Spybot removed it, but I'm still getting the popups.

I also did system restore twice, because other problems starting happening as well -- Windows would not shut down, it just hung. I think I have that problem fixed now due to going back long enough on a system restore. I hope.

Interestingly, once I did the system restore, I had to re-install FireFox because it was no longer launching. So I did that. When you first install FireFox, Internet Explorer complains that IE is no longer your default browser. I say that is okay, but I didn't click "don't ask me about this in the future" -- I decided there was no reason to click that because I have no intention to run IE ever again. But this same pop-up that says IE is no longer your default browser is happening over and over again, even when I am not doing anything internet related. Some other help website told me to just click "Don't show me this again", but I think that's like treating the symptom and not the cause. At least by not clicking it, it is telling me that something is happening outside of my control that should not be happening. Unless there is some sneaky reasons why Windows has to run IE in the background without me seeing anything, I am thinking that this is indicative that there is a virus still there. Do you agree with me on that?

I should remark that the adware pop-ups happen less often than the "IE is not your default web browser" pop-ups, so I'm a bit surprised by that.

I would appreciate any help you can provide. I have already spent many many hours on this. I am knowledgeable about computers and security but not so knowledgeable about Windows and networking.

Thanks.

UPDATE: I just ran your superAntiSpyware program and it found Trojan.Agent/Gen-Blackder. Could this be the source of my problems? I did a reboot, got the blue screen of death, and now I'm not sure what is happening. Seems like it undid my most recent system restore. To be continued....

Edited by The_Pabst_Man, 22 July 2010 - 07:42 PM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,534 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:44 AM

Posted 22 July 2010 - 07:48 PM

Hello, you have a lot of tools installed there. Which is your active AV?
Is the Spybot the lastest version and updated?
How do you get your Windows Updates?
If needed. Manually Downloading MBAM Updates are below.


Let's try to do this.....
Reboot into Safe Mode with Networking
How to enter safe mode(XP)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode with Networking using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.


>>>> Download this file and doubleclick on it to run it. Allow the information to be merged with the registry.

RKill....

Download and Run RKill
  • Please download RKill by Grinler from one of the 4 links below and save it to your desktop.

    Link 1
    Link 2
    Link 3
    Link 4

  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply
Do not reboot your computer after running rkill as the malware programs will start again. Or if rebooting is required run it again.



Next run Superantisypware (SAS):

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.


Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.

Please ask any needed questions,post logs and Let us know how the PC is running now.


?>?>?>?>?>?>?>
Manually Downloading Updates:
Manually download them from HERE and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.


Note: Mbam-rules.exe is not updated daily. Another way to get the most current database definitions if you're having problems updating through the program's interface or have already manually downloaded the latest definitions (mbam-rules.exe) shown on this page, is to do the following: Install MBAM on a clean computer, launch the program and update through MBAM's interface. Copy the definitions (rules.ref) to a USB stick or CD and transfer that file to the infected machine. Copy rules.ref to the location indicated for your operating system. If you cannot see the folder, then you may have to Reconfigure Windows to show it.
  • XP: C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware
  • Vista: C:\Documents and Settings\Users\All Users\Malwarebytes\Malwarebytes' Anti-Malware

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 The_Pabst_Man

The_Pabst_Man
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:44 PM

Posted 22 July 2010 - 09:03 PM

Hi,

Which is your active AV?
Not sure what you mean by "active", because I've recently used all 7 tools that I listed for scanning! The only one I paid a subscription for is Spyware Doctor, and it is up to date. But I'm starting to think superAntiSpyware (SAS) has fixed the problem. So maybe I need to subscribe to that one! Oh, maybe by "active" you mean which one do I have running automatically at startup? I generally have avoided any at startup because most seem to take up too many resources (Spyware Doctor and Trend Micro definitely are annoying). So I normally just do period scans and restrict to safe web sites while internet browsing. Hmmm, just noticed that SAS has set itself up to start automatically, and seems to be quiet. Maybe SAS is the solution to all my problems.

Is the Spybot the lastest version and updated?
Good question. Maybe it is out of date. I'll look into that.

How do you get your Windows Updates?
I don't do anything to get them. I assume that Windows does that itself. Every few months I get messages that Windows is installing updates when I shut down. Is there something else I need to do? Actually, I recently wen6 to the windows update web page and it complained that I was using FireFox instead of IE, so I delayed going back until later. Maybe I should just use IE for getting the updates. But will this give me any updates other than the ones that happen automatically?

I'm happy to try your suggestions, but I think the SAS has worked. I have not yet got any more pop-ups. I believe the problem was Trojan.Agent/Gen-Blackder. I'm in the middle of a scan with Spybot Search and Destroy right now to make sure nothing new has sneaked in. If the scan turns up clean, and if I don't get any more pop-ups, should I still do all your suggestions?

Thanks for your prompt reply!!!

Edited by The_Pabst_Man, 22 July 2010 - 09:05 PM.


#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,534 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:44 AM

Posted 22 July 2010 - 09:29 PM

Hello,
you mean which one do I have running automatically at startup?
Yes.. You really should have one AV is this day and age. If you do not care for those 2,and I don't either go with either Avast or Avira. I use the free Avira. You can try them here L@@K.

Is the Spybot the lastest version and updated? I have seen where removing (Win32.Sdbot.aad) was an issue with older versions.

How do you get your Windows Updates?
The Windows Update site, and the newer Microsoft Update site, are designed to work only with Internet Explorer. The update sites depend on an ActiveX control which scans your computer to determine which updates are missing. Firefox does not run ActiveX controls.

Using automatic updates
Windows XP and Windows Vista include the ability to locate, download, and install Windows updates without having to browse to Microsoft's website. You can choose to have updates downloaded when they are available and either installed automatically, or held for your review. The Windows help system can guide you in choosing among the options. If you need additional assistance in setting up Automatic Updates, read these instructions on Microsoft's website.
Further info here at Mozilla support. http://support.mozilla.com/en-US/kb/Using+...+Windows+Update


I think you should still run the MBAM scan in normal mode.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 The_Pabst_Man

The_Pabst_Man
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:44 PM

Posted 22 July 2010 - 10:38 PM

boopme, thanks for your very good replies. I'm going to follow your advice. I will get back to you by tomorrow and let you know how it went. Really glad I posted this stuff here because the feedback I was getting from the other help site I tried was below mediocre. Here, I can see I am talking to someone who knows what he is doing.

#6 The_Pabst_Man

The_Pabst_Man
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:44 PM

Posted 23 July 2010 - 07:38 AM

Hi Boopme. I wasn't able to follow your instructions exactly for various reasons that probably don't matter, but I figured out an effectively equivalent way. BTW, your link in the "Manually download them from HERE and just double-click on mbam-rules.exe to install" doesn't work: page not found.

SAS found tracking cookies only, which I deleted.

I then ran MBAM also safe mode and also after rkill (sorry, I just noticed now that you said do it in normal mode -- but maybe it doesn't matter which mode?). No infections found. Here is the log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4340

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 7.0.5730.13

7/23/2010 10:05:20 PM
mbam-log-2010-07-23 (22-05-20).txt

Scan type: Quick scan
Objects scanned: 148703
Time elapsed: 4 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Unfortunately, just when I thought everything was okay, I just now got another pop-up. Something showed up saying my IP address was selected to win something. Argghhh!!!! I am frustrated.

BTW, I have confirmed that I had automatic updates configured for quite a long time.

What to do now? Maybe I try the Avira scan next. Unbelievable that I would get stuck with a virus that none of these popular scanners know anything about. My wife is never touching my computer again!!!

Edited by The_Pabst_Man, 23 July 2010 - 07:48 AM.


#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,534 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:44 AM

Posted 23 July 2010 - 11:50 AM

Hi,,, you did OK. Scanning with MBAM in safe or normal mode will work but removal functions are not as powerful in safe mode. MBAM is designed to be at full power when malware is running so safe mode is not necessary when using it. In fact, it loses some effectiveness for detection & removal when used in safe mode because the program includes a special driver which does not work in safe mode. Further, scanning in safe mode prevents some types of malware from running so it may be missed during the detection process. For optimal removal, normal mode is recommended so it does not limit the abilities of MBAM. Doing a safe mode scan should only be done when a regular mode scan fails.


Let's also try an online scan... if this persists we may have a protected malware and we'll have to move.
ESET
Please perform a scan with Eset Online Antiivirus Scanner.
(Requires Internet Explorer to work. If given the option, choose "Quarantine" instead of delete.)
Vista users need to run Internet Explorer as Administrator. Right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.
  • Click the green ESET Online Scanner button.
  • Read the End User License Agreement and check the box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • You may receive an alert on the address bar that "This site might require the following ActiveX control...Click here to install...". Click on that alert and then click Insall ActiveX component.
  • A new window will appear asking "Do you want to install this software?"".
  • Answer Yes to download and install the ActiveX controls that allows the scan to run.
  • Click Start.
  • Check Remove found threats and Scan potentially unwanted applications.
  • Click Scan to start. (please be patient as the scan could take some time to complete)
  • If offered the option to get information or buy software. Just close the window.
  • When the scan has finished, a log.txt file will be created and automatically saved in the C:\Program Files\ESET\ESET Online Scanner\log.txt
    folder.
  • Click Posted Image > Run..., then copy and paste this command into the open box: C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • The scan results will open in Notepad. Copy and paste the contents of log.txt in your next reply.
Note: Some online scanners will detect existing anti-virus software and refuse to cooperate. You may have to disable the real-time protection components of your existing anti-virus and try running the scan again. If you do this, remember to turn them back on after you are finished.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 The_Pabst_Man

The_Pabst_Man
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:44 PM

Posted 23 July 2010 - 07:49 PM

Hi Boopme,

This looks like a good one.
It found:
  • Win32/ToolBar.AskSBar -- not sure if that just got on my computer last night when I was trying to install webroot spysweeper, which tries to sneak in ask.com toolbar and does other dirty stuff that are more characteristic of trojans than spyware removal programs.
  • win32/adware.Hwire -- this sounds like it might be the cause of my problem.
  • Win32/TrojanDownloader.Unruy.cc.trojan -- Not sure how bad that one is, but I definitely don't want it.
The log is here:

# version=7
# iexplore.exe=7.00.6000.17055 (vista_gdr.100414-0533)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=efeeb111924abb4580db4ca78f1fc33a
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-07-24 12:38:50
# local_time=2010-07-24 10:38:50 (+1000, AUS Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1024 16777175 100 0 4277505 4277505 0 0
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 4250 4250 0 0
# scanned=289209
# found=6
# cleaned=6
# scan_time=5398
C:\Documents and Settings\The Pabst Woman\Application Data\Sun\Java\Deployment\cache\6.0\14\796b718e-548548ae	a variant of Win32/TrojanDownloader.Unruy.CC trojan (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
D:\Program Files\MusicMatch\MusicMatch Jukebox\HWUpdateMove.exe	Win32/Adware.HiWire application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
D:\Documents and Settings\The Pabst Man\Local Settings\Temp\NERO14182\Toolbar.exe	Win32/Toolbar.AskSBar application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
D:\System Volume Information\_restore{C2831842-9517-4531-B5DA-348AEE48E631}\RP120\A0016955.exe	Win32/Toolbar.AskSBar application (deleted - quarantined)	00000000000000000000000000000000	C
D:\System Volume Information\_restore{E17A064A-BF79-4621-8705-E8875B680DC7}\RP434\A0105803.exe	Win32/Adware.HiWire application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
D:\System Volume Information\_restore{E17A064A-BF79-4621-8705-E8875B680DC7}\RP434\A0105804.exe	Win32/Toolbar.AskSBar application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C

I'll be back later to tell you if the problems are still around or if it is fixed.

Whether it is fixed now or not, I am happy to make a donation to your organization for your very helpful assistance. Please let me know how I can do so.

Thanks!

Edited by The_Pabst_Man, 23 July 2010 - 07:51 PM.


#9 The_Pabst_Man

The_Pabst_Man
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:44 PM

Posted 23 July 2010 - 10:38 PM

UPDATE: I still have pop-ups.

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,534 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:44 AM

Posted 23 July 2010 - 11:27 PM

Hello, first thanks for the nod on my non working links. I see they have changed some things aand I need to update my links.
Go thru your Control Panel, Add/Remove Programs and see if these (ToolBar.AskSBar) still exist. Iwoul also remove any other toolbars there.

Now we have an issue,Win32/Unruy is a backdoor trojan. TrojanDownloader:Win32/Unruy.C is a trojan that replaces certain executable files and downloads other malware. http://www.microsoft.com/security/portal/T...r:Win32/Unruy.C

I need to give you this advice.

One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.





You asked about donations.
Thanks for the offer... I do not accept donations nor does BC.. But I will recommend 2 routes if you'd like to contribute to something..
Either make a donation to some people here that would appreciate it. They help or developed some of the tools we use here to clean computers.

Look them up in the MEMBERS tab at the top right.
a_d_13
jpshortstuff
random/random
Old Timer
teacup61
JSntgRvr
m0le
Blender
Thunder

OR
If you would like to donate,I'd appreciate if you donated here. Goodwill Rescue Mission, Complete meal $1.98

I donate here often and serve Thanksgiving dinner every other year. They are non profit, honest and very dedicated. Thousands of people pass thru here in need of food ,clothing, furniture etc...
They run one in Newark,NJ and lower Manhattan,NYC.

Edited by boopme, 23 July 2010 - 11:28 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 The_Pabst_Man

The_Pabst_Man
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:44 PM

Posted 24 July 2010 - 05:59 AM

Hi boopme,

Okay looks like I will need to do that. Give me a little time to get my stuff organized and then I'll be back to let you know when I'm ready to go.

Thanks!

#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,534 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:44 AM

Posted 24 July 2010 - 08:44 AM

Ok, let me pass you some further info in the meantime.

2 guidelines/rules when backing up

1) Backup all your important data files, pictures, music, work etc... and save it onto an external hard-drive. These files usually include .doc, .txt, .mp3, .jpg etc...
2) Do not backup any executables files or any window files. These include .exe/.scr/.htm/.html/.xml/.zip/.rar files as they may contain traces of malware. Also, .html or .htm files that are webpages should also be avoided.

Download Belarc Advisor - builds a detailed profile of your installed software and hardware, including Microsoft Hotfixes, and displays the results in your Web browser.
Run it and then print out the results, they may be handy.


{this is from our quietman7}
If you're not sure how to reformat or need help with reformatting, please review:These links include step-by-step instructions with screenshots:Vista users can refer to these instructions:Don't forget you will have to go to Microsoft Update and apply all Windows security patches after reformatting.

Note: If you're using an IBM, Sony, HP, Compaq or Dell machine, you may not have an original XP CD Disk. By policy Microsoft no longer allows OEM manufactures to include the original Windows XP CD-ROM on computers sold with Windows preinstalled. Instead, most computers manufactured and sold by OEM vendors come with a vendor-specific Recovery Disk or Recovery Partition for performing a clean "factory restore" that will reformat your hard drive, remove all data and restore the computer to the state it was in when you first purchased it. See Technology Advisory Recovery Media. If the recovery partition has become infected, you will need to contact the manufacturer, explain what happened and ask them to send full recovery disks to use instead..

If you need additional assistance with reformatting or partitioning, you can start a new topic in the Windows XP Home and Professional forum.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 The_Pabst_Man

The_Pabst_Man
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:44 PM

Posted 24 July 2010 - 10:17 PM

Thanks, I was actually working on my own backup strategy (alluded to when I said "I need a little time to get my stuff organized") and writing out my plan for starting over (gathering important cds, making sure I have everything I need to get essential stuff started, etc...). I'm actually making two backups on an external drive: (1) backup of "My Documents", which I will bring entirely to the new installation, and (2) a backup of everything else, which I don't expect to ever use, but thought it would be wise to have it just in case. Yes, I know that would include malware, so I would be very careful if I ever took anything from (2). I'm generally very careful about everything I do, though I did make the one mistake that got me here (trusting my wife once with my account)! I am fairly knowledgeable abut computer security with the exception of networking and Windows OS details.

I will download the Belarc. I've been a bit delayed in getting this stuff going thanks to 2^20 other disasters at home, but I'm really hoping to get the most important things completed by the end of the day (format drive, reinstall Windows, get internet and wireless connection working, download firefox, import old bookmarks into firefox, get anti-virus programs installed, Windows Update, transfer old My Documents to new installation, and install a few very important applications).

More news later!

Edited by The_Pabst_Man, 24 July 2010 - 10:18 PM.


#14 The_Pabst_Man

The_Pabst_Man
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:44 PM

Posted 25 July 2010 - 02:09 AM

I am now finally organized with all the CDs and info I need to do this. So I'm going down now... If you don't hear from me again within a day, then try to come up with a good epitaph for me. Make sure it says something about not even trusting your closest loved ones with your computer. Oh yeah, I'll be donating 20 meals to grmnewark when it is safe for me to do so...

#15 The_Pabst_Man

The_Pabst_Man
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:44 PM

Posted 25 July 2010 - 08:37 AM

I'm back up with minimalistic software! Now time to spend the next week reinstalling all the major things, fixing up all my lost settings, and changing all my online passwords!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users