Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

How to reformat drive


  • Please log in to reply
10 replies to this topic

#1 Beth102

Beth102

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:08:37 AM

Posted 16 March 2011 - 08:11 PM

I was going to post logs in the removal forum but things are getting so bad I got data off computer last night. With Thunderbird I was unable to save my email addresses and might have to write them down manually. After reading there is no guarantee you can remove root kits and how malicious they are I decided I must purge computer reformat everything. Can anybody give me advice on how to do that? I have an HP computer Pentium D and Windows XP Media Center Edition 2005. I have the software. I am hoping I will be able to do this as many computer functions are disabled. Now I don't know if this is something I need to post in the other section on malware removal, but it isn't really malware removal. Not sure how long I can wait I have to do something fast.
I spent a long time creating logs to post to the other site but my computer has gotten worse and after reading about root kits I decided purging is the only way to eliminate "XP Total Security" and whoever created that program should be hung!

BC AdBot (Login to Remove)

 


#2 Baltboy

Baltboy

    Bleepin' Flame Head


  • Members
  • 1,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pennsylvania
  • Local time:08:37 AM

Posted 16 March 2011 - 08:59 PM

Fortunately re-installing the OS is not windows dependent so the issues you are having now will not affect doing a clean install. Just to re-itterate.......Doing a clean install will wipe all of the files from your PC if you do not have a backup of the files they will be lost.

First look at you CD's that came with the computer. Do they say Restore disk or Windows XP Media center? Is there a disk that says Drivers? More than lkely you will not have internet connectivity after the install without having the drivers for your network card so if you don't have that download them from HP, preferably on a computer other than the infected one.

Okay now you can begin. Start the computer and enter the BIOS which you will see as the computer starts. Typically it is the delete key but it can also be the tab key, or F2 key. Do not change anything in here other than what we are looking for. Scroll through the menus till you see something that says something like boot order or drive boot order. You will want to change the order so that the CD-ROM (or DVD) is listed first. It is fairly straight forward just follow the directions given on the side or bottom of the screen for what buttons to push. Save the changes and exit. The computer will restart. When prompted hit the key to boot from CD and the windows instalation will start.

Most of this is pretty straight forward so I will take you throught the important parts.
After you accept the license agreement choose to install windows. Where it asks you to choose a partition to install to you want to delete the current partition, create a new partition, select that partition to install to, then do a quick format.

At this point go eat lunch :lol: it will take a little while. The computer will re-boot and you will have to do a few tasks at different times. Computer name-this can be what ever you want. ALWAYS set a password on the administrator account(preferably one you can remember and that isn't a full english word). You will have to enter your windows product key which is on a label on your PC somewhere(top or side), choose your time zone, and make sure the system time matches the real world.
Everything else you can just click next on and you will be fine.

After the install is completed the PC will re-boot once windows is started install your drivers and make sure the firewall is up and running. Then head immediately over to windows update and download all of the updates, service packs, and hotfixes of the critical type available. You may need to do this more than once since some updates are dependent on the updates you just installed. :crazy:

Now install your antivirus, programs and restore any data you may have.


For the restore disk you still need to do the BIOS check, start from the CD and then just follow alomg with the wizards.

PPhheewww....let me know if you have any question or concerns.
Get your facts first, then you can distort them as you please.
Mark Twain

#3 AustrAlien

AustrAlien

    Inquisitor


  • Members
  • 6,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cowra NSW Australia
  • Local time:11:37 PM

Posted 16 March 2011 - 10:21 PM

Things might not be as bad as they seem ...

You might wish to try the instructions in the removal guide for XP Total Security (the malware uses a variety on names):
http://www.bleepingcomputer.com/virus-removal/remove-win-7-internet-security-2011
AustrAlien
Google is my friend. Make Google your friend too.

Posted Image

#4 Beth102

Beth102
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:08:37 AM

Posted 17 March 2011 - 02:54 AM

I was trying to back up some photos on to DVDs now I cannot burn DVDs it seems...it freezes after 3 minutes...and fails.

I cannot open RKILL or any exe file on my computer.

At this point I don't know if I will be able to get the Windows CDs into the drive and make that work.

I now longer see XP Total Security warnings at all. Now it seems that the program has taken over Spy Doctor. I tried to eliminate Spy Doctor and I cannot.

I hope I have edited photos backed up already on those photos. I have back ups I just don't know for sure if they are all the edited files.

I can't believe how much time I have wasted and I get nowhere.

I might just try to wipe the thing out and I don't know if I have drivers for the network card. I have 2 network cards and I had to have a 2nd one put in and I was not told anything about the driver for it.

I hope this program has not stolen passwords and robbed my bank account yet.

#5 Beth102

Beth102
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:08:37 AM

Posted 17 March 2011 - 02:56 AM

I have 3 disks and they are just labeled Windows XP Recovery Disks 1 through 3. I had to make these DVDs myself from the computer so they aren't preprinted pretty DVDs but just 3 DVDs and I won't know what is on them until I put it in the drive, that is if I can get the drive door open to put it in there.

#6 Baltboy

Baltboy

    Bleepin' Flame Head


  • Members
  • 1,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pennsylvania
  • Local time:08:37 AM

Posted 17 March 2011 - 07:20 AM

More than likely those disks when run will return the computer to the state it was in when you bought it. Don' t worry about the problems you are having while using windows if you are going to use the recovery disks because when doing the recovery it dies not use you current windows files at all. Also the disks should have all of the drivers for the factory installed equipment included. You will still need to get the drivers for the other network card. Go to the devjce manager and look under network adapters and write them down. Then download the drivers. You may want to try to do this in safe mode with networking which could minimize the impact of the rootkit.
Get your facts first, then you can distort them as you please.
Mark Twain

#7 Beth102

Beth102
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:08:37 AM

Posted 18 March 2011 - 01:22 AM

THANK YOU ALL FOR THE HELP!! I tried once more to get the bugs out but could NOT run RKILL could not run any exe file, (I just managed to burn my data off before the Nero would not work...it was barely working.) The bug had taken over Spy Doctor...I wasn't even getting those pop ups asking me for credit card info any more.
I was able to reformat the drive and start over. It took 3 tries to get into the BIOS (on my HP computer it is ESCAPE), and I did a partial reformat of just the Windows before I managed to get into the BIOS...I didn't know was going to happen so I rebooted again 3rd or 45h time I finally got into the BIOS, found where I had to change the order and put the CD first in the boot menu, then voila! I went to bed when that started and when I woke up I resumed with DVD 2 and DVD 3...the Windows updates took a bit of time. I have Spy Doctor running now. Windows Firewall was on right away. so I have email, and I can get on line. The next step will be to start reloading some of my programs and data. I cannot believe how much time I have spent on this...and I am not done yet. Something should be done to catch these cyber crime folks.
Spy Doctor just tried to load updates and it did not work and I don't know why. I am wondering what else I should load. Is everything else compatible with Spy Doctor and do you think Spy Doctor is the best one?
Now I think I chose to have automatic updates from Windows...but I'm not sure it's working yet...
One of my internet friends said "You need a pro." and that's what they did...they brought the computer to the shop. I am glad I did this myself with your help; I learned a lot doing all this although it took over my life a bit, and it saved me probably $200 that I do NOT have, and didn't lose my computer for 5 to 8 days (once they had my computer for 11 days!). I am so grateful for this site!
Now I wish I could have understand all the code on the 3 logs I ran...the only one I understood was on the HiJackThis log number 10 was why I couldn't get online...I think...can't remember now without being able to look at them...the logs are gone...with the root kits!
Trying to catch those root kits was like a war, and it was like I saw them jumping around in there, and every time I quarantined or deleted them, they were still there hiding somewhere else. It was the most unbelievable thing I have ever experienced computer wise! I even managed to get the names of two of those root kits and I wrote it down, but could not kill it. The more I tried to get rid of them, the stronger they got and the more control they got of my system. It was a losing war! Next time I hope I will be more ready.
I wonder if it would make sense to put another hard drive in the computer and make it bootable, so if it happens again, I could boot from the other computer and get the suckers...I read they can't hide if Windows isn't running on the drive. Is that true?

#8 Beth102

Beth102
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:08:37 AM

Posted 18 March 2011 - 01:24 AM

By the way I did NOT need to download any drivers even though the network card wasn't the same as the original; for some reason Windows accepted it and I was able to get online right away!

#9 Baltboy

Baltboy

    Bleepin' Flame Head


  • Members
  • 1,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pennsylvania
  • Local time:08:37 AM

Posted 18 March 2011 - 09:49 PM

Windows has lots of drivers built in all kinds of hardware. I tend to stick with a few programs for my own computers. Zonealarm is a free firewall because the windows one isn't that good. AVG Free for antivirus although there are other good ones like Avast. I have used Malwarebytes quite a bit and another good program is Super Antispyware.

Also remember Auromatic updates is on a schedule so if your computer isn't on at that time you will not get them. So once a month just hit the Windows update from the start menu to be safe.

Double check your Device Manager. Right click My Computer- select properties- select the hardware tab - click the Device Manager button. If there are any exclaimation points in front of a device it will need a driver installed. Just download the most recent one from the respective website.

I wouldn't do a second hard drive since there are better alternatives like a Linux based LiveCD or Windows BartPE CD. Both of those are bootable CD's that start their own little versions of an OS so you can do stuff without risk of infecting another drive.

Oh and you're welcome!
Get your facts first, then you can distort them as you please.
Mark Twain

#10 Beth102

Beth102
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:08:37 AM

Posted 20 March 2011 - 04:57 AM

I tried downloading zonealarm from their web site but I removed it immediately because it looked like it was changing my IP address...and suddenly my internet access didn't work. Twice recently (once today) I had to call Verizon and do all kinds of things because I could not get online...relating to IP address and password issues...I don't know if I like a firewall that is going to change my IP address like that. Obviously Windows Firewall did not protect me from "XP Total Security"

#11 Baltboy

Baltboy

    Bleepin' Flame Head


  • Members
  • 1,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pennsylvania
  • Local time:08:37 AM

Posted 20 March 2011 - 11:37 AM

What makes you think it was changing your IP?
Get your facts first, then you can distort them as you please.
Mark Twain




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users