Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


MS disk error virus

  • This topic is locked This topic is locked
2 replies to this topic

#1 Greg Fiore

Greg Fiore

  • Members
  • 2 posts
  • Local time:04:34 AM

Posted 08 May 2011 - 01:08 PM

This Virus popped up with messages that the hard drive was in trouble with disc errors, etc.
The PC is running XP SP3 x32.
I followed the Bleeping Computers procedure as follows:
Used Microsoft Disc Cleanup to remove temp files and clear out Recycle Bin.
Booted into Safe Mode with Networking.
Ran FixNCR.reg.
Ran Rkill
Ran Malwarebytes Pro with latest updates, which found lots of bad stuff.
Tried to use Restore Points, in an effort to reset some Registry settings
that the Virus had changed. Could not get any Restore points to work either
in Safe Mode or regular Bootup.
Turned off Restore points, Ran Disc Cleanup again, and ran MalwareBytes again.
Ran Spy Sweeper which also found some bad things.

Ran hosts-perm.bat, and followed the replacement procedure.

Some desktop icons that were shortcuts to Apps were gone.
Ran Unhide, but still no icons. Add/Remove programs showed that the
Apps were still there (Quick Books showed 437 MB).
All Prgorams showed the App Folder, but when opened it said Empty or No Data.
Checked the permissions on the Folder, they were not Hidden, but set to
Read Only. Removed that check and Applied the change...still nothing.
Explorer did not show the applications either.
Found out the name of the executable for the App and did a search for it.
Once found, I created a new shortcut to the App on the desktop...Works fine.

Opening up a Microsoft Office document worked OK, but MalwareBytes kept
reporting that an unsafe URL 66.??? was trying to be accessed, but was being blocked.
Removed the normal.dot file associated with Microsoft Word. No help.

I ran Combo Fix (later learned that this is not always recommended).
Then ran the SpySweeper again and the problem seems to have gone away.

I did not run the De-Fogger or any RootKit programs.

The computer appears to be fixed, however I have a few questions !!!

How could I recover the original App icons?
Should I have run Root Kit removal programs?
At what point is a decision made to save the PC Documents and do a complete
OS reinstall. I am retired and have a lot of time to do interesting stuff.
I look at Viruses as a challenge...like a Suduku puzzle...however sometimes
they make me feel helpless, and I wished that I had just done a complete Format
from the Command Line and reinstalled everything...Maybe moving up to Win 7.
The PC always runs a lot faster !!

BC AdBot (Login to Remove)


#2 m0le


    Can U Dig It?

  • Malware Response Team
  • 34,527 posts
  • Gender:Male
  • Location:London, UK
  • Local time:09:34 AM

Posted 17 May 2011 - 07:26 PM


Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 m0le


    Can U Dig It?

  • Malware Response Team
  • 34,527 posts
  • Gender:Male
  • Location:London, UK
  • Local time:09:34 AM

Posted 23 May 2011 - 06:01 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
Posted Image
m0le is a proud member of UNITE

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users