Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus.win32.agent.mpq


  • This topic is locked This topic is locked
38 replies to this topic

#31 Jekth

Jekth
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:35 PM

Posted 13 December 2011 - 08:44 PM

I tried a system restore without any luck when the computer was first infected. Also, we did a windows recovery install and now we don't have a system restore point from before the infection.

BC AdBot (Login to Remove)

 


#32 ratman

ratman

    Bleepin' gnawing at it!


  • Malware Response Team
  • 1,799 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:01:35 AM

Posted 14 December 2011 - 10:32 AM

Hi Jekth,,

We're going to try uninstalling and re-installing SP3 to see if this resolves your issues.

Firstly, I'd like you to create a System Restore Point
  • Click start > All Programs > accessories > System Tools > System Restore
  • Check Create a Restore Point button
  • Click Next and follow instructions
Next, remove SP3 by following instructions here.

Once SP3 has been uninstalled I'd like you to run a file check:
  • Click start
  • Select run
  • copy/paste sfc /scannow into open box
  • Press OK and follow any instructions.
Finally, Re-install SP3 from XP SP3 Download

How is your machine now?
regards, ratman

a proud member of:
Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM

If I have helped and you would like to show your appreciation you may Posted Image to the cause.



#33 Jekth

Jekth
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:35 PM

Posted 14 December 2011 - 12:05 PM

Created a restore point. After clicking remove sp3 I'm getting an error, "system cannot find the file specified." Then it says sp3 was not removed. Had to reinstall sp3 when we did the windows recovery install and it didn't have an effect on the kb/tp problem but it did restore the internet connection.

#34 ratman

ratman

    Bleepin' gnawing at it!


  • Malware Response Team
  • 1,799 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:01:35 AM

Posted 14 December 2011 - 12:30 PM

Which file does the message refer to?

How did you restore SP3 initially?
regards, ratman

a proud member of:
Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM

If I have helped and you would like to show your appreciation you may Posted Image to the cause.



#35 Jekth

Jekth
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:35 PM

Posted 14 December 2011 - 12:33 PM

The error doesn't specify the file name. When we did the recovery install of windows from the xp disc it loaded sp2. I had to manually install sp3 from microsoft's website.

#36 ratman

ratman

    Bleepin' gnawing at it!


  • Malware Response Team
  • 1,799 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:01:35 AM

Posted 14 December 2011 - 02:13 PM

Can you try one more time doing the recovery to SP2 as you did initially and then do the file check:


Once SP3 has been uninstalled I'd like you to run a file check:
  • Click start
  • Select run
  • copy/paste sfc /scannow into open box
  • Press OK and follow any instructions.
Re-install SP3 from XP SP3 Download
regards, ratman

a proud member of:
Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM

If I have helped and you would like to show your appreciation you may Posted Image to the cause.



#37 Jekth

Jekth
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:35 PM

Posted 14 December 2011 - 06:20 PM

Repair install of xp sp2 -> sfc /scannow -> xp sp3 reinstalled and still no kb/tp. Internet explorer is now working again though.

#38 ratman

ratman

    Bleepin' gnawing at it!


  • Malware Response Team
  • 1,799 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:01:35 AM

Posted 16 December 2011 - 06:21 AM

Hi Jekth,

Sorry to say, but it seems the only way to get control of your keyboard/touchpad back is to do a full re-installation of your Windows XP (I have consulted with other BC experts on this).

Please backup all data you would like to keep to a flash drive/backup hard drive before you do this process.

If you need help with either of these processes I can provide further information.

===================================================================

After, a few things:

Things to do to stay safe:

  • Make sure Windows Updates (including Internet Explorer) are current. Follow instructions here
  • Run Malwarebytes "Quick scan" once in a week to assure safety of your computer.
  • Download and install Secunia Personal Software Inspector (PSI): The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.
  • When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.
  • Read How did I get infected?, With steps so it does not happen again!

Happy and safe surfing!
regards, ratman

a proud member of:
Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM

If I have helped and you would like to show your appreciation you may Posted Image to the cause.



#39 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:35 AM

Posted 21 December 2011 - 07:32 AM

This thread will now be closed.

If you need this topic reopened, please send me a Private Message and I will reopen it for you.

If you should have a new issue, please start a new topic.

Every one else should start a new topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users