Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need System Recovery Help


  • Please log in to reply
5 replies to this topic

#1 Woody

Woody

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Local time:03:48 AM

Posted 26 September 2006 - 11:07 PM

I have a single 300GB hard drive inside my case, and it's partitioned into a smaller C: drive for OS and software, and a larger H: drive for data.

Well, over the weekend the computer became possessed and Windows is telling me I have spyware. So I run AdAware Se (free version) and it finds a lot of bad stuff. So I quarantine and delete the bad stuff, but I think AdAware Se classified some good files as bad because after quarantining and deleting the bad stuff, the computer will not boot up properly now. I get beyond the Windows start-up screen (XP Pro SP2) where I select my identity and enter my password, but from there it is basically frozen. I cannot open any programs, or even use Windows Explorer to try and view the contents of teh C: and H: partitions.

The good news is I think the H: drive should still be fine, and I have all critical data backed up onto an external hard drive. I think I just need to re-format the C: partition and re-install Windows, MS Office, and the other software I have CDs for.

So here's my question/dilemma: how do I re-format just the C: partition of the hard drive? I don't want to mess with the H: partition at all if possible. I am afraid if I put the XP Pro disk in the computer and boot from it, I will accidentally re-format the entire drive instead of just the C: partition.

PLEASE HELP!!!

Thanks in advance,

Jason

BC AdBot (Login to Remove)

 


#2 Wildabeast

Wildabeast

    Bleeping Lurker...


  • Members
  • 1,259 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Nebraska, USA
  • Local time:03:48 AM

Posted 27 September 2006 - 12:41 AM

When you boot up the XP cd, it should format only the C drive. That is the drive it will install to. I could be wrong, it's been a while since I did that. If I am, I'm sure someone will say.
But they are 2 different drives as far as Windows is concerned, and by default it should go on to C:
"The nine most feared words in the english language, 'I'm from the government, and I'm here to help'..."
Ronald Reagan

#3 Enthusiast

Enthusiast

  • Members
  • 5,898 posts
  • OFFLINE
  •  
  • Location:Florida, USA
  • Local time:03:48 AM

Posted 27 September 2006 - 06:14 AM

Before you reformat and reinstall Windows try the following:

If you can boot into safe mode, boot into safe mode with command prompt and initiate system restore from there, which will get your system booting again.

Start the System Restore tool at a command prompt
1.Restart your computer, and then press F8 during the initial startup to start your computer in Safe Mode with a command prompt.

2.Log on to your computer with an administrator account or with an account that has administrator credentials.

3.Type the following command at a command prompt, and then press ENTER:

%systemroot%\system32\restore\rstrui.exe

4.Follow the instructions that appear on the screen to restore your computer to an earlier state.
http://support.microsoft.com/kb/304449/

After you do that post a Hijack This log in our Hijack This logs and analysis forum for expert assistance in getting rid of your malware infection.
(How did you catch it - P2P aps?)

Read the following carefully and follow the instructions there to post a Hijack This log in our Hijack This Logs and Analysis Forum

Hijack This Preparation Guide
http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/

#4 Woody

Woody
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Local time:03:48 AM

Posted 27 September 2006 - 11:07 AM

Before you reformat and reinstall Windows try the following:

If you can boot into safe mode, boot into safe mode with command prompt and initiate system restore from there, which will get your system booting again.

Start the System Restore tool at a command prompt
1.Restart your computer, and then press F8 during the initial startup to start your computer in Safe Mode with a command prompt.

2.Log on to your computer with an administrator account or with an account that has administrator credentials.

3.Type the following command at a command prompt, and then press ENTER:

%systemroot%\system32\restore\rstrui.exe

4.Follow the instructions that appear on the screen to restore your computer to an earlier state.
http://support.microsoft.com/kb/304449/

After you do that post a Hijack This log in our Hijack This logs and analysis forum for expert assistance in getting rid of your malware infection.
(How did you catch it - P2P aps?)

Read the following carefully and follow the instructions there to post a Hijack This log in our Hijack This Logs and Analysis Forum

Hijack This Preparation Guide
http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/


Enthusiast, thanks so much for your post. I will try booting into safe mode and initiating a system restore. If this is successful, I will then follow your post above regarding Hijack This and see what happens.

Worst case scenario, I will reformat the C: partition and re-install everything.

I will post again after I give all of this a try tonight.

Thanks again,

Jason

#5 Woody

Woody
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Local time:03:48 AM

Posted 28 September 2006 - 06:59 AM

Well, I tried booting in safe mode with the comand prompt and doing the recovery console like Enthusiast detailed, but Windows was unable to go back to a previous known goos point.

So I ended up re-formatting my C: partition and re-installed Windows XP and the rest of my softwware. Fortunately all critical data files were on my F: partition and were also backed up to my external hard drive.

I will likely still go through the process of doing the Hijack This process just to make sure no malware is on my F: partition or my external hard drive.

I also want to try another anti-virus program other than Norton. Anyone have suggestions? What about programs for detecting and removing adware, spyware, etc? I guess I have some more reading to do here on this site.

Thanks again for everyone's help.

Jason

#6 Enthusiast

Enthusiast

  • Members
  • 5,898 posts
  • OFFLINE
  •  
  • Location:Florida, USA
  • Local time:03:48 AM

Posted 28 September 2006 - 02:16 PM

Freeware AntiSpyware and Security Programs

Software firewalls with freeware versions
(Run only one and disable the ineffective Windows XP firewall)

ZoneAlarm (freeware) V. 6.5.722
http://www.download.com/ZoneAlarm/3000-10435_4-10039884.html
(you can have only one software firewall running. More than one will conflict)

Comodo firewall (freeware)
http://www.personalfirewall.comodo.com/

Antivirus programs - freeware
(you can only use one resident anti-virus program on your computer. More than one will conflict)

AVG:
http://www.grisoft.com/doc/289/lng/us/tpl/tpl01
(I use this one myself and recommend it highly)

Avast Anti-virus freeware
http://www.komando.com/bestshareware.asp

Anti-malware freeware
The following freeware aps will detect and remove spyware/malware from your computer and in addition to your resident anti-virus program you should have several (if not all) of these installed (and used frequently - each may detect things that the others may not -always update them before you run them)
Set them to update automatically if applicable.
Run them from safe mode when applicable

(You can run as many of these as you wish. Generally there is no conflict between these and you should always run several since each may find malware that the others may not find)

Ad-Aware SE Personal - freeware
http://fileforum.betanews.com/detail/Adawa...nal/965718306/1


Spybot S&D:
Update – Aug 2006 - Spybot by default now ignores certain products such as New.Net and Sidestep for no good reason. New.Net compromises the WinSock stack by routing all your DNS queries through the NewDotNet.DLL. To enable detection go to "Settings", "Ignore products", "All products" Tab, right click on "Product", left-click on "Deselect all".

http://www.safer-networking.org/en/index.html
Be sure to enable “Teatimer” which gives you realtime protection against malware invasion.

Microsoft Windows Defender
http://www.microsoft.com/athome/security/s...re/default.mspx
This also provides realtime protection.

Ewido Antispyware Free
http://free.grisoft.com/doc/20/lng/us/tpl/v5

SpywareBlaster:
http://www.javacoolsoftware.com/spywareblaster.html

Microsoft Malicious Software Removal Tool (Win XP and Win 2000):
http://www.microsoft.com/security/malwareremove/default.mspx

A˛ - Free from http://www.majorgeeks.com/download4281.html . Run it, click Search for Updates, then click Scan.





CWShredder
CW Shredder removes some variants of spyware known as the Coolwebsearch Trojan. The Trojan takes advantage of a flaw in a key component of Windows -- Microsoft's version of the Java Virtual Machine -- to install itself via popups often found on porn and illegal software (a.k.a. "warez") sites. Run CWShredder after installing, and have it look for updates. Then click the "Fix" button, and the program will both scan and fix any problems it finds. If your system does not have this kind of spyware, it will give you the good news.
Freeware
http://www.intermute.com/spysubtract/cwshr...r_download.html


Ccleaner (Modifies registry – Always backup your registry before using)
(Prefetch Cleaning Warning - The Advanced section of Ccleaner has a performance degrading option to “clean Old Prefetch data", never select this option for cleaning as it will actually increase load times for Windows and your applications.
Cleaning the Prefetch folder as beneficial is a Myth and actually degrades performance. Windows by default cleans this folder at 128 entries. Anyone who claims this file should be cleaned for ANY reason does not understand how Windows Prefetching works or what it actually is.)
http://www.ccleaner.com/

Microsoft Baseline Security Analyzer (MBSA)
MBSA is an easy-to-use tool designed for the IT professional that helps small and medium businesses determine their security state in accordance with Microsoft security recommendations and offers specific remediation guidance. Improve your security management process by using MBSA to detect common security misconfigurations and missing security updates on your computer systems.
http://www.microsoft.com/technet/security/...a2/default.mspx


Hijack This and a variety of other tools for malware and pestware
http://216.180.233.162/~merijn/files/HijackThis.exe or
http://www.spywareinfo.com/~merijn/downloads.html

Unless you are an expert in altering, editing or modifying the registry do not attempt to use “Hijack This” without expert assistance which you can get by following the instructions below:
How to submit a Hijack This log
http://www.bleepingcomputer.com/forums/tutorial94.html
http://www.bleepingcomputer.com/forums/How...s_Log-t956.html


Web based online Antivirus and anti-malware scans: (these can be run regardless of whatever else you are using. You must use Internet Explorer to run these as they require ActiveX to function.)

Windows Live Onecare Free Scan
It will say "Get a free PC safety scan"
http://safety.live.com/site/en-us/default.htm
Make sure you click "Full Service Scan" in the middle of the page and
not the "Try It Now Free" on the right side.

Allow it to download an Active X component.
Choose "Complete Scan" in the window that opens
Click "Next"
Do not click on anything else that offers you a free trial or to sign up if you live in the US.

Allow it to scan - it may take quite, maybe two hours or so depending on how big your hard drive is and how fragmented your registry and drive are.

Kaspersky Anti-Virus Web Scanner
http://www.kaspersky.com/service?chapter=161739400#betatest
and
File scanner and virus scanner
http://www.kaspersky.com/scanforvirus

Panda Activescan
http://www.pandasoftware.com/activescan/co...n_principal.htm
http://www.pandasoftware.com/products/activescan.htm

Trend Micro antivirus and malware scan:
http://housecall-beta.trendmicro.com/en/st...orp.asp?id=scan

Etrust Anti-virus web scanner
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx.

Avast Online scan
http://onlinescan.avast.com/

F Secure online scan
http://support.f-secure.com/ols/start.html

Ewido Online scan
http://www.ewido.net/en/onlinescan/

Trojan scans –
Sygate Trojanscan
http://scan.sygatetech.com/pretrojanscan.html

Windows Security Trojanscan
http://windowsecurity.com/trojanscan
See instructions for it here:
http://www.windowsecurity.com/trojanscan/trojanscan.asp

Parasite scan from Aumha:
http://www.aumha.org/a/noads.php
or here:
http://www.aumha.org/win5/a/noads2.htm




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users