Unsolved
This post is more than 5 years old
4 Posts
0
2942
XP Antivirus 2010 malware infection - XPS Dimen 600
I have been struggling with this malware for a while. Everything, including safe mode has been taken over. I finally figured out that the virus gives you a copy of your desktop, programs, antivirus, etc., when you think you're getting somewhere. I can no longer access my jump drive to load any anti-malware. I cannot get to the internet, can't run any virus scans - it has taken over or disabled everything. I was up-to-date with all of the microsoft service packs and fixes. I missed my opportunity to catch it early enough. From what I've read, this is just the latest version of the 2008 and 2009 XP malware.
I have tried to use my original OS XP Professional reinstallation CD Service Pack 1 that came with the computer (many years ago) - it stops at the welcome screen of the XP Pro Setup screen and freezes - will not let me type in an 'r' or exit, etc.. I read somewhere (I've been to lots of forums, but have not posted anything in any of them), that I may need a reinstallation CD with at least Service Pack 2 as I have SATA rather than IDE. Is this true? Can I order it from Dell?
If this is not true, what do I do about this bug? As soon as Windows is initiated - safe mode, regular, etc., it is taken over. I can't get around the shell it has put up.
Would appreciate any help. I realize the PC is older (bought it a few years ago), but it has enough horsepower to handle the systems I use today and I'd like to be able to at least recover some of my (unbacked-up) files.
1972vet
3.3K Posts
0
March 8th, 2010 18:00
ase6145
4 Posts
0
March 8th, 2010 20:00
Thank you for the response, but I'm afraid I am past the point where I can even get the computer to recognize the flash drive. A couple of things are happening now:
-- When I hit F8 to try and go into safe mode, the pc scrolls through a page full of lines lines: multi(0)disk(0)rdisk(0)partition(2)\windows\system32\drivers..... the bug has already taken hold at that point and then it just stops. I feel as though it has created a whole sandbox for itself on another partition and that's what I'm seeing. I guess I'm hoping for that as it will mean my data is still living somewhere.
-- If I let it go into regular startup, a pretend chkdsk takes over the whole screen, then finally shows me my "desktop." The Start bar looks odd and does not show any of the devices (no indication that the network is not connected, no indication that the jump drive is available, etc.) The screen is completely filled with a copy of my desktop, none of the programs work. The flash drive does not light up or flash.
I have two questions at this point:
-- Do you think an XP reinstall with Service Pack 2 will work? (this is what someone suggested in another forum - not in response to this - I haven't posted to any forum). I have only the initial disk that Dell sent with the machine with Service Pack 1. I am concerned, though, that if it disabled the USB port with the flash drive, it is fooling around with the CD drive.
-- I assume my flash drive needs to be cleaned up or trashed after it has been attached to the infected PC?
Again - I appreciate the help.
1972vet
3.3K Posts
0
March 9th, 2010 03:00
***Important Note***
Please read through the guidance on that web page carefully and thoroughly...and install the Recovery Console. Using this tool without the Recovery Console installed is NOT RECOMMENDED.
If you have Windows Vista, you can skip the recovery console step...in Vista it's in the System Recovery Options menu. The System Recovery Options menu is on the Windows Vista installation disc. If Windows doesn't start correctly, you can use these tools to repair startup problems.
The Windows Recovery Console will allow you to boot into a special recovery (repair) mode that is not otherwise available. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It's a simple procedure that will only take a few moments.
Once installed, a blue screen prompt should appear that reads as follows:
The Recovery Console was successfully installed.
When you see that screen, please continue as follows:
When the tool is finished, it will produce a log file for you. Please post that log back here on your next reply. Thanks!
Note:
Do not mouseclick combofix's window while it's running....that may cause the scan to stall
ase6145
4 Posts
0
March 9th, 2010 06:00
Hi - I hope you're right about the permanent damage. I have no way of loading any programs onto this machine, however, or running programs from a flash drive.
I can only explain that:
-- every time I start the computer, some other layer of the malware is laid down. I used to be able to get into the 'real' safe mode, can't any longer.
-- Then I had a fake safe mode - same squirrelly start taskbar.
-- I cannot access the flash drive. I, therefore, cannot load up any programs. I cannot get to a real task manager.
-- When I let it start 'normally', the icons on the desktop are fake, and when I do a Start > Programs, all of the programs associated with my Symantec, for example, are no longer an option. It just shows programs without their accompanying subprograms.
That's why I feel like I'm looking at a copy of my machine - and that copy with the malware is off in some special sector that I can't subvert.
Do you think running a CD, assuming that I still can, with Service Pack 2 will work?
Thanks.
1972vet
3.3K Posts
0
March 9th, 2010 09:00
Just to set the record straight, there is no such thing as a "fake safe mode" so I have no idea what you could possibly mean. If you booted into safe mode and a desktop came up then you were indeed in safe mode.
No such thing as a "fake task manager" either. There are malicious codes out there that can inject a .dll file and hijack certain utilities but that particular type of malicious program is not the same issue your thread title complains of.
If your system was infected with only the XP Antivirus 2010, then it would have been cleaned up by now from having followed the posted instructions. Your issue seems to be complicated by something else entirely.
In your original statement, you said you have been struggling with this for a while and allude to the fact that you have attempted some cleanup endeavor on your own. Perhaps something you did has complicated this issue? You would know better than I.
How would you expect to be able to run an install CD with SP2 since the only install CD you have is SP1...and if that froze, how can you expect different results by doing the same thing?
Running in stall CD, whether it is SP1 or SP2 is still the same function...and if the setup function froze before, it should freeze again.
We might be able to help if you can remember details as to exactly what all you have done since this issue began. Also, please advise if you have even attempted to use the install CD to boot into the recovery console. Thanks!
ase6145
4 Posts
0
March 9th, 2010 12:00
If you look at some of the other posts, you'll see that there are others who have encountered a fake safe mode, a fake task manager, etc. (eg., JIKO and mdesilvio among others that have posted in the last few days). I imagine the real safemode may be running in the background, but there is no way to get to them. Before it got way out of hand, I ran the Malwarebytes program but made one critical mistake in closing it before I let it reboot to finish the clean up and give me a window to do more de-tox of the pc. From what I've read of the virus, it runs in parallel with other programs that you execute and disables the ones that it finds to be a threat (I read that from one of the links that you gave me). So everytime one logs in and executes a program (antivirus, regedit, msconfig to name a few) it disables those and the problem gets worse the more you try until you end up with a machine like mine.
I was trying to get to the recovery console, but became stuck on the unresponsive screen. As I said, in another forum, they suggested to another person that they needed SP2 because they had SATA vs. IDE, as do I.
I will try to get a new installation disk from Dell and see if that works.
If anyone else is reading this thread, please chime in with your experiences.
Again, I appreciate your time.
JIKO
73 Posts
0
March 9th, 2010 12:00
1972 Vet: I am going to try you advice tonight. I have downloaded both fixexe and malware onto a flash drive, as well as printed the instructions. I don't think I encountered a fake safe mode, I saw the virus while IN safe mode. I'm not very computer saavy, so I probably wouldn't know a fake from the real thing! If all else fails, I'll reformat the hard drive I guess
1972vet
3.3K Posts
0
March 9th, 2010 19:00
Hi jiko,
Please let me know how it turns out for you. Glad to hear you hadn't encountered something like a "fake" safe mode, as I explained...there is no such thing. Please let me know if you run into any problems with those instructions and I will be happy to guide you on.
Bugbatter
3 Apprentice
3 Apprentice
•
20.5K Posts
0
March 9th, 2010 20:00
jiko, you have posted in another person's topic. This could get confusing. Which one of us are you going to work with?
http://en.community.dell.com/forums/t/19326233.aspx
1972vet
3.3K Posts
0
March 12th, 2010 10:00
Other members who need assistance please start your own topic in a new thread. Thanks!
The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.