Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.
ForumsMicrosoft Windowsrootkit-gen virus and windows\system32\ files


3 posts

Wannabe Geek


Topic # 55944 11-Jan-2010 05:43
Send private message

Hi Geeks
I used Avast to scan our IBM laptop which has Windows XP, Avast found the rootkit-gen virus to be present in a couple of the windows\system32\ files.  Avast gave me an option to delete and wisely or otherwise - I chose to do so.  Avast did not then complete the scan but the computer seemed to "trip" onto the windows screensaver.  The computer will now reboot, but when it comes to logging on to windows it accepts the user id and the password, then promptly logs off.  I have tried rebooting on safe mode using F8, however there is only one option, ie. to use Microsoft Windows XP Professional, so the computer goes back to the logging on to windows window.
Can any one give me some advise as to how to overcome this?
Thanks in advance.  Chico44

Create new topic
360 posts

Ultimate Geek


  Reply # 289053 11-Jan-2010 18:40
Send private message

I fix this type of stuff all the time its a little easier if you have the equipment.

the way i would start out

stuff needed

1 old pc that you dont mind getting infected  (probly one get infected though), or a usb adapter you can put run it as a slave drive. make sure you have avast installed on the second pc. do a boot scan with avast delete any thing it finds.

next run a malware bytes scan on your infected computers hard drive. aslo manually delete any temp files from application data.

plug your hard drive back into your main computer see if you can get into safe mode.
if you carnt.

get your self a windows xp disk. boot from cd to load the disk. when it first comes up it will ask you what you want to do. hi r this will take you to a black screen where you see your drive. if you carnt see it type map then hit enter

see if you can see it then if you can
type fix boot somtimes that brings it back

ither way type

fixboot

then press enter

now type fixmbr

if you have time but probly not a big deal while in there type

chkdsk /p /r

push enter this one will take some time and it will jump % alot maby 30 to 50 to 75 back to 40 just let it run till its finished. not a neceacry step just somthing like to do it helps fix some errors on your hard drive

once done type

exit

press enter

see if you can get into windows yet

if you carnt you may have to do a windows repair reboot pc boot back to windows cd. this time instead of pressing r press f8 i agree it will take you through to the next screen keep going you will eventually have the option to repair your windows. run this. warning you will need your windows xp COA sticker should be stuck on the side of your pc if its not dont bother wit hthis as you wont be able to do it as it needs it.


once done see if you can get into safe mode.

also after pushing the f8 and says which os do you want to boot from keep hitting f8 it may bring it up.

hopfully you can get into safe mode doing so.

if this does not work with our doing a manual clean out on the hard drive while connected to the second pc you may need to reformat if you dont want to take it to a computer store or sombody willing to write a very long post for you. hope this gets you started. let me know how you get on thanks

get a windows xp disk




Hu? did i do that?
16Mb (EDO RAM), K6-II processor, 2Mb of onboard graphics. 32k dial up modem. 12 speed CD ROM. 5¼-inch floppy drive. 500Mb HDD.

360 posts

Ultimate Geek


  Reply # 289056 11-Jan-2010 18:43
Send private message

oh forgot to mention make sure you have the same xp disk as what you are running sounds like xp pro. also make sure your windows COA matches your version eg. you have a windows xp pro coa not a windows xp home coa.

if you can get into windows i would suggest doing another malware bytes scan from within windows in safe mode. also do another boot scan within your laptop somtimes it picks up stuff it didnt on the second pc.

make sur eyou turn off system restore as soon as you get into windows cause stuff hides in there




Hu? did i do that?
16Mb (EDO RAM), K6-II processor, 2Mb of onboard graphics. 32k dial up modem. 12 speed CD ROM. 5¼-inch floppy drive. 500Mb HDD.



3 posts

Wannabe Geek


  Reply # 289198 12-Jan-2010 10:55
Send private message

Thanks heretohelp for your detailed instructions, but unfortunately I do not have an old computer I can sacrifice and am not confident about taking inards out of computers. Do have a windows xp professional boot disc though, but the laptop does not look in the CD drive to boot and i can find no way of getting it to do so! Looks like I'll have to take it into a shop.
thanks again

360 posts

Ultimate Geek


  Reply # 289430 12-Jan-2010 21:18
Send private message

what is the brand and model number of your laptop. i will see if i can find a manual on the bios or some instructions. often hitting f8 on the laptop as it boots will give you the option to boot from aontehr drive somtimes its f12

failing that you should be able to change it in the bios.

maby delete button f1 or f2 at the right time just as it boots you will be good to get in. on the odd time its space bar or if its ibm they have an ibm button you push to get to bios set up




Hu? did i do that?
16Mb (EDO RAM), K6-II processor, 2Mb of onboard graphics. 32k dial up modem. 12 speed CD ROM. 5¼-inch floppy drive. 500Mb HDD.



3 posts

Wannabe Geek


  Reply # 290173 15-Jan-2010 06:40
Send private message

Hi Again
I got into the BIOS but was unable to change anything, well I thought I had done when the laptop booted and I could hear the disc drive rotating, but that was all it did, the computer still booted from the hard drive, so I have conceded defeat and my other half took it into a local computer shop. they are going to reformat the harddrive, reinstall windows and put malware and a different anti virus software on for us. Thanks once again!

360 posts

Ultimate Geek


  Reply # 290397 15-Jan-2010 18:47
Send private message

ah i c. i remove viruses for a living. would of liked to see it. but some are very nasty and do need formating usually a last resort as far as im concernd though, hopfully they back your data up for you. i would still keep with avast or nod32 dont let them sell you anything else like norton or CA.

the best anti malware/spyware is spybot and malwarebytes as far as im concernd.

hope it works out for you. i think that it owuld of been to much for a home user to fix much easier and less stress to take it to a shop hehe.

let me know what programs they isntalled just out of intereast thanks




Hu? did i do that?
16Mb (EDO RAM), K6-II processor, 2Mb of onboard graphics. 32k dial up modem. 12 speed CD ROM. 5¼-inch floppy drive. 500Mb HDD.

Banana?
4363 posts

Uber Geek
+1 received by user: 1031

Subscriber

  Reply # 290732 17-Jan-2010 17:21
Send private message

I have seen a few of those rootkits over the last couple of weeks. Avast shouldn't have been able to delete the files in System32 it found (normally one of them is NDIS.sys, and there is another one that windows needs to logon) as they are system files.

I use NOD32 and it finds the infected files, but won't delete them.

What has to be done is the drive putting in another machine, and those infected files replaced with good copies, either directly off the XP CD, or from the \i386 folder. Could also do it from the recovery console. Both methods require a fair bit of knowledge, but are quick and easy to fix (compared to wiping everything on your computer and starting again)

Create new topic

Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Intel introduces new NUC kits and NUC mini PCs
Posted 16-Aug-2018 11:03

The Warehouse leaps into the AI future with Google
Posted 15-Aug-2018 17:56

Targus set sights on enterprise and consumer growth in New Zealand
Posted 13-Aug-2018 13:47

Huawei to distribute nova 3i in New Zealand
Posted 9-Aug-2018 16:23

Home robot Vector to be available in New Zealand stores
Posted 9-Aug-2018 14:47

Panasonic announces new 2018 OLED TV line up
Posted 7-Aug-2018 16:38

Kordia completes first live 4K TV broadcast
Posted 1-Aug-2018 13:00

Schools get safer and smarter internet with Managed Network Upgrade
Posted 30-Jul-2018 20:01

DNC wants a safer .nz in the coming year
Posted 26-Jul-2018 16:08

Auldhouse becomes an AWS Authorised Training Delivery Partner in New Zealand
Posted 26-Jul-2018 15:55

Rakuten Kobo launches Kobo Clara HD entry level reader
Posted 26-Jul-2018 15:44

Kiwi team reaches semi-finals at the Microsoft Imagine Cup
Posted 26-Jul-2018 15:38

KidsCan App to Help Kiwi Children in Need
Posted 26-Jul-2018 15:32

FUJIFILM announces new high-performance lenses
Posted 24-Jul-2018 14:57

New FUJIFILM XF10 introduces square mode for Instagram sharing
Posted 24-Jul-2018 14:44


Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.