Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsMicrosoft Windowsrootkit-gen virus and windows\system32\ files


3 posts

Wannabe Geek


#55944 11-Jan-2010 05:43
Send private message

Hi Geeks
I used Avast to scan our IBM laptop which has Windows XP, Avast found the rootkit-gen virus to be present in a couple of the windows\system32\ files.  Avast gave me an option to delete and wisely or otherwise - I chose to do so.  Avast did not then complete the scan but the computer seemed to "trip" onto the windows screensaver.  The computer will now reboot, but when it comes to logging on to windows it accepts the user id and the password, then promptly logs off.  I have tried rebooting on safe mode using F8, however there is only one option, ie. to use Microsoft Windows XP Professional, so the computer goes back to the logging on to windows window.
Can any one give me some advise as to how to overcome this?
Thanks in advance.  Chico44

Create new topic
360 posts

Ultimate Geek


  #289053 11-Jan-2010 18:40
Send private message

I fix this type of stuff all the time its a little easier if you have the equipment.

the way i would start out

stuff needed

1 old pc that you dont mind getting infected  (probly one get infected though), or a usb adapter you can put run it as a slave drive. make sure you have avast installed on the second pc. do a boot scan with avast delete any thing it finds.

next run a malware bytes scan on your infected computers hard drive. aslo manually delete any temp files from application data.

plug your hard drive back into your main computer see if you can get into safe mode.
if you carnt.

get your self a windows xp disk. boot from cd to load the disk. when it first comes up it will ask you what you want to do. hi r this will take you to a black screen where you see your drive. if you carnt see it type map then hit enter

see if you can see it then if you can
type fix boot somtimes that brings it back

ither way type

fixboot

then press enter

now type fixmbr

if you have time but probly not a big deal while in there type

chkdsk /p /r

push enter this one will take some time and it will jump % alot maby 30 to 50 to 75 back to 40 just let it run till its finished. not a neceacry step just somthing like to do it helps fix some errors on your hard drive

once done type

exit

press enter

see if you can get into windows yet

if you carnt you may have to do a windows repair reboot pc boot back to windows cd. this time instead of pressing r press f8 i agree it will take you through to the next screen keep going you will eventually have the option to repair your windows. run this. warning you will need your windows xp COA sticker should be stuck on the side of your pc if its not dont bother wit hthis as you wont be able to do it as it needs it.


once done see if you can get into safe mode.

also after pushing the f8 and says which os do you want to boot from keep hitting f8 it may bring it up.

hopfully you can get into safe mode doing so.

if this does not work with our doing a manual clean out on the hard drive while connected to the second pc you may need to reformat if you dont want to take it to a computer store or sombody willing to write a very long post for you. hope this gets you started. let me know how you get on thanks

get a windows xp disk




Hu? did i do that?
16Mb (EDO RAM), K6-II processor, 2Mb of onboard graphics. 32k dial up modem. 12 speed CD ROM. 5¼-inch floppy drive. 500Mb HDD.

360 posts

Ultimate Geek


  #289056 11-Jan-2010 18:43
Send private message

oh forgot to mention make sure you have the same xp disk as what you are running sounds like xp pro. also make sure your windows COA matches your version eg. you have a windows xp pro coa not a windows xp home coa.

if you can get into windows i would suggest doing another malware bytes scan from within windows in safe mode. also do another boot scan within your laptop somtimes it picks up stuff it didnt on the second pc.

make sur eyou turn off system restore as soon as you get into windows cause stuff hides in there




Hu? did i do that?
16Mb (EDO RAM), K6-II processor, 2Mb of onboard graphics. 32k dial up modem. 12 speed CD ROM. 5¼-inch floppy drive. 500Mb HDD.

 
 
 
 




3 posts

Wannabe Geek


  #289198 12-Jan-2010 10:55
Send private message

Thanks heretohelp for your detailed instructions, but unfortunately I do not have an old computer I can sacrifice and am not confident about taking inards out of computers. Do have a windows xp professional boot disc though, but the laptop does not look in the CD drive to boot and i can find no way of getting it to do so! Looks like I'll have to take it into a shop.
thanks again

360 posts

Ultimate Geek


  #289430 12-Jan-2010 21:18
Send private message

what is the brand and model number of your laptop. i will see if i can find a manual on the bios or some instructions. often hitting f8 on the laptop as it boots will give you the option to boot from aontehr drive somtimes its f12

failing that you should be able to change it in the bios.

maby delete button f1 or f2 at the right time just as it boots you will be good to get in. on the odd time its space bar or if its ibm they have an ibm button you push to get to bios set up




Hu? did i do that?
16Mb (EDO RAM), K6-II processor, 2Mb of onboard graphics. 32k dial up modem. 12 speed CD ROM. 5¼-inch floppy drive. 500Mb HDD.



3 posts

Wannabe Geek


  #290173 15-Jan-2010 06:40
Send private message

Hi Again
I got into the BIOS but was unable to change anything, well I thought I had done when the laptop booted and I could hear the disc drive rotating, but that was all it did, the computer still booted from the hard drive, so I have conceded defeat and my other half took it into a local computer shop. they are going to reformat the harddrive, reinstall windows and put malware and a different anti virus software on for us. Thanks once again!

360 posts

Ultimate Geek


  #290397 15-Jan-2010 18:47
Send private message

ah i c. i remove viruses for a living. would of liked to see it. but some are very nasty and do need formating usually a last resort as far as im concernd though, hopfully they back your data up for you. i would still keep with avast or nod32 dont let them sell you anything else like norton or CA.

the best anti malware/spyware is spybot and malwarebytes as far as im concernd.

hope it works out for you. i think that it owuld of been to much for a home user to fix much easier and less stress to take it to a shop hehe.

let me know what programs they isntalled just out of intereast thanks




Hu? did i do that?
16Mb (EDO RAM), K6-II processor, 2Mb of onboard graphics. 32k dial up modem. 12 speed CD ROM. 5¼-inch floppy drive. 500Mb HDD.

Banana?
4925 posts

Uber Geek

Subscriber

  #290732 17-Jan-2010 17:21
Send private message

I have seen a few of those rootkits over the last couple of weeks. Avast shouldn't have been able to delete the files in System32 it found (normally one of them is NDIS.sys, and there is another one that windows needs to logon) as they are system files.

I use NOD32 and it finds the infected files, but won't delete them.

What has to be done is the drive putting in another machine, and those infected files replaced with good copies, either directly off the XP CD, or from the \i386 folder. Could also do it from the recovery console. Both methods require a fair bit of knowledge, but are quick and easy to fix (compared to wiping everything on your computer and starting again)

Create new topic



Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Withings launches three new devices to help monitor heart health from home
Posted 13-Feb-2020 20:05

Auckland start-up Yourcar matches new car buyers with dealerships
Posted 13-Feb-2020 18:05

School gardens go high tech to teach kids the importance of technology
Posted 13-Feb-2020 11:10

Malwarebytes finds Mac threats outpace Windows for the first time
Posted 13-Feb-2020 08:01

Amazon launches Echo Show 8 in Australia and New Zealand
Posted 8-Feb-2020 20:36

Vodafone New Zealand starts two year partnership with LetsPlay.Live
Posted 28-Jan-2020 11:24

Ring launches indoor-only security camera
Posted 23-Jan-2020 17:26

New report findings will help schools implement the digital technologies curriculum content
Posted 23-Jan-2020 17:25

N4L to upgrade & support wireless internet inside schools
Posted 23-Jan-2020 17:22

Netflix releases 21 Studio Ghibli works
Posted 22-Jan-2020 11:42

Vodafone integrates eSIM into device and wearable roadmap
Posted 17-Jan-2020 09:45

Do you need this camera app? Group investigates privacy implications
Posted 16-Jan-2020 03:30

JBL launches headphones range designed for gaming
Posted 13-Jan-2020 09:59

Withings introduces ScanWatch wearable combining ECG and sleep apnea detection
Posted 9-Jan-2020 18:34

NZ Police releases public app
Posted 8-Jan-2020 11:43


Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.