Geekzone: technology news, blogs, forums
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.

3 posts

Wannabe Geek

Topic # 55944 11-Jan-2010 05:43
Send private message

Hi Geeks
I used Avast to scan our IBM laptop which has Windows XP, Avast found the rootkit-gen virus to be present in a couple of the windows\system32\ files.  Avast gave me an option to delete and wisely or otherwise - I chose to do so.  Avast did not then complete the scan but the computer seemed to "trip" onto the windows screensaver.  The computer will now reboot, but when it comes to logging on to windows it accepts the user id and the password, then promptly logs off.  I have tried rebooting on safe mode using F8, however there is only one option, ie. to use Microsoft Windows XP Professional, so the computer goes back to the logging on to windows window.
Can any one give me some advise as to how to overcome this?
Thanks in advance.  Chico44

Create new topic
360 posts

Ultimate Geek

  Reply # 289053 11-Jan-2010 18:40
Send private message

I fix this type of stuff all the time its a little easier if you have the equipment.

the way i would start out

stuff needed

1 old pc that you dont mind getting infected  (probly one get infected though), or a usb adapter you can put run it as a slave drive. make sure you have avast installed on the second pc. do a boot scan with avast delete any thing it finds.

next run a malware bytes scan on your infected computers hard drive. aslo manually delete any temp files from application data.

plug your hard drive back into your main computer see if you can get into safe mode.
if you carnt.

get your self a windows xp disk. boot from cd to load the disk. when it first comes up it will ask you what you want to do. hi r this will take you to a black screen where you see your drive. if you carnt see it type map then hit enter

see if you can see it then if you can
type fix boot somtimes that brings it back

ither way type


then press enter

now type fixmbr

if you have time but probly not a big deal while in there type

chkdsk /p /r

push enter this one will take some time and it will jump % alot maby 30 to 50 to 75 back to 40 just let it run till its finished. not a neceacry step just somthing like to do it helps fix some errors on your hard drive

once done type


press enter

see if you can get into windows yet

if you carnt you may have to do a windows repair reboot pc boot back to windows cd. this time instead of pressing r press f8 i agree it will take you through to the next screen keep going you will eventually have the option to repair your windows. run this. warning you will need your windows xp COA sticker should be stuck on the side of your pc if its not dont bother wit hthis as you wont be able to do it as it needs it.

once done see if you can get into safe mode.

also after pushing the f8 and says which os do you want to boot from keep hitting f8 it may bring it up.

hopfully you can get into safe mode doing so.

if this does not work with our doing a manual clean out on the hard drive while connected to the second pc you may need to reformat if you dont want to take it to a computer store or sombody willing to write a very long post for you. hope this gets you started. let me know how you get on thanks

get a windows xp disk

Hu? did i do that?
16Mb (EDO RAM), K6-II processor, 2Mb of onboard graphics. 32k dial up modem. 12 speed CD ROM. 5¼-inch floppy drive. 500Mb HDD.

360 posts

Ultimate Geek

  Reply # 289056 11-Jan-2010 18:43
Send private message

oh forgot to mention make sure you have the same xp disk as what you are running sounds like xp pro. also make sure your windows COA matches your version eg. you have a windows xp pro coa not a windows xp home coa.

if you can get into windows i would suggest doing another malware bytes scan from within windows in safe mode. also do another boot scan within your laptop somtimes it picks up stuff it didnt on the second pc.

make sur eyou turn off system restore as soon as you get into windows cause stuff hides in there

Hu? did i do that?
16Mb (EDO RAM), K6-II processor, 2Mb of onboard graphics. 32k dial up modem. 12 speed CD ROM. 5¼-inch floppy drive. 500Mb HDD.


Try Wrike: fast, easy, and efficient project collaboration software

3 posts

Wannabe Geek

  Reply # 289198 12-Jan-2010 10:55
Send private message

Thanks heretohelp for your detailed instructions, but unfortunately I do not have an old computer I can sacrifice and am not confident about taking inards out of computers. Do have a windows xp professional boot disc though, but the laptop does not look in the CD drive to boot and i can find no way of getting it to do so! Looks like I'll have to take it into a shop.
thanks again

360 posts

Ultimate Geek

  Reply # 289430 12-Jan-2010 21:18
Send private message

what is the brand and model number of your laptop. i will see if i can find a manual on the bios or some instructions. often hitting f8 on the laptop as it boots will give you the option to boot from aontehr drive somtimes its f12

failing that you should be able to change it in the bios.

maby delete button f1 or f2 at the right time just as it boots you will be good to get in. on the odd time its space bar or if its ibm they have an ibm button you push to get to bios set up

Hu? did i do that?
16Mb (EDO RAM), K6-II processor, 2Mb of onboard graphics. 32k dial up modem. 12 speed CD ROM. 5¼-inch floppy drive. 500Mb HDD.

3 posts

Wannabe Geek

  Reply # 290173 15-Jan-2010 06:40
Send private message

Hi Again
I got into the BIOS but was unable to change anything, well I thought I had done when the laptop booted and I could hear the disc drive rotating, but that was all it did, the computer still booted from the hard drive, so I have conceded defeat and my other half took it into a local computer shop. they are going to reformat the harddrive, reinstall windows and put malware and a different anti virus software on for us. Thanks once again!

360 posts

Ultimate Geek

  Reply # 290397 15-Jan-2010 18:47
Send private message

ah i c. i remove viruses for a living. would of liked to see it. but some are very nasty and do need formating usually a last resort as far as im concernd though, hopfully they back your data up for you. i would still keep with avast or nod32 dont let them sell you anything else like norton or CA.

the best anti malware/spyware is spybot and malwarebytes as far as im concernd.

hope it works out for you. i think that it owuld of been to much for a home user to fix much easier and less stress to take it to a shop hehe.

let me know what programs they isntalled just out of intereast thanks

Hu? did i do that?
16Mb (EDO RAM), K6-II processor, 2Mb of onboard graphics. 32k dial up modem. 12 speed CD ROM. 5¼-inch floppy drive. 500Mb HDD.

4259 posts

Uber Geek
+1 received by user: 974


  Reply # 290732 17-Jan-2010 17:21
Send private message

I have seen a few of those rootkits over the last couple of weeks. Avast shouldn't have been able to delete the files in System32 it found (normally one of them is NDIS.sys, and there is another one that windows needs to logon) as they are system files.

I use NOD32 and it finds the infected files, but won't delete them.

What has to be done is the drive putting in another machine, and those infected files replaced with good copies, either directly off the XP CD, or from the \i386 folder. Could also do it from the recovery console. Both methods require a fair bit of knowledge, but are quick and easy to fix (compared to wiping everything on your computer and starting again)

Create new topic

Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:

Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:

Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:

News »

Exhibition to showcase digital artwork from across the globe
Posted 23-May-2018 16:44

Auckland tops list of most vulnerable cities in a zombie apocalypse
Posted 23-May-2018 12:52

ASB first bank in New Zealand to step out with Garmin Pay
Posted 23-May-2018 00:10

Umbrellar becomes Microsoft Cloud Solution Provider
Posted 22-May-2018 15:43

Three New Zealand projects shortlisted in IDC Asia Pacific Smart Cities Awards
Posted 22-May-2018 15:14

UpStarters - the New Zealand tech and innovation story
Posted 21-May-2018 09:55

Lightbox updates platform with new streaming options
Posted 17-May-2018 13:09

Norton Core router launches with high-performance, IoT security in New Zealand
Posted 16-May-2018 02:00

D-Link ANZ launches new 4G LTE Dual SIM M2M VPN Router
Posted 15-May-2018 19:30

New Panasonic LUMIX FT7 ideal for outdoor: waterproof, dustproof
Posted 15-May-2018 19:17

Ryanair Goes All-In on AWS
Posted 15-May-2018 19:14

Te Papa and EQC Minecraft Mod shakes up earthquake education
Posted 15-May-2018 19:12

Framing Facebook: It’s not about technology
Posted 14-May-2018 16:02

Vocus works with NZ Police and telcos to stop scam calls
Posted 12-May-2018 11:12

Vista Group signs Aeon Entertainment, largest cinema chain in Japan
Posted 11-May-2018 21:41

Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.