Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computer Certification > A+ Certification > Problem after removing malware - Win 2K Pro

Reply
Thread Tools

Problem after removing malware - Win 2K Pro

 
 
Albert Frankenstein
Guest
Posts: n/a
 
      09-24-2005
Hello,

Working on a Win 2000 Pro machine, removing malware. Owner had installed
Win Antispyware
2005, which itself is malware, according to:

http://www.spywarewarrior.com/rogue_...e.htm#products

Some of the malware I removed using Spysweeper, Norton A/V, and Trend Micro
on line
scanner:
moneytree
internet optimizer
winad
hotbar
java byteverify
180 search assistant
a better internet
Serhs.exe trojan
cash back

As a result, there was a corruption in the Winsock (the computer would not
surf the
internet), and I repaired that easily by using Winfix. Anyway, now the
machine will
not boot into safe mode, nor does the start menu open. The button pushes,
but then
stays 'in' and nothing opens or happens. It also will not open when I try
the windows
button on the keyboard (which I understand to be the start menu shortcut).
Other
shortcuts do work, such as windows+r to get the run box.

Any ideas how to effect a repair? Owner does not want a clean install of
Windows
at this time.

Thanks so much.

--
Albert Frankenstein


 
Reply With Quote
 
 
 
 
Mark
Guest
Posts: n/a
 
      09-24-2005
Winfix in itself is a giant virus....bad move using it. See if you have the
virtumonde.g virus now.

"Albert Frankenstein" <(E-Mail Removed)> wrote in message
news:gifZe.4080$kH3.1803@trnddc01...
> Hello,
>
> Working on a Win 2000 Pro machine, removing malware. Owner had installed
> Win Antispyware
> 2005, which itself is malware, according to:
>
> http://www.spywarewarrior.com/rogue_...e.htm#products
>
> Some of the malware I removed using Spysweeper, Norton A/V, and Trend
> Micro on line
> scanner:
> moneytree
> internet optimizer
> winad
> hotbar
> java byteverify
> 180 search assistant
> a better internet
> Serhs.exe trojan
> cash back
>
> As a result, there was a corruption in the Winsock (the computer would not
> surf the
> internet), and I repaired that easily by using Winfix. Anyway, now the
> machine will
> not boot into safe mode, nor does the start menu open. The button pushes,
> but then
> stays 'in' and nothing opens or happens. It also will not open when I try
> the windows
> button on the keyboard (which I understand to be the start menu shortcut).
> Other
> shortcuts do work, such as windows+r to get the run box.
>
> Any ideas how to effect a repair? Owner does not want a clean install of
> Windows
> at this time.
>
> Thanks so much.
>
> --
> Albert Frankenstein
>
>



 
Reply With Quote
 
 
 
 
Albert Frankenstein
Guest
Posts: n/a
 
      09-24-2005
Mark wrote: > Winfix in itself is a giant virus....bad move using it. See
if you have the
> virtumonde.g virus now.



Oh gosh, you gave me a heart attack! Actually I used Winsockfix. Sorry for
the typo. Whew!

--
Albert Frankenstein



"Mark" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) ...
> Winfix in itself is a giant virus....bad move using it. See if you have
> the virtumonde.g virus now.
>
> "Albert Frankenstein" <(E-Mail Removed)> wrote in message
> news:gifZe.4080$kH3.1803@trnddc01...
>> Hello,
>>
>> Working on a Win 2000 Pro machine, removing malware. Owner had installed
>> Win Antispyware
>> 2005, which itself is malware, according to:
>>
>> http://www.spywarewarrior.com/rogue_...e.htm#products
>>
>> Some of the malware I removed using Spysweeper, Norton A/V, and Trend
>> Micro on line
>> scanner:
>> moneytree
>> internet optimizer
>> winad
>> hotbar
>> java byteverify
>> 180 search assistant
>> a better internet
>> Serhs.exe trojan
>> cash back
>>
>> As a result, there was a corruption in the Winsock (the computer would
>> not surf the
>> internet), and I repaired that easily by using Winfix. Anyway, now the
>> machine will
>> not boot into safe mode, nor does the start menu open. The button
>> pushes, but then
>> stays 'in' and nothing opens or happens. It also will not open when I
>> try the windows
>> button on the keyboard (which I understand to be the start menu
>> shortcut). Other
>> shortcuts do work, such as windows+r to get the run box.
>>
>> Any ideas how to effect a repair? Owner does not want a clean install of
>> Windows
>> at this time.
>>
>> Thanks so much.
>>
>> --
>> Albert Frankenstein
>>
>>

>
>



 
Reply With Quote
 
smackedass
Guest
Posts: n/a
 
      09-24-2005

> Any ideas how to effect a repair? Owner does not want a clean install of
> Windows
> at this time.


Too little too late, maybe, but I always preface my offer of spyware removal
by saying, "This may or may not work, it probably will, but if it doesn't
(**** always goes wrong, well, almost always), I will only bill toward the
reinstall."

And, the other saving caveat is, "Spyware and viruses certainly aren't good,
but, even under the best of circumstances, it is recommended that your hard
drive be reformatted and the OS re-installed once every 2 years".

This way, the customer's expectations are realistically set, and if a
spyware/virus removal works, you're the hero; if **** happens, you have your
"out". Which is not a dishonest out.

I charge $35 per hour, my maximum charge for spyware/virus removal/hardware
maintenance is $140 (the cost of 4 hours). Sometimes, I try to remove crap
for 3 1/2 hours, and still there is no difference; then, since I've made the
preceeding statements, the customer is ok with the fact that for another 1/2
hour ($17.50), their problem will be gone. Then the only thing that I have
to be very concerned about, is getting as much data off of the computer,
documents, spreadsheets, tax info, pics, music, favorites, desktop settings,
etc., as well as mail settings, email, etc. So, in essence, I've chosen to
eat the initial 3 1/2 hours, and it usually doesn't take that long to save
the data, start from scratch, return the box, set it up, and make the
customer feel good about the entire transaction.

I try to be more than fair, and though I'm not a millionaire yet, I have had
my fair share of repeat business, and referrals.

Best wishes,

smackedass


 
Reply With Quote
 
Albert Frankenstein
Guest
Posts: n/a
 
      09-24-2005
Thanks, smackedass. I don't have a problem with the client. I suggested a
clean install from the start, but he preferred I just pick at it, even
though I did in fact inform him of the risks. I worked two hours on it, and
he is actually going to try to limp along until November. In November he is
upgrading his leased equipment to new, hopefully from me. But he only needs
this computer to surf, and as long as a couple of programs work, with icons
on the desktop, he is going to be happy.

Me, on the other hand. I don't like to be defeated. That is why I am
pursuing an answer on my own to figure out what to do next.

It is all his choice, though. Of course, if things get worse because it is
not completely clean, or some damage has been done, then I don't see that he
has a lot of choices, ya know?

Thanks again.

--
Albert Frankenstein


"smackedass" <(E-Mail Removed)> wrote in message
news:vqhZe.688$%L4.246@trndny02...
>
>> Any ideas how to effect a repair? Owner does not want a clean install of
>> Windows
>> at this time.

>
> Too little too late, maybe, but I always preface my offer of spyware
> removal by saying, "This may or may not work, it probably will, but if it
> doesn't (**** always goes wrong, well, almost always), I will only bill
> toward the reinstall."
>
> And, the other saving caveat is, "Spyware and viruses certainly aren't
> good, but, even under the best of circumstances, it is recommended that
> your hard drive be reformatted and the OS re-installed once every 2
> years".
>
> This way, the customer's expectations are realistically set, and if a
> spyware/virus removal works, you're the hero; if **** happens, you have
> your "out". Which is not a dishonest out.
>
> I charge $35 per hour, my maximum charge for spyware/virus
> removal/hardware maintenance is $140 (the cost of 4 hours). Sometimes, I
> try to remove crap for 3 1/2 hours, and still there is no difference;
> then, since I've made the preceeding statements, the customer is ok with
> the fact that for another 1/2 hour ($17.50), their problem will be gone.
> Then the only thing that I have to be very concerned about, is getting as
> much data off of the computer, documents, spreadsheets, tax info, pics,
> music, favorites, desktop settings, etc., as well as mail settings, email,
> etc. So, in essence, I've chosen to eat the initial 3 1/2 hours, and it
> usually doesn't take that long to save the data, start from scratch,
> return the box, set it up, and make the customer feel good about the
> entire transaction.
>
> I try to be more than fair, and though I'm not a millionaire yet, I have
> had my fair share of repeat business, and referrals.
>
> Best wishes,
>
> smackedass
>



 
Reply With Quote
 
Tony
Guest
Posts: n/a
 
      09-25-2005
>Me, on the other hand. I don't like to be defeated. That is why I am
>pursuing an answer on my own to figure out what to do next.
>
>It is all his choice, though. Of course, if things get worse because it is
>not completely clean, or some damage has been done, then I don't see that he
>has a lot of choices, ya know?
>
>Thanks again.



Did you try Last Known Good Configuration?

If so and it didnt work.....DO this


Boot to XP cd. Press R on Setup screen (for recovery console)

Enter the # of the Windows version you wish to fix (usually 1)

Enter Administrator's password - if any or just press Enter if none

type chkdsk /r


Let us know what happened.

Tony
 
Reply With Quote
 
Steven L Umbach
Guest
Posts: n/a
 
      09-25-2005
There is no guarantee that this will work but you might consider trying
System File Checker first as in sfc /scannow and if that fails an upgrade
install. SFC may ask for the install disk and or service pack files. An
upgrade install will preserve the data and applications but require that you
first install the service pack used and then all critical updates after
doing it. You can do an upgrade install by popping the install disk into the
cdrom drive while the operating system is running and being sure to select
"upgrade" for installation type. This will also require that the product key
be entered during the upgrade install. FYI if you do a fresh install to a
formatted system drive a user on Windows 2000 or XP Pro will not be able to
decrypt any files they may have encrypted with EFS afterwards. So always
warn users to decrypt their files before repairs are attempted and/or backup
their EFS certificate/private key to a password protected .pfx file.

http://support.microsoft.com/default...b;EN-US;310747 --- info on
SFC.

I have found instances of malware running that a number of antivirus
programs were not able to detect. I have found free tools from SysInternals
very helpful in tracking such down. In particular I use Process Explorer,
Autoruns, and TCPView. Process Explorer will show detailed info on running
processes and give you the option to kill them. Often [but not always] a
process that maps to an executable that does not include a publisher name is
malware. Autoruns displays in detail the startup programs on a computer and
gives you the option to disable them from starting up. TCPView shows what
process/executable is mapped to a tcp/udp port. Also be sure to check the
services on the computer using services.msc as some malware will install
itself as a service which you can stop and disable if found. Process
Explorer would show such by examining the properties tab for services for a
process. RootkitRevealer from SysInternals is also a great advanced tool to
check for root kits on a computer that will not be discovered by malware
detection programs.

http://www.sysinternals.com/Utilitie...tRevealer.html ---
RootkitRevealer and link to SysInternals.

I have never had a problem booting into Safe Mode but have heard of at least
one other user having the same problem. I would check the logs using Event
Viewer to see if anything is recorded that may prove to be helpful. Also
keep in mind that you can use msconfig to do diagnostic or selective
startup. Diagnostic startup would be much the same as Safe Mode and may be
worth a try to see if you can do that. If you can use diagnostic startup
then you would of course want to run your malware detection tools again.

There have been times though that I have tried every trick that I know and a
computer/operating system will still not work right and the ultimate
solution is a fresh install of the operating system. I don't know why so
many users fear that if someone that knows what they are doing is going to
do the reinstall. My guess is that they are afraid that their data will be
lost or more likely they do not have a legitimate copy of the operating
system, do not have any copy of the operating system, or do not have
installation media for their applications. --- Steve


"Albert Frankenstein" <(E-Mail Removed)> wrote in message
news:gifZe.4080$kH3.1803@trnddc01...
> Hello,
>
> Working on a Win 2000 Pro machine, removing malware. Owner had installed
> Win Antispyware
> 2005, which itself is malware, according to:
>
> http://www.spywarewarrior.com/rogue_...e.htm#products
>
> Some of the malware I removed using Spysweeper, Norton A/V, and Trend
> Micro on line
> scanner:
> moneytree
> internet optimizer
> winad
> hotbar
> java byteverify
> 180 search assistant
> a better internet
> Serhs.exe trojan
> cash back
>
> As a result, there was a corruption in the Winsock (the computer would not
> surf the
> internet), and I repaired that easily by using Winfix. Anyway, now the
> machine will
> not boot into safe mode, nor does the start menu open. The button pushes,
> but then
> stays 'in' and nothing opens or happens. It also will not open when I try
> the windows
> button on the keyboard (which I understand to be the start menu shortcut).
> Other
> shortcuts do work, such as windows+r to get the run box.
>
> Any ideas how to effect a repair? Owner does not want a clean install of
> Windows
> at this time.
>
> Thanks so much.
>
> --
> Albert Frankenstein
>
>



 
Reply With Quote
 
JohnO
Guest
Posts: n/a
 
      09-25-2005

What do you guys do to immunize your personal machines?

At work I often need to browse all sorts of odd websites while researching
various topics, and I think I've found a decent strategy. I run AdAware,
Spybot, and Microsoft Anti-Spyware all at the same time. Talk about warnings
when I hit a drive-by spyware site...

-John O


 
Reply With Quote
 
Jim
Guest
Posts: n/a
 
      09-25-2005
"JohnO" <johno@@&%heathkit##.com> wrote in news:5bwZe.9$cF6.7
@newssvr30.news.prodigy.com:

> What do you guys do to immunize your personal machines?


Among other things, use a web browser that's not Internet Explorer.

Jim
 
Reply With Quote
 
PM
Guest
Posts: n/a
 
      09-26-2005
Albert Frankenstein wrote:
> Hello,
>
> Working on a Win 2000 Pro machine, removing malware. Owner had installed
> Win Antispyware
> 2005, which itself is malware, according to:
>
> http://www.spywarewarrior.com/rogue_...e.htm#products
>
> Some of the malware I removed using Spysweeper, Norton A/V, and Trend Micro
> on line
> scanner:
> moneytree
> internet optimizer
> winad
> hotbar
> java byteverify
> 180 search assistant
> a better internet
> Serhs.exe trojan
> cash back
>
> As a result, there was a corruption in the Winsock (the computer would not
> surf the
> internet), and I repaired that easily by using Winfix. Anyway, now the
> machine will
> not boot into safe mode, nor does the start menu open. The button pushes,
> but then
> stays 'in' and nothing opens or happens. It also will not open when I try
> the windows
> button on the keyboard (which I understand to be the start menu shortcut).
> Other
> shortcuts do work, such as windows+r to get the run box.
>
> Any ideas how to effect a repair? Owner does not want a clean install of
> Windows
> at this time.
>


If all else fails, try a repair installation of XP. But I would still
back up his data beforehand just in case that only complicates the problem.
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Applet to run on Win 98, Win ME, Win XP, Win Vista & Win 7 ?? Krist Java 6 05-06-2010 11:53 PM
Removing GPO setting from XP machine after removing from Domain Piet Slaghekke Computer Support 4 01-02-2007 08:58 PM
Removing Malware - frustrating and time consuming Howie Computer Information 6 04-06-2005 12:20 AM
removing malware - frustrating and time consuming Howie Computer Information 0 03-31-2005 07:26 PM



Advertisments