Problem after removing malware - Win 2K Pro

Discussion in 'A+ Certification' started by Albert Frankenstein, Sep 24, 2005.

  1. Hello,

    Working on a Win 2000 Pro machine, removing malware. Owner had installed
    Win Antispyware
    2005, which itself is malware, according to:

    http://www.spywarewarrior.com/rogue_anti-spyware.htm#products

    Some of the malware I removed using Spysweeper, Norton A/V, and Trend Micro
    on line
    scanner:
    moneytree
    internet optimizer
    winad
    hotbar
    java byteverify
    180 search assistant
    a better internet
    Serhs.exe trojan
    cash back

    As a result, there was a corruption in the Winsock (the computer would not
    surf the
    internet), and I repaired that easily by using Winfix. Anyway, now the
    machine will
    not boot into safe mode, nor does the start menu open. The button pushes,
    but then
    stays 'in' and nothing opens or happens. It also will not open when I try
    the windows
    button on the keyboard (which I understand to be the start menu shortcut).
    Other
    shortcuts do work, such as windows+r to get the run box.

    Any ideas how to effect a repair? Owner does not want a clean install of
    Windows
    at this time.

    Thanks so much.

    --
    Albert Frankenstein
     
    Albert Frankenstein, Sep 24, 2005
    #1
    1. Advertising

  2. Albert Frankenstein

    Mark Guest

    Winfix in itself is a giant virus....bad move using it. See if you have the
    virtumonde.g virus now.

    "Albert Frankenstein" <> wrote in message
    news:gifZe.4080$kH3.1803@trnddc01...
    > Hello,
    >
    > Working on a Win 2000 Pro machine, removing malware. Owner had installed
    > Win Antispyware
    > 2005, which itself is malware, according to:
    >
    > http://www.spywarewarrior.com/rogue_anti-spyware.htm#products
    >
    > Some of the malware I removed using Spysweeper, Norton A/V, and Trend
    > Micro on line
    > scanner:
    > moneytree
    > internet optimizer
    > winad
    > hotbar
    > java byteverify
    > 180 search assistant
    > a better internet
    > Serhs.exe trojan
    > cash back
    >
    > As a result, there was a corruption in the Winsock (the computer would not
    > surf the
    > internet), and I repaired that easily by using Winfix. Anyway, now the
    > machine will
    > not boot into safe mode, nor does the start menu open. The button pushes,
    > but then
    > stays 'in' and nothing opens or happens. It also will not open when I try
    > the windows
    > button on the keyboard (which I understand to be the start menu shortcut).
    > Other
    > shortcuts do work, such as windows+r to get the run box.
    >
    > Any ideas how to effect a repair? Owner does not want a clean install of
    > Windows
    > at this time.
    >
    > Thanks so much.
    >
    > --
    > Albert Frankenstein
    >
    >
     
    Mark, Sep 24, 2005
    #2
    1. Advertising

  3. Mark wrote: > Winfix in itself is a giant virus....bad move using it. See
    if you have the
    > virtumonde.g virus now.



    Oh gosh, you gave me a heart attack! Actually I used Winsockfix. Sorry for
    the typo. Whew!

    --
    Albert Frankenstein



    "Mark" <> wrote in message
    news:...
    > Winfix in itself is a giant virus....bad move using it. See if you have
    > the virtumonde.g virus now.
    >
    > "Albert Frankenstein" <> wrote in message
    > news:gifZe.4080$kH3.1803@trnddc01...
    >> Hello,
    >>
    >> Working on a Win 2000 Pro machine, removing malware. Owner had installed
    >> Win Antispyware
    >> 2005, which itself is malware, according to:
    >>
    >> http://www.spywarewarrior.com/rogue_anti-spyware.htm#products
    >>
    >> Some of the malware I removed using Spysweeper, Norton A/V, and Trend
    >> Micro on line
    >> scanner:
    >> moneytree
    >> internet optimizer
    >> winad
    >> hotbar
    >> java byteverify
    >> 180 search assistant
    >> a better internet
    >> Serhs.exe trojan
    >> cash back
    >>
    >> As a result, there was a corruption in the Winsock (the computer would
    >> not surf the
    >> internet), and I repaired that easily by using Winfix. Anyway, now the
    >> machine will
    >> not boot into safe mode, nor does the start menu open. The button
    >> pushes, but then
    >> stays 'in' and nothing opens or happens. It also will not open when I
    >> try the windows
    >> button on the keyboard (which I understand to be the start menu
    >> shortcut). Other
    >> shortcuts do work, such as windows+r to get the run box.
    >>
    >> Any ideas how to effect a repair? Owner does not want a clean install of
    >> Windows
    >> at this time.
    >>
    >> Thanks so much.
    >>
    >> --
    >> Albert Frankenstein
    >>
    >>

    >
    >
     
    Albert Frankenstein, Sep 24, 2005
    #3
  4. Albert Frankenstein

    smackedass Guest


    > Any ideas how to effect a repair? Owner does not want a clean install of
    > Windows
    > at this time.


    Too little too late, maybe, but I always preface my offer of spyware removal
    by saying, "This may or may not work, it probably will, but if it doesn't
    (shit always goes wrong, well, almost always), I will only bill toward the
    reinstall."

    And, the other saving caveat is, "Spyware and viruses certainly aren't good,
    but, even under the best of circumstances, it is recommended that your hard
    drive be reformatted and the OS re-installed once every 2 years".

    This way, the customer's expectations are realistically set, and if a
    spyware/virus removal works, you're the hero; if shit happens, you have your
    "out". Which is not a dishonest out.

    I charge $35 per hour, my maximum charge for spyware/virus removal/hardware
    maintenance is $140 (the cost of 4 hours). Sometimes, I try to remove crap
    for 3 1/2 hours, and still there is no difference; then, since I've made the
    preceeding statements, the customer is ok with the fact that for another 1/2
    hour ($17.50), their problem will be gone. Then the only thing that I have
    to be very concerned about, is getting as much data off of the computer,
    documents, spreadsheets, tax info, pics, music, favorites, desktop settings,
    etc., as well as mail settings, email, etc. So, in essence, I've chosen to
    eat the initial 3 1/2 hours, and it usually doesn't take that long to save
    the data, start from scratch, return the box, set it up, and make the
    customer feel good about the entire transaction.

    I try to be more than fair, and though I'm not a millionaire yet, I have had
    my fair share of repeat business, and referrals.

    Best wishes,

    smackedass
     
    smackedass, Sep 24, 2005
    #4
  5. Thanks, smackedass. I don't have a problem with the client. I suggested a
    clean install from the start, but he preferred I just pick at it, even
    though I did in fact inform him of the risks. I worked two hours on it, and
    he is actually going to try to limp along until November. In November he is
    upgrading his leased equipment to new, hopefully from me. But he only needs
    this computer to surf, and as long as a couple of programs work, with icons
    on the desktop, he is going to be happy.

    Me, on the other hand. I don't like to be defeated. That is why I am
    pursuing an answer on my own to figure out what to do next.

    It is all his choice, though. Of course, if things get worse because it is
    not completely clean, or some damage has been done, then I don't see that he
    has a lot of choices, ya know?

    Thanks again.

    --
    Albert Frankenstein


    "smackedass" <> wrote in message
    news:vqhZe.688$%L4.246@trndny02...
    >
    >> Any ideas how to effect a repair? Owner does not want a clean install of
    >> Windows
    >> at this time.

    >
    > Too little too late, maybe, but I always preface my offer of spyware
    > removal by saying, "This may or may not work, it probably will, but if it
    > doesn't (shit always goes wrong, well, almost always), I will only bill
    > toward the reinstall."
    >
    > And, the other saving caveat is, "Spyware and viruses certainly aren't
    > good, but, even under the best of circumstances, it is recommended that
    > your hard drive be reformatted and the OS re-installed once every 2
    > years".
    >
    > This way, the customer's expectations are realistically set, and if a
    > spyware/virus removal works, you're the hero; if shit happens, you have
    > your "out". Which is not a dishonest out.
    >
    > I charge $35 per hour, my maximum charge for spyware/virus
    > removal/hardware maintenance is $140 (the cost of 4 hours). Sometimes, I
    > try to remove crap for 3 1/2 hours, and still there is no difference;
    > then, since I've made the preceeding statements, the customer is ok with
    > the fact that for another 1/2 hour ($17.50), their problem will be gone.
    > Then the only thing that I have to be very concerned about, is getting as
    > much data off of the computer, documents, spreadsheets, tax info, pics,
    > music, favorites, desktop settings, etc., as well as mail settings, email,
    > etc. So, in essence, I've chosen to eat the initial 3 1/2 hours, and it
    > usually doesn't take that long to save the data, start from scratch,
    > return the box, set it up, and make the customer feel good about the
    > entire transaction.
    >
    > I try to be more than fair, and though I'm not a millionaire yet, I have
    > had my fair share of repeat business, and referrals.
    >
    > Best wishes,
    >
    > smackedass
    >
     
    Albert Frankenstein, Sep 24, 2005
    #5
  6. Albert Frankenstein

    Tony Guest

    >Me, on the other hand. I don't like to be defeated. That is why I am
    >pursuing an answer on my own to figure out what to do next.
    >
    >It is all his choice, though. Of course, if things get worse because it is
    >not completely clean, or some damage has been done, then I don't see that he
    >has a lot of choices, ya know?
    >
    >Thanks again.



    Did you try Last Known Good Configuration?

    If so and it didnt work.....DO this


    Boot to XP cd. Press R on Setup screen (for recovery console)

    Enter the # of the Windows version you wish to fix (usually 1)

    Enter Administrator's password - if any or just press Enter if none

    type chkdsk /r


    Let us know what happened.

    Tony
     
    Tony, Sep 25, 2005
    #6
  7. There is no guarantee that this will work but you might consider trying
    System File Checker first as in sfc /scannow and if that fails an upgrade
    install. SFC may ask for the install disk and or service pack files. An
    upgrade install will preserve the data and applications but require that you
    first install the service pack used and then all critical updates after
    doing it. You can do an upgrade install by popping the install disk into the
    cdrom drive while the operating system is running and being sure to select
    "upgrade" for installation type. This will also require that the product key
    be entered during the upgrade install. FYI if you do a fresh install to a
    formatted system drive a user on Windows 2000 or XP Pro will not be able to
    decrypt any files they may have encrypted with EFS afterwards. So always
    warn users to decrypt their files before repairs are attempted and/or backup
    their EFS certificate/private key to a password protected .pfx file.

    http://support.microsoft.com/default.aspx?scid=kb;EN-US;310747 --- info on
    SFC.

    I have found instances of malware running that a number of antivirus
    programs were not able to detect. I have found free tools from SysInternals
    very helpful in tracking such down. In particular I use Process Explorer,
    Autoruns, and TCPView. Process Explorer will show detailed info on running
    processes and give you the option to kill them. Often [but not always] a
    process that maps to an executable that does not include a publisher name is
    malware. Autoruns displays in detail the startup programs on a computer and
    gives you the option to disable them from starting up. TCPView shows what
    process/executable is mapped to a tcp/udp port. Also be sure to check the
    services on the computer using services.msc as some malware will install
    itself as a service which you can stop and disable if found. Process
    Explorer would show such by examining the properties tab for services for a
    process. RootkitRevealer from SysInternals is also a great advanced tool to
    check for root kits on a computer that will not be discovered by malware
    detection programs.

    http://www.sysinternals.com/Utilities/RootkitRevealer.html ---
    RootkitRevealer and link to SysInternals.

    I have never had a problem booting into Safe Mode but have heard of at least
    one other user having the same problem. I would check the logs using Event
    Viewer to see if anything is recorded that may prove to be helpful. Also
    keep in mind that you can use msconfig to do diagnostic or selective
    startup. Diagnostic startup would be much the same as Safe Mode and may be
    worth a try to see if you can do that. If you can use diagnostic startup
    then you would of course want to run your malware detection tools again.

    There have been times though that I have tried every trick that I know and a
    computer/operating system will still not work right and the ultimate
    solution is a fresh install of the operating system. I don't know why so
    many users fear that if someone that knows what they are doing is going to
    do the reinstall. My guess is that they are afraid that their data will be
    lost or more likely they do not have a legitimate copy of the operating
    system, do not have any copy of the operating system, or do not have
    installation media for their applications. --- Steve


    "Albert Frankenstein" <> wrote in message
    news:gifZe.4080$kH3.1803@trnddc01...
    > Hello,
    >
    > Working on a Win 2000 Pro machine, removing malware. Owner had installed
    > Win Antispyware
    > 2005, which itself is malware, according to:
    >
    > http://www.spywarewarrior.com/rogue_anti-spyware.htm#products
    >
    > Some of the malware I removed using Spysweeper, Norton A/V, and Trend
    > Micro on line
    > scanner:
    > moneytree
    > internet optimizer
    > winad
    > hotbar
    > java byteverify
    > 180 search assistant
    > a better internet
    > Serhs.exe trojan
    > cash back
    >
    > As a result, there was a corruption in the Winsock (the computer would not
    > surf the
    > internet), and I repaired that easily by using Winfix. Anyway, now the
    > machine will
    > not boot into safe mode, nor does the start menu open. The button pushes,
    > but then
    > stays 'in' and nothing opens or happens. It also will not open when I try
    > the windows
    > button on the keyboard (which I understand to be the start menu shortcut).
    > Other
    > shortcuts do work, such as windows+r to get the run box.
    >
    > Any ideas how to effect a repair? Owner does not want a clean install of
    > Windows
    > at this time.
    >
    > Thanks so much.
    >
    > --
    > Albert Frankenstein
    >
    >
     
    Steven L Umbach, Sep 25, 2005
    #7
  8. Albert Frankenstein

    JohnO Guest

    What do you guys do to immunize your personal machines?

    At work I often need to browse all sorts of odd websites while researching
    various topics, and I think I've found a decent strategy. I run AdAware,
    Spybot, and Microsoft Anti-Spyware all at the same time. Talk about warnings
    when I hit a drive-by spyware site...

    -John O
     
    JohnO, Sep 25, 2005
    #8
  9. Albert Frankenstein

    Jim Guest

    "JohnO" <johno@@&%heathkit##.com> wrote in news:5bwZe.9$cF6.7
    @newssvr30.news.prodigy.com:

    > What do you guys do to immunize your personal machines?


    Among other things, use a web browser that's not Internet Explorer.

    Jim
     
    Jim, Sep 25, 2005
    #9
  10. Albert Frankenstein

    PM Guest

    Albert Frankenstein wrote:
    > Hello,
    >
    > Working on a Win 2000 Pro machine, removing malware. Owner had installed
    > Win Antispyware
    > 2005, which itself is malware, according to:
    >
    > http://www.spywarewarrior.com/rogue_anti-spyware.htm#products
    >
    > Some of the malware I removed using Spysweeper, Norton A/V, and Trend Micro
    > on line
    > scanner:
    > moneytree
    > internet optimizer
    > winad
    > hotbar
    > java byteverify
    > 180 search assistant
    > a better internet
    > Serhs.exe trojan
    > cash back
    >
    > As a result, there was a corruption in the Winsock (the computer would not
    > surf the
    > internet), and I repaired that easily by using Winfix. Anyway, now the
    > machine will
    > not boot into safe mode, nor does the start menu open. The button pushes,
    > but then
    > stays 'in' and nothing opens or happens. It also will not open when I try
    > the windows
    > button on the keyboard (which I understand to be the start menu shortcut).
    > Other
    > shortcuts do work, such as windows+r to get the run box.
    >
    > Any ideas how to effect a repair? Owner does not want a clean install of
    > Windows
    > at this time.
    >


    If all else fails, try a repair installation of XP. But I would still
    back up his data beforehand just in case that only complicates the problem.
     
    PM, Sep 26, 2005
    #10
  11. Albert Frankenstein

    A Guest

    Owner then does not a working PC!!!

    "Albert Frankenstein" <> wrote in message
    news:gifZe.4080$kH3.1803@trnddc01...
    > Hello,
    >
    > Working on a Win 2000 Pro machine, removing malware. Owner had installed
    > Win Antispyware
    > 2005, which itself is malware, according to:
    >
    > http://www.spywarewarrior.com/rogue_anti-spyware.htm#products
    >
    > Some of the malware I removed using Spysweeper, Norton A/V, and Trend
    > Micro on line
    > scanner:
    > moneytree
    > internet optimizer
    > winad
    > hotbar
    > java byteverify
    > 180 search assistant
    > a better internet
    > Serhs.exe trojan
    > cash back
    >
    > As a result, there was a corruption in the Winsock (the computer would not
    > surf the
    > internet), and I repaired that easily by using Winfix. Anyway, now the
    > machine will
    > not boot into safe mode, nor does the start menu open. The button pushes,
    > but then
    > stays 'in' and nothing opens or happens. It also will not open when I try
    > the windows
    > button on the keyboard (which I understand to be the start menu shortcut).
    > Other
    > shortcuts do work, such as windows+r to get the run box.
    >
    > Any ideas how to effect a repair? Owner does not want a clean install of
    > Windows
    > at this time.
    >
    > Thanks so much.
    >
    > --
    > Albert Frankenstein
    >
    >
     
    A, Oct 17, 2005
    #11
  12. Albert Frankenstein

    Adam Leinss Guest

    "A" <> wrote in
    news:dj12pp$j20$-infra.bt.com:

    > Owner then does not a working PC!!!


    [snip]

    This coming from someone who did a partial OS upgrade and wants to back
    it out. Teapot calling the kettle black? :)

    >> Any ideas how to effect a repair? Owner does not want a clean
    >> install of Windows at this time.


    Check this page: http://www.leinss.com/antispyware.htm. Also, you
    could try running "sfc /scannow" from a command prompt to restore the
    original OS files to their rightful versions. Make sure your OS CD is
    at the same service pack level though (if Windows 2000 is at SP4 and
    the CD is anything less than that you will have trouble).

    Adam
     
    Adam Leinss, Oct 18, 2005
    #12
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Howie

    removing malware - frustrating and time consuming

    Howie, Mar 31, 2005, in forum: Computer Information
    Replies:
    0
    Views:
    397
    Howie
    Mar 31, 2005
  2. Howie

    Removing Malware - frustrating and time consuming

    Howie, Apr 2, 2005, in forum: Computer Information
    Replies:
    6
    Views:
    860
    Howie
    Apr 6, 2005
  3. Piet  Slaghekke
    Replies:
    4
    Views:
    1,129
    John Holmes
    Jan 2, 2007
  4. Replies:
    1
    Views:
    478
    John John (MVP)
    Oct 29, 2008
  5. Skybuck Flying
    Replies:
    2
    Views:
    735
    Skybuck Flying
    Nov 8, 2009
Loading...

Share This Page