Gateway MX6930 Laptop with slowing, hanging and (finally) infection problems. - Page 2

**cybertech** · 26-Apr-2008, 12:10 PM **#16**

Before you run AVG Anti Rootkit you should clean out your temp files to prevent false detections.

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

Click Exit on the Main menu to close the program.

Click here to download AVG Anti Rootkit and save it to your desktop.
Double-click on avgarkt-setup-1.1.0.42.exe to install it.
Click "I Agree" to agree to the EULA.
By default it will install to "C:\Program Files\GRISOFT\AVG Anti-Rootkit".
Click "Next" to begin the installation then click "Install".
It will then ask you to reboot now to finish the installation.
Click "Finish" and your computer will reboot.
After it reboots, double-click on the AVG Anti-Rootkit shortcut that is now on your desktop.
Click on the Perform in-depth search button to begin the scan.
The scan will take a while so be patient and let it complete.
When the scan is finished, click the Save result to file button.
Save the scan results to your desktop then copy and paste them in your next reply to this thread.

Granisalo · 04-May-2008, 06:50 PM **#17**

Thanks for waiting Cybertech - appreciated :-)
'have effected previous instructions, viz. ATF Cleaner and AVG Anti-rootkit.

Result from AVG Anti-rootkit:
"Congratulations - there were no installed rootkits found on your computer" - (hence no log generated apparently).

While that's somewhat comforting, it's not definitive clearance is it ?
BTW - I had also (some days previously) run the Panda Anti-rootkit and the Sybot "rootalyser" anti-rootkit progs - with the same result.

Prior to advising running the ARK detection, you suggested running DrWeb-cureit: I googled that and found that it may now be called simply "Cureit" with the suggestion that "DrWeb-cureit" might be an old file which could need updating: any comment?

What should we do next please ? :-)
Thanks, G

**cybertech** · 05-May-2008, 09:52 AM **#18**

The only way you will ever be sure that nothing is lurking is to format and reload the machine. I can not give you the 100% clean you are looking for.

At this time I would suggest you backup your data and do a full format and reload.

Granisalo · 07-May-2008, 04:19 PM **#19**

Thanks very much for your comment and suggestion - but "There's hole in the bucket dear Liza, dear Liza". Re. the very start of this thread, I explained that formating and reloading didn't appear to be a possibility - for the reason cited and I was hoping that Techguy experts might just find a reasonable cure for the problem: are you saying that there is nothing other than this we can do?
While you personally (MVP) are a 'big gun' (and of course respected) is it possible the ship may finally be sunk by bringing further big-guns to bear?
Regards, G

**cybertech** · 07-May-2008, 05:15 PM **#20**

You asked for "definitive clearance". Format and reload is that.

Different products, anti-malware and anti-virus, will find faults in the restoration partition. These are such as mywebsearch which is an option that you can remove even if you can not stop it from loading.

Granisalo · 08-May-2008, 04:26 PM **#21**

If I feel that the d: partition is indeed infected - it would be futile to burn this and restore from the resulting disk - so what else can we do please?
Your replies are very cryptic :-) and I don't understand your final sentence: could you please elaborate?
Thanks. G

**cybertech** · 08-May-2008, 06:16 PM **#22**

If you do not want to use the restore feature built into the machine you would need to purchase a new copy of the OS to put on the machine.

To elaborate further on my final sentence I would first need the information about what is found on the d: drive that is infected. Name of file and infection found by what product.

Granisalo · 10-May-2008, 01:49 PM **#23**

To clarify:
1. I have the O/S on the single CD suplied by Gateway.
2. Apparently Gateway place the "programs and drivers" in a single (iso?) file on the d: partition which is supposed to be protected by "PCAngel" - as previously explained - and which is supposed to be used together with the CD to effect a total (or partial) recovery.
3. You asked me the same question in your post #10 to which I replied in my post #11 - so you have that info.
G

**cybertech** · 10-May-2008, 02:55 PM **#24**

All of these files can be deleted unless you know what they are:
c:\xthinkc\Windows\help\drvspace_result.htm
c:\xthinkc\Windows\help\hwconf_result.htm
c:\xthinkc\Windows\help\lan_result.htm
c:\xthinkc\Windows\help\mdirx_result.htm
c:\xthinkc\Windows\help\mmsn_result.htm
c:\xthinkc\Windows\help\msdos_result.htm
c:\xthinkc\Windows\help\pcmcia_result.htm
c:\xthinkc\Windows\help\print_result.htm

Granisalo · 17-May-2008, 08:08 PM **#25**

Thanks - could you please say how these files were generated? - are they usually regenerated?
What of the other files?
I found it's possible to aquire what I think is a complete drive image DVD from Gateway: I will check it out when it arrives and comment back.

Search
Search in:
Show Threads Show Posts
Advanced Search

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)