Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Windows XP Windows XP
Search Search
Search for:
Tech Support Guy > > >

Removed Virus's now XP almost dead please help.


(!)

Tarifa_Pirate's Avatar
Tarifa_Pirate Tarifa_Pirate is offline
Junior Member with 7 posts.
THREAD STARTER
 
Join Date: Nov 2011
Experience: Advanced
17-Nov-2011, 09:02 AM #1
Removed Virus's now XP almost dead please help.
Hi all, This is my first post and I am sure will not be my last lol

I have a friends XP SP3 pro desktop that got infected with the Rootkit.zeroaccess virus plus a few others.
I removed them using a kaspersky boot rescue cd and also ran malwarebytes and combofix.
My problems started after rebooting back into xp the explorer.exe errored and even trying to start using task manager run command gave the same error i tried for hours to find a way to fix this error but gave up and did a xp repair using a XP SP2 pro disk that he had.
the repair errored on access denied copying the following xp files during the repair install:
cmmgr32.exe
migwix.exe
muzapp.exe
xpsviewer.exe
when the repair finished xp booted to the desktop all icons were back but no taskbar (or off the bottom of the screen)
my problem now is I cannot install SP 3 because the cryptograghic service is not running also the RPC service is not running (could not start the RPC service access is denied error 5)
Opening services i can see that alot of services are not running infact only about 12 are running.

It is not possible to right click properties on the services (nothing happens).
I managed to get the pc back on the internet using winsockfix
I think also the nvidia drivers are now damaged or corrupted but cannot install or uninstall nearly anything because i get the error windows installer may be running in safe mode.
error your version of vbalsgrid6.ocx may be outdated now when trying to run malwarebytes.

basically its a big mess and i dont know where to go from here. I cannot do a fresh re-install as my friend has loads of programs that he has had for years that he cannot get again. and a lot of user settings for those programs.

any suggestions please.

I have at my disposal a UBCD4win and another xp pro sp3 desktop that im typing this on.

I was thinking of running a repair using my oem xp pro sp3 cd to see if it improves anything?
Elvandil's Avatar
Computer Specs
Moderator with 51,993 posts.
 
Join Date: Aug 2003
Location: Vermont
Experience: "Been through the mill."
17-Nov-2011, 09:07 AM #2
You should never attempt to install a service pack on a machine that is not running perfectly. A service pack is the equivalent of an OS upgrade and changes the system in basic ways. Would you try to upgrade XP to 7 when it wasn't running very well and maybe was even infected?

The problem with boot CD's is that you can easily remove important system files without realizing it. You need to keep close track of what is removed so that any missing system files can be replaced. (That's why I like BitDefender - it keeps a log of what it did on the hard drive).

It sounds like access to some parts of the system is not possible. You may be better off just installing a fresh version of XP.

Running a repair with the XP SP3 CD may be a good thing to try. It is always better, when installing service packs, to install them by running a repair installation with the CD that already has the service pack than it is to try to install the service pack in Windows. It avoids a lot of the problems and saves space on the drive, too. Setup also has better access to the system than updates do, so it may work when access is denied to some directories.

If possible, I would uninstall antivirus and antimalware before the installation. Also Daemon Tools, if present.

============================================

Tell your "friend" that if he doesn't have a backup, he should expect to lose everything. All hard drives will fail unless they are not used.

Free drive backup software (imaging, cloning, and archiving):

Paragon Backup & Recovery (Recovery boot CD or USB key)
Macrium Reflect (Free)
O&O Disk Image Express
Easeus Todo Backup
Redo Backup & Recovery (Boot CD)
Comodo Time Machine (Complete system, files, programs, and settings restoration, but not "bare-metal" for failed drive)
Clonezilla Live (A bootable CD of Debian with Clonezilla.)
Drive Image XML
PING (Partimage is not Ghost) (Boot CD with option Clam Antivirus)
Partition Saving
Clonezilla

There are also many commercial products with more features.
__________________
Microsoft MVP
異驚の界世 ípןɹoʍ ǝɥʇ ɟo sɹǝpuoʍ ǝɥʇ ɟo ǝuo sı ǝpoɔıun ʞuıɥʇ ı

Last edited by Elvandil; 17-Nov-2011 at 09:15 AM..
Tarifa_Pirate's Avatar
Tarifa_Pirate Tarifa_Pirate is offline
Junior Member with 7 posts.
THREAD STARTER
 
Join Date: Nov 2011
Experience: Advanced
17-Nov-2011, 09:14 AM #3
Ok thanks i will try the XP sp3 cd repair now, I only tried to install sp3 on the pc because the first repair was only xp sp2 cd (all i had at the time).
Elvandil's Avatar
Computer Specs
Moderator with 51,993 posts.
 
Join Date: Aug 2003
Location: Vermont
Experience: "Been through the mill."
17-Nov-2011, 09:26 AM #4
It's worth a try. Good luck.
Rockn's Avatar
Computer Specs
Member with 21,189 posts.
 
Join Date: Jul 2001
Location: Somalia of the North, MN
Experience: Disenfranchised American
17-Nov-2011, 10:25 AM #5
A system restore may have been an idea, but not knowing the point where the computer became infected would be a crap shoot. Rootkits are very hard to get rid of if your system is not up to date patch wise and have marginal AV software.
Elvandil's Avatar
Computer Specs
Moderator with 51,993 posts.
 
Join Date: Aug 2003
Location: Vermont
Experience: "Been through the mill."
17-Nov-2011, 10:36 AM #6
Quote:
Originally Posted by Rockn View Post
A system restore may have been an idea, but not knowing the point where the computer became infected would be a crap shoot. Rootkits are very hard to get rid of if your system is not up to date patch wise and have marginal AV software.
He's already done an installation. The restore points were gone a long time ago. They would disappear with the service pack installation, too, since they would be from an earlier operating system after the upgrade.
Rockn's Avatar
Computer Specs
Member with 21,189 posts.
 
Join Date: Jul 2001
Location: Somalia of the North, MN
Experience: Disenfranchised American
17-Nov-2011, 10:39 AM #7
Yea, i don;t suppose it would do much good either since rootkits create hidden partitions for their nefarious activities.
Tarifa_Pirate's Avatar
Tarifa_Pirate Tarifa_Pirate is offline
Junior Member with 7 posts.
THREAD STARTER
 
Join Date: Nov 2011
Experience: Advanced
17-Nov-2011, 11:30 AM #8
Ok did the XP repair using my SP3 pro oem cd but during the copying files part the following files could not be copied and I Esc to bypass them.
CD is not scratched and the dvd drive is ok.
so I assume there is another reason these particular files were not allowed to be copied onto the drive?

Can anybody see a pattern here as to why these files in particular.

@25%
Cmnicfg.xml
dwil1033.dll
ipcfg.xml
kodak_dc.icm
osinfo.xml
potscfg.xml
pppcfg.xml
srgb.icm
is330.icm

@70%
cscript.mui
jscript.mui
mmc3or.dll
mmcexr.dll
mmcfxcr.dll
msscript.mui

@80%
ndisnpp.dll
nppagent.exe
scrobj.mui
scrun.mui
vbscript.mui
wscript.mui

wshext.mui
wshom.mui
archvapp.inf
cobramsg.dll
guitrn.dll
guitrna.dll
iconlib.dll
log.dll
migapp.inf
migism.inf
migism.dll
migload.exe
migsys.inf
miguser.inf
migwix.exe
migwiza.exe
migwiz.inf
migwiz.man
script.dll
scripta.dll
sysfiles.inf
sysmod.dll

surprised it loads with that lot missing lol
Tarifa_Pirate's Avatar
Tarifa_Pirate Tarifa_Pirate is offline
Junior Member with 7 posts.
THREAD STARTER
 
Join Date: Nov 2011
Experience: Advanced
17-Nov-2011, 12:26 PM #9
upon reboot says could not load installer for cd, disk, wireless card, nvidia,
also a copy error
an error ocurred while copying file migregdb.ex_
lhmstsc.mui

now a whole load of files failed to copy during installing start menu items
Elvandil's Avatar
Computer Specs
Moderator with 51,993 posts.
 
Join Date: Aug 2003
Location: Vermont
Experience: "Been through the mill."
17-Nov-2011, 02:36 PM #10
Uncopied files are most likely due to bad RAM.

MemScope (Floppy and CD images.)
Roadkil's RAM Test
Microsoft Memory Test (floppy or CD ISO image)
Memtest86

If you have enough memory sticks, you can test them by removing one at a time and see if the problem disappears.

If you are running Vista or 7, tap F8 on boot and choose the memory diagnostic, or if you can boot up, go to Start > Search and type:

mdsched.exe

Choose to run a memory diagnostic on next boot. Or, you can boot from the DVD and run it from there.
Tarifa_Pirate's Avatar
Tarifa_Pirate Tarifa_Pirate is offline
Junior Member with 7 posts.
THREAD STARTER
 
Join Date: Nov 2011
Experience: Advanced
18-Nov-2011, 02:50 AM #11
Ok i will try taking all but one stick out and try the repair again, I have got memtest86 and others on the UBCD4win so will run that on the remaining stick before i attempt the repair again.
The only reason i didnt think it was a bad ram problem is because apart from those files not copying it runs without freezing or blue screening.
One thought i had is that the profile is damaged because it seems if i dont have access to the drive as an administrator or just file access permissions is not as it should be.
Tarifa_Pirate's Avatar
Tarifa_Pirate Tarifa_Pirate is offline
Junior Member with 7 posts.
THREAD STARTER
 
Join Date: Nov 2011
Experience: Advanced
21-Nov-2011, 06:25 AM #12
I ended up backing up everything using UBCD and then format and re-installing just for other people reference these virus's are a nightmare to remove and even if you do you can be sometimes left with a OS full of errors. I have recommended to my friends he pays 40euros and puts Eset smart security on his system like i use its much better than the free ones.

thanks everyone for help.
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑