1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Flood of Malware

Discussion in 'Virus & Other Malware Removal' started by cooper29, Mar 24, 2010.

Thread Status:
Not open for further replies.
  1. cooper29

    cooper29 Thread Starter

    Mar 24, 2010

    My laptop (Dell Vostro 1500, XP) started freezing up yesterday and my AV began to notify me of all sorts of malware. I ran Spybot S&D in safe mode, and then again at start up - it caught a whole series of infections and supposedly fixed them. I ran it again and it detected no threats, but AV continues to note threats and there are all sorts of weird processes popping up on my task manager (odbnsy.exe, usr_.exe, etc.).

    Help would be much appreciated!

    Tried to run an HJT log after normal startup, but it keeps freezing up before completing. Here is an HJT log from safe mode:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:26:44 AM, on 2010-03-24
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Safe mode

    Running processes:
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    c:\documents and settings\philbo\rundll32 .exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1071023
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    F2 - REG:system.ini: Shell=Explorer.exe rundll32.exe bfvf.bxo dompgam
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,
    O2 - BHO: C:\WINDOWS\system32\grlj5u9hwd.dll - {A9BA40A1-74F1-52BD-F434-00B15A2C8953} - C:\WINDOWS\system32\grlj5u9hwd.dll
    O2 - BHO: (no name) - {e27249f9-4e81-48f8-9bde-e4fb923dd67a} - sajijade.dll (file missing)
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
    O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
    O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe /r
    O4 - HKLM\..\Run: [SbUsb AudCtrl] RunDll32 sbusbdll.dll,RCMonitor
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [OEM02Mon.exe] C:\WINDOWS\OEM02Mon.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe
    O4 - HKLM\..\Run: [MsXSLT] C:\WINDOWS\system32\msxslt3.exe
    O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe
    O4 - HKLM\..\Run: [syncman] c:\windows\system32\wuaucldt.exe
    O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [netc] C:\WINDOWS\svc.exe
    O4 - HKLM\..\Run: [odnexy] C:\WINDOWS\odbnsy.exe
    O4 - HKLM\..\Run: [suwijeruke] Rundll32.exe "jemitawa.dll",s
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\PhilBo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [cleansweep.exe] C:\cleansweep.exe\cleansweep.exe
    O4 - HKUS\S-1-5-21-3231177547-2021082572-1560321141-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
    O4 - HKUS\S-1-5-21-3231177547-2021082572-1560321141-1006\..\Run: [Google Update] "C:\Documents and Settings\PhilBo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c (User '?')
    O4 - HKUS\S-1-5-21-3231177547-2021082572-1560321141-1006\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User '?')
    O4 - HKUS\S-1-5-21-3231177547-2021082572-1560321141-1006\..\Run: [cleansweep.exe] C:\cleansweep.exe\cleansweep.exe (User '?')
    O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
    O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O22 - SharedTaskScheduler: jsg9dgjisdogje94guiofjgd - {A9BA40A1-74F1-52BD-F434-00B15A2C8953} - C:\WINDOWS\system32\grlj5u9hwd.dll
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: COMServer - Unknown owner - C:\WINDOWS\system32\msapps\comsrvr.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Unknown owner - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: M-Audio Fast Track Installer (FastTrackInstallerService) - Avid Technology, Inc. - C:\Program Files\M-Audio\Fast Track USB\MAUSBFTInst.exe
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Update Service (gupdate1ca1b9c71103f3e) (gupdate1ca1b9c71103f3e) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: Windows Firewall/Internet Connection Sharing (ICS) SharedAccessEvtEng (SharedAccessEvtEng) - Unknown owner - C:\WINDOWS\system32\appendv.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: svcmsdebug - Unknown owner - C:\WINDOWS\system32\svcmsdebug.exe
    O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

    End of file - 9659 bytes
  2. shinybeast

    shinybeast Malware Specialist

    Sep 29, 2008
    Hi cooper29,

    That's a flood alright.

    One or more of the identified infections is a backdoor trojan.

    This allows hackers to remotely control your computer, steal critical system information and download and execute files

    I strongly suggest you disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

    Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of backdoor trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

    How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

    When Should I Format, How Should I Reinstall

    We can attempt to clean this machine but I cannot guarantee that it will be secure afterwards. I suggest you reformat and reinstall Windows.

    Should you have any questions, please feel free to ask.

    Please let me know what you have decided to do in your next post
  3. cooper29

    cooper29 Thread Starter

    Mar 24, 2010
    Thanks for the reply. Wow, that's bad news.

    I shut off the computer's wireless and have had it shut down completely since my last post. I'm now in the process of changing my passwords for pretty much everything.

    Other than looking for abnormal activities on my online statements, etc. (of which I have not found any), are there any telltale signs that somebody has been trying to exploit the backdoor to actually DO anything?

    In any case, if a reformat/reinstall is the only truly safe option, then that's what I'll do. However, I do have lots of files (pictures, music, etc.) that I would like to get off the computer first. With the understanding that I won't connect it to the internet while doing so, what is the danger associated with backing up media to DVDR?

    Also, would you be able to provide any advice/help on the reformatting process? Having read the article you linked, it seems like it has the potential to be a bit complicated (at least for me).

    Thanks again.
  4. shinybeast

    shinybeast Malware Specialist

    Sep 29, 2008
    Hi cooper29,

    Unfortunately, I can't say from here if any real harm has been done. If your password protected accounts have not been compromised, there is a chance that the backdoor has not been fully "utilized." If you can still access password protected resources and change the password from a known clean computer, then there is a decent chance that no significant harm will be done. It is best to take precautions nonetheless and contact financial institutions just in case. Identity theft is a terrible thing.

    As far as backing up files to DVDr, that's fine; but only backup data (pictures, documents, music files, bookmarks/favorites, etc.).

    Do not back up programs or installers for programs. Restore the program from an official install disc or download the installer from a known good source after re-installing Windows.

    I think that Vostro 1500 originally shipped with Vista.

    How was XP put onto the computer?
    Are the MediaDirect and Factory Image disk partitions still present? Or were they wiped out to install XP?
    Do you have a genuine XP CD?
  5. cooper29

    cooper29 Thread Starter

    Mar 24, 2010
    Thanks again.

    Point taken regarding precautions, as well as backing up only data, not applications or installers. Will do.

    This particular Vostro 1500 came with XP (though I think it was in the minority in that regard), and I do still have the genuine CD.

    Regarding MediaDirect and Factory Image disk partitions, I admit I'm a little out of my depth. The HD has never been reformatted before, though XP has been reinstalled from disk on one prior occassion. I do have additional CDs including one containing a set of Dell drivers - I'll need to look through them when I get home to give more detail.
  6. cooper29

    cooper29 Thread Starter

    Mar 24, 2010
    This may be a silly question, but just to be cautious:

    It seems that all of this malware has basically cut my ability to use pretty much any software on the machine, and thus to burn any of my data to DVDr. I have, however, had success dragging a small amount of urgently-needed data onto a thumb drive. Based on this, I bought myself an external HD that can hold all of the data on my laptop HD, and which should make transferring all the data much easier than using DVDrs.

    Just wondering, if I stick to the same rule of transferring only data, not applications or installers, is transferring this data to an external HD in any way less secure than using DVDr? I can't think why it would be, but I wanted to be sure before I plug this thing in.
  7. shinybeast

    shinybeast Malware Specialist

    Sep 29, 2008
    Hi cooper29,

    Some types of infection will spread to any available drive that can be written to. HijackThis does not show everything so I cannot be sure if it would be completely safe or not. You can "vaccinate" the drive if you can run a program such as one from Panda. You could do this after restoring the computer. You would install the vaccination program and configure it to vaccinate when a USB drive is plugged in. Then plug in the drive with the backup data and you should be safe. After restoring the computer and installing an anti-virus, it wouldn't hurt to scan the external with your anti-virus before moving the data back on to the computer. Some music and video files can contain malware as well.

    If you boot up and press ctrl + F11, is there an option for PC Restore? You may be able to restore the factory image which would save time and work. You would then only need to get updates, anti-virus and install extra software.
  8. cooper29

    cooper29 Thread Starter

    Mar 24, 2010
    Okay, just to clarify, the following steps should be safe:

    1. Copy data from infected HD to external HD.
    2. Reformat infected HD and reinstall XP.
    3. Download Panda program and set it to vaccinate on USB connect.
    4. Scan external HD for viruses (using Spybot SD?)
    5. Copy data from external HD to reformatted HD.

    Is that right?
  9. cooper29

    cooper29 Thread Starter

    Mar 24, 2010
    Sorry - and to answer your question: no, ctrl+F11 does not seem to give me a reformatting option.

  10. shinybeast

    shinybeast Malware Specialist

    Sep 29, 2008
    Do you have a cd of drivers for the hardware as well as the XP cd? Otherwise, I suggest you download any drivers you may need from here. You should have the chipset and network drivers (and or wireless, if you cannot connect to the internet otherwise) at a minimum ready to go after you reinstall XP. The audio, video, wireless and input device drivers would be good to have also, but you can get those afterwards. If you have a cd provided by Dell with those drivers already, so much the better.

    Device Manager, which should be accessible in Safe Mode, should give you info on the specific hardware the computer has. Also, after XP is installed, Device Manager can tell you what drivers you need to install. Click Start, click Run..., type devmgmt.msc and press Enter to start Device Manager.

    If the computer has a recovery partition, access to it could have been lost when XP was reinstalled in the past.

    1. Copy data
    2. Make sure you have necessary hardware drivers ready to go.
    3. Reformat and install XP
    4. Install anti-virus
    5. Install drivers, chipset first, followed by others you may need. (Use device manager to check)
    6. Update Windows
    7. Download Panda program and set it to vaccinate on USB connect.
    8. Scan data with anti-virus, I recommend one of the AVs I list below.

    As far as scanning the data, you should use a good anti-virus. I recommend one of the free ones listed below.

    This is a portion of my speech for when reformatting and re-installing Windows.

    Before you reinstall Windows:

    Make sure you understand and check the viability of the method you possess to install Windows.

    • Major manufacturer computers (Dell, HP, etc.) often have recovery partitions on the hard drive that contain a factory image of the hard drive that can be used to recreate Windows. Check the manufacturer's website to learn how to access and restore the image.
    • Major manufacturers also may include recovery media (CDs or DVDs) that contain Windows, drivers, and software to restore the computer to it's original state. Again, visit the manufacturer's website to learn how to use the recovery media to restore the computer.
    • If you do not have a major manufacturer computer, you should have a genuine Windows CD or DVD. On a known clean computer, download all drivers necessary before you start. You may also have discs that came with your particular hardware that contain the necessary drivers. Store downloaded files on clean removable media (CD, flash drive or external hard drive).
    • A tutorial on re-formatting and re-installing Windows can be found at http://forums.whatthetech.com/How_Reformat_Reinstall_your_Operating_System_t91962.html

    In all cases:

    • Make sure you have the Windows product key so that, if necessary, you can validate Windows after re-installation.
    • Locate and back up keys for any other software you have that requires them.
    • Only backup data (pictures, documents, music files, bookmarks/favorites, etc.).
    • Do not back up programs or installers for programs. Restore the program from an official install disc or download the installer from a known good source after re-installing Windows.
    • On a known clean computer, download the installer for the anti-virus of your choice or have the disc available for your purchased security software. Having an up to date and functioning anti-virus is the most important preventative measure you can take to avoid malware infections. Also, running more than one anti-virus is of no benefit and can actually reduce the security of your computer.
    • Some free anti-virus recommendations:
    • After Windows is reinstalled and an anti-virus is installed, UPDATE Windows before doing anything else (see below).

    Implementing the following suggestions will greatly reduce your chances of malware problems in the future.

    Update Windows

    It is important to keep Windows and Microsoft programs updated to close vulnerabilities as they are discovered.

    I suggest that you occasionally visit Microsoft Update and install all important updates. Please visit Microsoft Update as soon as possible as described below.

    Close all windows and temporarily disable your anti-virus (usually through a tray icon)

    Use Internet Explorer to visit this site: http://update.microsoft.com/microsoftupdate/v6/default.aspx?ln=en-US

    Once the page loads follow instructions to install all critical updates. You may need to repeat this process until fully updated.

    Keep installed programs up to date

    Most important is keeping your anti-virus software up to date. An out of date anti-virus is not much better than no anti-virus. If your anti-virus is not set to update automatically (preferred), it is imperative that you occasionally update it manually. You usually can accomplish this through a tray icon.

    Update Other Vulnerable Software
    Malware writers are increasingly targeting vulnerabilities in commonly used applications. There are several online sites which will scan your computer for outdated software. I've listed two below. I recommend occasionally visiting and scanning your computer to detect vulnerable software that should be updated.
    Secunia Online Software Inspector
    F-Secure Health Check

    Mozilla Firefox Plug-in Check
    If using Firefox, Click here to visit Mozilla, check your plug-ins and update them as necessary.

    Best Practices for Email and Downloaded Files.

    • Do not read emails from unknown sources.
    • Make it a habit to never open email attachments from anyone, including people you know, unless you absolutely have to. If you need to open an attachment, scan it with your anti-virus before you open it.
    • Do not use Peer to Peer software to "share" media and software. You will get more than you expected and the "bonus" will not be something you want and will bring you back seeking help.
    • Do not use keygens or hacked software. First, it is stealing. Second, it is almost always infected with something. If you cannot afford to buy something, there is likely a free alternative that will be a good substitute. Search around and seek out advice from a trusted forum. Most will be glad to tell you of their favorite free program that performs the job you want done.

    Additional Protection Programs

    The programs listed below are excellent for improving your computer's security.

    WinPatrol by Bill Pytlovany - "WinPatrol is a multi-purpose utility designed to increase performance and protect against unwanted changes." Information on it's many features can be found here

    MVPS Hosts file - A replacement HOSTS file that redirects known malicious and ad serving sites to the localhost, thus preventing connection to them.
    Note: MVPS Hosts file can sometimes slow down the computer so read the information on the site to mitigate this effect.

    I encourage you to check out miekiemoes' article "How to prevent Malware:"

    If you have any questions about these suggestions, I would be happy to answer them.
  11. cooper29

    cooper29 Thread Starter

    Mar 24, 2010
    This is so helpful.

    I have 2 CDs:
    1. Windows XP SP2 Reinstallation CD
    2. Dell Drivers and Utilities

    Is it safe to assume that the chipset and network drivers are on the Drivers and Utilities disc? Is it still advisable to check the Device Manager? I haven't installed any additional hardware.

    Also, how can I tell whether the recovery partition is still accessible after the prior Windows reinstall?
  12. shinybeast

    shinybeast Malware Specialist

    Sep 29, 2008
    I think it would be safe to assume the driver disc has all you need if you haven't changed any hardware. There may be updated drivers on the Dell site, but what is on the disc should get you going.

    IF there are diagnostic and recovery partitions on the hard drive, installing Windows would have overwritten the custom Dell Master Boot Record (MBR) with a generic Windows MBR and that is how access would have been lost. You can run this .vbs script (it should run in safe mode) and see what it says about the hard drive. If it does exist, there will be three partitions listed, one would be a small diagnostic partition, another would be a larger (several GB) recovery partition and the third would be the largest (where Windows is installed). If only one partition is listed, then there is no recovery partition. As far as getting it back, if it exists, you can try DSRFix after some studying (the worst that could happen though is that you might have to reinstall Windows if it failed.) Installing Windows before hand will not make a difference as long as the partition exists and is in tact.
  13. cooper29

    cooper29 Thread Starter

    Mar 24, 2010
    Ok, so do I run the VBS script before or after reformatting?
  14. shinybeast

    shinybeast Malware Specialist

    Sep 29, 2008
    It doesn't really matter. Just run it when you want the info.
  15. cooper29

    cooper29 Thread Starter

    Mar 24, 2010
    So, after copying my data to the external HD, I started the reformatting process as described in the WhatTheTech link you included. On getting to the step where I chose the drive to reformat, it gives the following options:

    -: Partition1 [FAT] 78MB (70MB free)
    C: Partition2 [NTFS] 111835MB (18364 free)
    E: Partition3 <MediaDirect> [FAT32] 2557MB (997 MB free)

    I'm assuming that this indicates the diagnostic and recovery partition exists, but I'm not sure if/how this affects my process going forward. Do i just go ahead and reformat C and then try DSRFix after reinstalling Windows and updating AV and drivers?
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/912247

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice