1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Leftover Virtumonde trash

Discussion in 'Virus & Other Malware Removal' started by texmedic49, Sep 20, 2010.

Thread Status:
Not open for further replies.
Advertisement
  1. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,930
    the other MD5 was an older version of the file

    OK, so you can no longer get to a point where you can access task manager?
    there is, it's an add on that can be installed

    I'm not overly familiar with xPUD, Dave's the expert, he will be around later tonight.
     
  2. texmedic49

    texmedic49 Thread Starter

    Joined:
    Sep 20, 2010
    Messages:
    55
    One version is 89.6K and the other is 96.5K. I wonder what the difference is?
     
  3. texmedic49

    texmedic49 Thread Starter

    Joined:
    Sep 20, 2010
    Messages:
    55
    Yes, I can access task manager in safe mode
     
  4. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,930
    it will be the version of the file, they were likely created on different dates, the smaller one is probably older.

    can you no longer reach the task manager?
     
  5. texmedic49

    texmedic49 Thread Starter

    Joined:
    Sep 20, 2010
    Messages:
    55
    See my above reply...yes I can, in safe mode
     
  6. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,930
    sorry, just saw your last post, we posted at the same time


    which leads me to believe it's still an explorer.exe issue.

    do you have an installation disk or access to another explorer.exe from a clean machine, that is from the same version as your OS

    If so, copy it to the USB and paste it over in XPud, renaming the existing one to explorer.exe.old first
     
  7. texmedic49

    texmedic49 Thread Starter

    Joined:
    Sep 20, 2010
    Messages:
    55
    That was a question that I have been dreading...I don't know if I still have an XP disk or not. If I do, it will be a Gateway recovery disk, and not a "real" installation disk. I can probably get a copy of that file, but it will take a little while. Should I try to copy/paste from those other locations?
     
  8. texmedic49

    texmedic49 Thread Starter

    Joined:
    Sep 20, 2010
    Messages:
    55
    Oh, and how vital is it that the version of XP be the same?
     
  9. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,930
    It should definitely be the same version.

    Yes, please try copy/pasting from the other locations, but I suspect they are all corrupted as we have tried a few of the versions now, but try it, nothing to lose at this point.
     
  10. texmedic49

    texmedic49 Thread Starter

    Joined:
    Sep 20, 2010
    Messages:
    55
    Success! I found the restore CD that came with this machine. Is it of any use to us at this point?
     
  11. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,930
    yes

    it will have a clean copy of explorer.exe on it, plus you could try a repair install

    please do the following:


    1. Insert the original Windows XP CD and reboot the computer.
    2. When the Windows XP Setup has started, press "R" to "repair the Windows XP installation using Recovery Console".
    3. Select the Windows installation to repair (generally this is C:\Windows) by typing its number (usually 1) and then pressing ENTER.
    4. Type the Administrator password and press ENTER. (if you don't have one - just hit enter)
    5. Type the following commands:

    D: [ENTER]
    CD I386 [ENTER]
    EXPAND EXPLORER.EX_ C:\WINDOWS\ [ENTER]

    NOTE: If your CD-ROM drive has a different letter assigned to it other than D, enter "X:" instead, where "X" is the appropriate drive letter.


    After entering "EXPAND EXPLORER.EX_ C:\WINDOWS\" you should see the text "1 file(s) copied", in which case all went well.

    Remove the Windows XP CD, type "EXIT" and press ENTER to restart your computer.


    see if that solves the issue



    If not, try a repair installation

    Start the computer from the installation CD

    When you see the following message displayed on the Welcome to Setup screen, press ENTER:

    To setup Windows XP now, press ENTER.

    At this point an option to press R to enter the Recovery Console is displayed. Do not select this option this time

    On the Windows XP Licensing Agreement screen, press F8 to agree to the license agreement.

    Make sure that your current installation of Windows XP is selected in the box, and then press the R key to repair Windows XP.

    Follow the instructions on the screen to complete Setup.
     
  12. texmedic49

    texmedic49 Thread Starter

    Joined:
    Sep 20, 2010
    Messages:
    55
    that isn't what happened...it wanted to wipe the disk. Not good. Is there a way to get into the cab files and copy out what we need? I would assume so.
     
  13. texmedic49

    texmedic49 Thread Starter

    Joined:
    Sep 20, 2010
    Messages:
    55
    I tried starting it again, it tells me the windows/config/system file is missing or corrupted. I guess that is the end of it?
     
  14. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,930
  15. texmedic49

    texmedic49 Thread Starter

    Joined:
    Sep 20, 2010
    Messages:
    55
    No to both...it fired right up and told me all will be lost if I proceed. I just wish I could unpack those cab files on this machine...

    Lemme try the SP3 download.
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/951189

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice