1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Removed Virus's now XP almost dead please help.

Discussion in 'Windows XP' started by Tarifa_Pirate, Nov 17, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. Tarifa_Pirate

    Tarifa_Pirate Thread Starter

    Joined:
    Nov 17, 2011
    Messages:
    7
    Hi all, This is my first post and I am sure will not be my last lol

    I have a friends XP SP3 pro desktop that got infected with the Rootkit.zeroaccess virus plus a few others.
    I removed them using a kaspersky boot rescue cd and also ran malwarebytes and combofix.
    My problems started after rebooting back into xp the explorer.exe errored and even trying to start using task manager run command gave the same error i tried for hours to find a way to fix this error but gave up and did a xp repair using a XP SP2 pro disk that he had.
    the repair errored on access denied copying the following xp files during the repair install:
    cmmgr32.exe
    migwix.exe
    muzapp.exe
    xpsviewer.exe
    when the repair finished xp booted to the desktop all icons were back but no taskbar (or off the bottom of the screen)
    my problem now is I cannot install SP 3 because the cryptograghic service is not running also the RPC service is not running (could not start the RPC service access is denied error 5)
    Opening services i can see that alot of services are not running infact only about 12 are running.

    It is not possible to right click properties on the services (nothing happens).
    I managed to get the pc back on the internet using winsockfix
    I think also the nvidia drivers are now damaged or corrupted but cannot install or uninstall nearly anything because i get the error windows installer may be running in safe mode.
    error your version of vbalsgrid6.ocx may be outdated now when trying to run malwarebytes.

    basically its a big mess and i dont know where to go from here. I cannot do a fresh re-install as my friend has loads of programs that he has had for years that he cannot get again. and a lot of user settings for those programs.

    any suggestions please.

    I have at my disposal a UBCD4win and another xp pro sp3 desktop that im typing this on.

    I was thinking of running a repair using my oem xp pro sp3 cd to see if it improves anything?
     
  2. Elvandil

    Elvandil

    Joined:
    Aug 1, 2003
    Messages:
    51,988
    You should never attempt to install a service pack on a machine that is not running perfectly. A service pack is the equivalent of an OS upgrade and changes the system in basic ways. Would you try to upgrade XP to 7 when it wasn't running very well and maybe was even infected?

    The problem with boot CD's is that you can easily remove important system files without realizing it. You need to keep close track of what is removed so that any missing system files can be replaced. (That's why I like BitDefender - it keeps a log of what it did on the hard drive).

    It sounds like access to some parts of the system is not possible. You may be better off just installing a fresh version of XP.

    Running a repair with the XP SP3 CD may be a good thing to try. It is always better, when installing service packs, to install them by running a repair installation with the CD that already has the service pack than it is to try to install the service pack in Windows. It avoids a lot of the problems and saves space on the drive, too. Setup also has better access to the system than updates do, so it may work when access is denied to some directories.

    If possible, I would uninstall antivirus and antimalware before the installation. Also Daemon Tools, if present.

    ============================================

    Tell your "friend" that if he doesn't have a backup, he should expect to lose everything. All hard drives will fail unless they are not used.

    Free drive backup software (imaging, cloning, and archiving):

    Paragon Backup & Recovery (Recovery boot CD or USB key)
    Macrium Reflect (Free)
    O&O Disk Image Express
    Easeus Todo Backup
    Redo Backup & Recovery (Boot CD)
    Comodo Time Machine (Complete system, files, programs, and settings restoration, but not "bare-metal" for failed drive)
    Clonezilla Live (A bootable CD of Debian with Clonezilla.)
    Drive Image XML
    PING (Partimage is not Ghost) (Boot CD with option Clam Antivirus)
    Partition Saving
    Clonezilla

    There are also many commercial products with more features.
     
  3. Tarifa_Pirate

    Tarifa_Pirate Thread Starter

    Joined:
    Nov 17, 2011
    Messages:
    7
    Ok thanks i will try the XP sp3 cd repair now, I only tried to install sp3 on the pc because the first repair was only xp sp2 cd (all i had at the time).
     
  4. Elvandil

    Elvandil

    Joined:
    Aug 1, 2003
    Messages:
    51,988
    It's worth a try. Good luck.[​IMG]
     
  5. Rockn

    Rockn

    Joined:
    Jul 29, 2001
    Messages:
    21,189
    A system restore may have been an idea, but not knowing the point where the computer became infected would be a crap shoot. Rootkits are very hard to get rid of if your system is not up to date patch wise and have marginal AV software.
     
  6. Elvandil

    Elvandil

    Joined:
    Aug 1, 2003
    Messages:
    51,988
    He's already done an installation. The restore points were gone a long time ago. They would disappear with the service pack installation, too, since they would be from an earlier operating system after the upgrade.
     
  7. Rockn

    Rockn

    Joined:
    Jul 29, 2001
    Messages:
    21,189
    Yea, i don;t suppose it would do much good either since rootkits create hidden partitions for their nefarious activities.
     
  8. Tarifa_Pirate

    Tarifa_Pirate Thread Starter

    Joined:
    Nov 17, 2011
    Messages:
    7
    Ok did the XP repair using my SP3 pro oem cd but during the copying files part the following files could not be copied and I Esc to bypass them.
    CD is not scratched and the dvd drive is ok.
    so I assume there is another reason these particular files were not allowed to be copied onto the drive?

    Can anybody see a pattern here as to why these files in particular.

    @25%
    Cmnicfg.xml
    dwil1033.dll
    ipcfg.xml
    kodak_dc.icm
    osinfo.xml
    potscfg.xml
    pppcfg.xml
    srgb.icm
    is330.icm

    @70%
    cscript.mui
    jscript.mui
    mmc3or.dll
    mmcexr.dll
    mmcfxcr.dll
    msscript.mui

    @80%
    ndisnpp.dll
    nppagent.exe
    scrobj.mui
    scrun.mui
    vbscript.mui
    wscript.mui

    wshext.mui
    wshom.mui
    archvapp.inf
    cobramsg.dll
    guitrn.dll
    guitrna.dll
    iconlib.dll
    log.dll
    migapp.inf
    migism.inf
    migism.dll
    migload.exe
    migsys.inf
    miguser.inf
    migwix.exe
    migwiza.exe
    migwiz.inf
    migwiz.man
    script.dll
    scripta.dll
    sysfiles.inf
    sysmod.dll

    surprised it loads with that lot missing lol
     
  9. Tarifa_Pirate

    Tarifa_Pirate Thread Starter

    Joined:
    Nov 17, 2011
    Messages:
    7
    upon reboot says could not load installer for cd, disk, wireless card, nvidia,
    also a copy error
    an error ocurred while copying file migregdb.ex_
    lhmstsc.mui

    now a whole load of files failed to copy during installing start menu items :(
     
  10. Elvandil

    Elvandil

    Joined:
    Aug 1, 2003
    Messages:
    51,988
    Uncopied files are most likely due to bad RAM.

    MemScope (Floppy and CD images.)
    Roadkil's RAM Test
    Microsoft Memory Test (floppy or CD ISO image)
    Memtest86

    If you have enough memory sticks, you can test them by removing one at a time and see if the problem disappears.

    If you are running Vista or 7, tap F8 on boot and choose the memory diagnostic, or if you can boot up, go to Start > Search and type:

    mdsched.exe

    Choose to run a memory diagnostic on next boot. Or, you can boot from the DVD and run it from there.
     
  11. Tarifa_Pirate

    Tarifa_Pirate Thread Starter

    Joined:
    Nov 17, 2011
    Messages:
    7
    Ok i will try taking all but one stick out and try the repair again, I have got memtest86 and others on the UBCD4win so will run that on the remaining stick before i attempt the repair again.
    The only reason i didnt think it was a bad ram problem is because apart from those files not copying it runs without freezing or blue screening.
    One thought i had is that the profile is damaged because it seems if i dont have access to the drive as an administrator or just file access permissions is not as it should be.
     
  12. Tarifa_Pirate

    Tarifa_Pirate Thread Starter

    Joined:
    Nov 17, 2011
    Messages:
    7
    I ended up backing up everything using UBCD and then format and re-installing just for other people reference these virus's are a nightmare to remove and even if you do you can be sometimes left with a OS full of errors. I have recommended to my friends he pays 40euros and puts Eset smart security on his system like i use its much better than the free ones.

    thanks everyone for help.
     
  13. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1027246