Virus->Fresh Install->Backup|Access?

This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.


Thread Starter
Jun 2, 2005
Below is the short history of the problem. I write this to give perspective as well as see if anyone has heard of this and perhaps knows an alternative solution. My current solution involves backing up and formatting, around which my primary question (found below) revolves.

Three days ago I made the painful mistake of clicking a seemingly reputable looking Google link. You can presume what browser I used. Needless to say, I will be changing that in the future. As a result of clicking that seemingly harmless link, I was prompted with repeated pornography and advertisements upon each close click, which I, of course, repeatedly attempted to close. When it finally gave me the option to force close all, I took it, but in the chaos my system tray popped up an icon looking quite similar to that of a virus scanner, which displayed a tooltip indicating "your machine has been infected. Click here to remove."

Of course, in retrospect I realize that that message was not exactly very reliable, but, according to a recent scan by SpyBot S&D, I had no previous spyware on my computer, so I figured if something had the capability of appearing on my system tray, it probably had done any damage it could have. I clicked it in the haste, and after all the browser windows had closed, I realized I no longer had access to Start>Run/Help/Search, my control panel was renamed "Folder", and I was unable to run any executable. Immediately I did a scan with PC-cillin, but my definitions are probably quite out of date. Even if they had been, I'm not sure it could have done anything. I browsed my processes in the mean time, and they appeared normal except for "addgu32.exe," but, running home edition, it's possible the process was attached/hidden anyway. My instinct was to try to do a system restore as soon as possible, but, being unable to run executables, I could not. I thought surely Microsoft would have placed a system restore option prior to starting Windows, but, unfortunately, in their genius, they require you to access windows and explorer before being able to use it.

After scanning and finding nothing, I restarted. There wasn't really any alternative, as I was pretty much paralyzed. I returned to an obviously infected machine. It was now capable of running .exes, but not Explorer or Iexplore. Sadly, it had also infected my registry. The primary files were "170.tmp.exe","171.tmp.exe","winstall.exe", and "netxh32.exe." I repeatedly tried to delete them from my registry, alternating from safe mode to normal and command prompt/network support. I attempted to access System Restore from safe mode, but it refused to start. At one point I was able to get Explorer to run, so I immediately tried to use System Restore, which seemed to operate properly until I hit the final "Next" button to actually restore. It seemed to try, but after only a few moments the hard drive activity light stopped blinking, and I could see that it was not making any progress, so I rebooted, and was not able to get Explorer to start again.

After a lot of unsuccessful and frustrated boots, including attempts to "recover" via the WinXP CD, I elected to disable all services and startup devices, even though the obvious virii (files listed above) no longer appeared in the startup section. "Perhaps there was one I missed." After that, networking ceased working, of course. The services were not "re-enable-able." And, after a few more boots, Windows stopped booting entirely. Left with no options, I attempted a Repair Installation, which seemed to work, but resulted in the same failure to boot. I then did a fresh installation into C:\WINXP (as opposed to C:\WINDOWS, where the original installation resides).

Thankfully, this installation does work, and I am on it now. The first thing I did, of course, was grab AVG (FE) and do a scan. It seemed to find the virii on the other installation, and was able to "fix" them, but this still did not allow booting of that installation. Perhaps in my efforts to destroy the virus, I made a mistake somewhere along the way which contributed to the inability to boot, but I'm usually pretty careful about such things, so I honestly don't know what happened. If I could use my fresh install to somehow fix the other install to at least boot (even if somewhat incomplete/unstable), that would be ideal for backing up files. I was hoping to do so without even creating the fresh install via a boot disc of some sort, but was informed that, due to MS' strangle on NTFS, this was likely not possible. So, if I simply cannot fix the other installation, I would at least like to backup some of the files from it before I must format.

I'm now trying to access data from the first (corrupted) installation of windows on the second installation. For the most part, this is successful, as files within C:\WINDOWS (the corrupted install) and "All Users" are available to me on the second install. However, the files under my user account from the first installation are not available. "Access is Denied." is the message.

My three major questions are:

Is there any other known way to fix this via some alternative method? For example, a magical boot disc capable of virus scanning/fixing windows installations? Obviously, I'd like to keep my old/existing windows install, but the WinXP Repair Installation simply didn't work. :( I'm also worried that I will be incapable of reinstalling windows again due to this fresh install and will have to call Microsoft to wait for hours for "permission" to load my software.

Is there a way to simply "delete" the other installation of windows? Simply "uninstall" the corrupted version so that I do not need to format. I'll likely format anyway once I get everything backed up, but, in the meantime, I'd like to be able to run windows without constant fear of being infected again. For example, upon my new installation I received repeated "Messenger" dialogs urging me to visit random sites for obviously fake "cleaning utilities," until I disabled the messenger service. I have a windows password and will be changing browsers in the near future, as well as keeping my virus definitions better up-to-date, so my concern is only the viruses ability to spread again, especially when backing up files from my other installation.

My final question is most pressing to begin the backup process. Is there a way to access the documents stored in my original-installation user folder, without being able to grant "permission" from that installation? I'd find it odd if not, since I have access to nearly everything else on that first installation. Of course, I have the windows password for administration accounts (the only accounts) on each installation, though I worry it's possible my password on the first might have also been corrupted. I don't have a ton of data in the currently inaccessible user folder (I keep most in my own directory structure), but what little I do have is moderately important.

Any assistance is greatly appreciated. I'm sorry for the length of the post, but I'd rather be clear and specific than vague and inaccurate. :)

Thank you very much,

Jinx Dojo
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online