could use some help with removing a virus...

michael_w

My brother and dad use the same computer. It is the family computer and since I've acquired a laptop and desktop for myself I touch the family computer about once every couple months. My dad is pretty much computer illiterate and my brother is just lazy so neither of them keep the computer running smoothly. I went on it yesterday and had noticed they've been using norton antivirus that has subscriptions that are about a year old... not good. So I installed Nod32 (nice antivirus software) and ran it. Found about 60 viruses and removed them without too many problems.

Now my problem -- now that there have been a few viruses gone it seems a big one has gone undetected and is now rearing its ugly face. When anyone logs into their account it boots up fine but then doesn't allow you to click anything. I've come to the conclusion that I need to make some sort of antivirus scan boot disc that will scan NTFS. I downloaded mcafee and made a disc only to find out it only does FAT.

I'm madly searching for a scanner to use (other than nortons NVAC) in hope that I won't have to do one of two things. I could just take the HD out and put it in my computer as a slave drive and scan it from there at the risk of infecting my system too or if all else fails I'll have to just wipe the hd and start fresh with no backups of anything. (probably not an option my brother will enjoy)

If you can help any that'd be just dandy...

btw once I'm done all this crap and have it going nicely I'll make sure to ghost it before my relatives mess it up again :rolleyes:

Joshtalgia

Your inability to click anything immediately makes me think that it's attacking the explorer.exe process - Have you tried killing the explorer.exe process and rerunning it to see if that ends in a different result?

(I'm assuming that when you say you're unable to click anything that it's just the mouse....or are you unable to interact in any fashion with anything?)

michael_w

I'll go try that... usually I can get a couple commands off if I'm quick (like hit ctrl+alt+delete) but after a couple seconds it doesn't want to do much with either the mouse or keyboard.

Thanks for the amazingly fast response!

michael_w

I just tried ending the explorer.exe process as fast as I could and that worked fine... Once I restarted the process it went back to its usual messed up state. I doubt it's the driver because they keyboard doesn't work either, but good idea.

I'll have to try the repair thing too but it might take a while as I will have to download a windows xp home cd image. I have some pro cd's for my computer but Staples never gave us cd's to go with the computer when we bought it (back before I was actually into computers).

I'd like to recover what I can, for my brother and dad's sake, and then I'll definatly wipe it and probably go with pro instead of home this time.

Thanks for the help!

nadams

Use AVG for your virus scanner. Dump Norton and POS McAfee!

http://free.grisoft.com

brijenjas

Some files may have been damaged by the viru/virus removal.
Does the same thing happen in "Safe mode"? Can't use mouse or keyboard?
If you can use the keyboard in "safe mode" try sing the System file checker utility before doing a repair install.
Two ways to do it;
1. Start>run>type "sfc /scannow" don't froget the space between sfc & /

2.Open a command prompt window and type sfc/scannow.

Unfortunately to do this you will still need a copy of the Operating system.

michael_w

I managed to boot it in safe mode and everything seems to be working well. I'll try the file checker as well as running another virus scan (with nod32).

Oh and for the record, norton sucks and I only downloaded mcafee for its bootable scanner.

edit: I think what I'll do is talk it over with my dad and brother and figure out what they want to do. I'll just tell them that the computer is so messed at this point that the best thing to do is to just wipe it and reinstall windows. This is now a viable solution since we will all be able to backup any needed data in safe mode.

Schris22

well if it's running in safe mode than you know it's an extra process and not a messed up driver or something involved with windows.

I work for ITS at my school and the simplest and basic approach is this...

I would start with CCleaner from filehippo.com
disable SYSTEM RESTORE...for the love of god please do this at least temporarily
To do this...Go to system in control panel, then system restore...disable

make sure view hidden files is on - Should be..Tools > folder options > view > show hidden files

then do whatever scans you want in safe mode. - norton, mcafee whatever it should help. run spyware and adware while you're at it.Just do as many scans as you can

then run hijackthis from filehippo.com as well WARNING - You can screw up your computer if you don't know what you're doing with this program. i would save a log and move it to your laptop and then run it in the parser at hijackthis.de

this will tell you which to remove...

thats the most basic thing i do just to start

Theres tons more but that'll get rid of most..

hope that helps

chris


EDIT: Put in more specific directions on how to get to system restore and show hidden files

michael_w

Thanks for the suggestions Chris. I'll have to try those tomorrow.

I've always been a little weary about messing with my registry but with this I don't have much to loose and that parser should help quite a bit

I should be disabling the system restore because if I clean out the virus it will still remain in the restored copy of things?

bobman1235

If you at any point had 60 viruses, it's pretty much guaranteed that you're going to need a clean reinstall. A system THAT messed up is BOUND to have something unfixable.

michael_w

Yeah I've talked it over and I think what I'm going to do is get my brother and dad to backup everything they need and then I'll begin the horrible task of putting all that crap back onto it.

To speed up the backingup process I might briefly connect the computer in safe mode to my laptop / desktop network to transfer over any pictures or music they might want to keep as I know my brother has a few gigs of stuff to keep. Without a dvd burner (only cd) it would be a pain in the **** and slow to do it that way. I'm pretty sure I'm putting my desktop at a little risk here but it should be fairly well protected and as long as it's just pics and stuff transferred over hopefully it'll be okay...

Schris22

do you have an external hard drive? or if you do it over the network it shouldn't be too bad.

Just make sure to scan the stuff you're bringing in.

I once worked on this girl's computer who had a big virus problem and she wanted a complete rebuild and burned her My documents on a cd...but what a surprise the viruses were all in her documents..

So we rebuilt her computer and when she restored her my documents she came back and said the viruses were there...we were so confused on how she could get viruses with a fresh rebuild...then I checked out the cd and there they were...

Chris