Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Virus got me BAD! [RESOLVED]


  • This topic is locked This topic is locked

#31
Dinofish

Dinofish

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
I have seen that with XP Pro but not on the Home Edition (or at least not the one that I have). But to answer your question, no I do not get that option. It just kicks me out.
  • 0

Advertisements


#32
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,672 posts
But you did have System Restore enabled on that computer?
Or did I already ask that :tazz:
  • 0

#33
Dinofish

Dinofish

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
Yes system restore was enabled. Back in my first post I described the symtoms and the steps I took to get rid of this virus. I turned system restore off, ran the antivirus and then turned it back on. I thought I had it until I antivated Ad-ware. Somehow it attached itself to it and the process started again. I think that by uninstalling adware that's what killed the OS.(???)

I have also noticed that I have lost my rights to my "owner" account. Admin and all other accounts are okay. Probably all tied to the virus?
  • 0

#34
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,672 posts
Is the program you used called AdAware?
Hoping you miss-spelled it

In that case find:
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
and doubleclick it.

Click the icon with the lock and see if there is a backup availaable of the last cleaning run.

Select it and click Restore.

Let me know if that helps.

Regards,
  • 0

#35
Dinofish

Dinofish

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
I un-installed Lavasoft Ad-aware program, so I won't be able to activate it. But I'll double check for backups and let you know later tonite what I find.
  • 0

#36
Dinofish

Dinofish

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
All Ad-Aware programs including backups have been removed. I think even if they were still there, I could not use them because I can't get in.

A blip of a blue error screen is now appearing (again). When I was able to read this (in the beginning of the virus attack), I looked up the error message and it pertained to the registry being corrupt. Unfortunately I don't have enough time to read it before the system reboots.
  • 0

#37
Dinofish

Dinofish

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
Last night I think I narrowed my boot up problem to be the system hive. Because the virus deleted my repair\system hive, I loaded the bad hive to see what was there. There were 16 ControlSets (ControlSet000-ControlSet015) with no CurrentControlSet. ControlSet000's main objective pointed to the Lavasoft Ad-Aware program of which I uninstalled. Is there something I can do to manipulate this hive into jump starting my system?
  • 0

#38
Dinofish

Dinofish

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
Last night I think I narrowed my boot up problem to be the system hive. Because the virus deleted my repair\system hive, I loaded the bad hive to see what was there. There were 16 ControlSets (ControlSet000-ControlSet015) with no CurrentControlSet. ControlSet000's main objective pointed to the Lavasoft Ad-Aware program of which I uninstalled. Is there something I can do to manipulate this hive into jump starting my system?
  • 0

#39
Dinofish

Dinofish

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
Sorry 'bout the double post... :tazz:

I'll be more careful next time
  • 0

#40
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,672 posts
No problem.

I'll have to ask if the option you proposed is a viable one and how to best proceed.

I'll get back to you.

Regards,
  • 0

Advertisements


#41
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,672 posts
Answer from one of our "supertechs" :tazz:

The CurrentControlSet key is actually a copy of the ControlSetxxx, which was used to boot Windows, and it is not created until Windows does a successful boot.

You could try the following M$-KB article:
http://support.micro...kb;EN-US;307545

View Post


Keep us posted,
  • 0

#42
Dinofish

Dinofish

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
I have already tried this. The problem is I do not have a system hive in the repair folder. So therefore it does not work. I've even gone as far as pulling the hives from system volume information\snapshot, but these file do not go back far enough in time.

Do you think, if I were to get the hives from a different XP home edition box (same computer) that would work? I have tried to copy the XP Pro hive files over and I was only able to get into safemode. While in there, things did not look right. I did not feel I was truely in on the bad side, so I got out.

I haven't given up yet and I'm hoping you guys can still help. Otherwise I'll probably have to reformat. :tazz:
  • 0

#43
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,672 posts
One of the Trusted Techs said we should have replaced all the registry hives.

http://support.micro...kb;en-us;307545

Note Make sure to replace all five of the registry hives. If you only replace a single hive or two, this can cause potential issues because software and hardware may have settings in multiple locations in the registry.

View Post


Since you didn't find all of them, this may be a mission impossible.

Regards,
  • 0

#44
Dinofish

Dinofish

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
I would replaced all 5 if I had them.

So are you saying I have to reformat? There is nothing left to try?
  • 0

#45
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,672 posts
Let's wait for a few more suggestions from the Trusted Techs.

This is not a field I excell in, so I'm hoping someone will come up with a good idea.

Regards,
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP