Help with reinstalling XP (malware)

bushykangaroo

Its a long time since i reinstalled windows and need to do it on the family pc. I have a Xp cd and seriel code to do it.

Do i just save all the files, etc.... and then insert the Xp cd and reinstall windows or do i have to defrag the hard drive and then start booting from Dos, etc... Or can i literally just put the cd in and reinstall it without removing the current windows.

Also, reason im having to do this is because the pc has become unuseable due to viruses, theres a trojan horse on it and couple other viruses. Ive Avg and the free microsoft essentials which i only put on it recently and seems to be crap in my opinion.

Does anyone know if i can remove these viruses and avoid having to reinstall windows?

t1mm

Get some proper antivirus software, I recommend nod32. If you're re-installing windows you just have to set your computer's BIOS up to try to boot from the CD Drive (where the installer will be) rather than the hard drive first. To do this you normally press Delete or one of the Function keys (F1 F2 etc) a few moments after you turn your computer on. The installer will guide you through the process to some extent - you don't need to remove anything from your hard drive before you do it (except for backing up your files). You will have to install drivers for all of your hardware after you install windows.

bushykangaroo

t1mm wrote: »

Get some proper antivirus software, I recommend nod32. If you're re-installing windows you just have to set your computer's BIOS up to try to boot from the CD Drive (where the installer will be) rather than the hard drive first. To do this you normally press Delete or one of the Function keys (F1 F2 etc) a few moments after you turn your computer on. The installer will guide you through the process to some extent - you don't need to remove anything from your hard drive before you do it (except for backing up your files). You will have to install drivers for all of your hardware after you install windows.

So, ill just save personal files, then go into the bios and set it to boot from a cd, and then insert the windows xp cd?

Is there any fixes i could try first to rid the viruses?

t1mm

Yup, you've got the right idea.

Is there any fixes i could try first to rid the viruses?

As I said, get some proper antivirus software, such as nod32. You get what you pay for

bushykangaroo

t1mm wrote: »

Yup, you've got the right idea.



As I said, get some proper antivirus software, such as nod32. You get what you pay for

How much is that Nod32? Will that actually fix the viruses on the pc currently or just protect against future ones.

Does the reinstalling xp process delete the hd contents itself, does it just reinstall over everything itself. You'd imagine it would need to delete everything for a fresh install?

t1mm

http://www.eset.com/home/
It, like any good antivirus software, has a scan feature, so you can scan your computer and remove malware. Yes, the re-install process will delete everything.

bushykangaroo

t1mm wrote: »

http://www.eset.com/home/
It, like any good antivirus software, has a scan feature, so you can scan your computer and remove malware. Yes, the re-install process will delete everything.

Cheers for the link. Which will i buy, the Nod32 €39.99 or the Eset Securityfor 49.99.

Are they just anti-virus, no fire wall? I currently use the free zone alarm edition.

Whats the likelihood of a new anti virus program fixing the pc, i find a lot of them programs are only good for scanning and dont seem to actually remove anything

mp22

before you spend any money try avast (the free version) http://download.cnet.com/Avast-Free-Antivirus/3000-2239_4-10019223.html?part=dl-85737&subj=dl&tag=button

yoyo

If the Trojan horse on the pc is one of those fake anti viruses blocking everything try this:
Download rkill from here: click here(use either one called explorer.exe or ieexplore.exe and save onto desktop)
Run Rkill, a console window should pop up momentarily, if the fake anti virus blocks it immediately open it again, keep trying until it opens, try in safe mode if neccesary, if it doesnt open see below note
next download the free malwarebytes, install it and update it, run a quick scan, this should pick up the fake av and remove it,
Note: If you cannot use the machine/run rkill you may need to use something like the Kaspersky rescue disc to fix the machine, this is free also
There is no need to waste money buying an anti virus, microsoft security essentials works fine,

Hope this helps

Nick

mp22

bushykangaroo wrote: »

Also, reason im having to do this is because the pc has become unuseable due to viruses, theres a trojan horse on it and couple other viruses. Ive Avg and the free microsoft essentials which i only put on it recently

By any chance are you running 2 anti virus's?, if so this will cause a major slowdown in you pc's performance.

Capt'n Midnight

if you reinstall over the top you will most likely inherit the malware

if you can't remove the viruses and decide to go down the route of a clean instally you will need all the drivers on hand first, for example if you XP CD isn't service pack 3 and you have a SATA hard drive then the CD won't recongnise the drive (Do not pass GO, do not collect £200) until you use the correct drivers, (some BIOS's will give you an option to change the sata mode until you get windows installed)

best to try to clean up

avg have a rescue cd that you can boot from, this will pickup some nasties that you can't remove from within windows, NB it doesn't pick up everything so you would still need to clean stuff in windows

bushykangaroo

yoyo wrote: »

If the Trojan horse on the pc is one of those fake anti viruses blocking everything try this:
Download rkill from here: click here(use either one called explorer.exe or ieexplore.exe and save onto desktop)
Run Rkill, a console window should pop up momentarily, if the fake anti virus blocks it immediately open it again, keep trying until it opens, try in safe mode if neccesary, if it doesnt open see below note
next download the free malwarebytes, install it and update it, run a quick scan, this should pick up the fake av and remove it,
Note: If you cannot use the machine/run rkill you may need to use something like the Kaspersky rescue disc to fix the machine, this is free also
There is no need to waste money buying an anti virus, microsoft security essentials works fine,

Hope this helps

Nick

Hiya, when i went to download that Rkill using the iexplore link on my other computer, my Avg flashed up a trojan horse gen32 thing.

Ive downloaded some of the other security progs suggested, spybot search and destroy, adaware and malware. Ill try run them and see if they'll fix it. I canr see them getting rid of this trojan though, surely Avg and Security essentials should be able to but they dont seem to be able.

Ps: I was only running Avg on it, and only installed microsoft security essentials about a week ago, but the pc was going slow way before that.

yoyo

bushykangaroo wrote: »

Hiya, when i went to download that Rkill using the iexplore link on my other computer, my Avg flashed up a trojan horse gen32 thing.

Ive downloaded some of the other security progs suggested, spybot search and destroy, adaware and malware. Ill try run them and see if they'll fix it. I canr see them getting rid of this trojan though, surely Avg and Security essentials should be able to but they dont seem to be able.

Ps: I was only running Avg on it, and only installed microsoft security essentials about a week ago, but the pc was going slow way before that.

Its a false possitive, but the fact AVG is working doesnt sound like its that particular type of malware, as suggested above you must uninstall one anti virus program (I reccomend removing AVG) as having two anti virus programs installed will not give you any better protection as both will conflict but it will also make your computer very slow usually, when you say you have a trojan what signs of it are on the computer? One thing you could do is try the Nod32 only virus scan (free and very good) Here to see if it picks up anything

Nick

bushykangaroo

yoyo wrote: »

Its a false possitive, but the fact AVG is working doesnt sound like its that particular type of malware, as suggested above you must uninstall one anti virus program (I reccomend removing AVG) as having two anti virus programs installed will not give you any better protection as both will conflict but it will also make your computer very slow usually, when you say you have a trojan what signs of it are on the computer? One thing you could do is try the Nod32 only virus scan (free and very good) Here to see if it picks up anything

Nick

Ill try that Eset scan now in a while, just waiting for search and destroy to run its thing now.

Symptons of viruses were them being detected by both Avg and Ms essentials, heres the name of 1 i wrote down: Trojan horse FakeAlert.Zs

Also, another 1 came up as Virus JS/obfuscated

Whatever they mean.

yoyo

bushykangaroo wrote: »

Ill try that Eset scan now in a while, just waiting for search and destroy to run its thing now.

Symptons of viruses were them being detected by both Avg and Ms essentials, heres the name of 1 i wrote down: Trojan horse FakeAlert.Zs

Also, another 1 came up as Virus JS/obfuscated

Whatever they mean.

I would reccomend malwarebytes to be run for the FakeAlert one, its very good at removing them, you will need to uninstall one of the anti virus scanners (such as AVG) before this, as having more than one anti virus can cause many amounts of grief (its probably the reason this virus can't be removed!), also before running a full virus scan (to speed up the process) download CCleaner, install and run it.
This tool will delete temporary files/empty recycle bin etc. These files can cause a massive delay in virus scanning if there is many. Another tip is uncheck delete cookies in the program if you like your web browser to save logins (ie your kept logged into a website).
Also, there is a possibility your computer is not infected however an installer for a malware was downloaded. If that is the case running Eset online should fix it,

Nick

bushykangaroo

yoyo wrote: »

I would reccomend malwarebytes to be run for the FakeAlert one, its very good at removing them, you will need to uninstall one of the anti virus scanners (such as AVG) before this, as having more than one anti virus can cause many amounts of grief (its probably the reason this virus can't be removed!), also before running a full virus scan (to speed up the process) download CCleaner, install and run it.
This tool will delete temporary files/empty recycle bin etc. These files can cause a massive delay in virus scanning if there is many. Another tip is uncheck delete cookies in the program if you like your web browser to save logins (ie your kept logged into a website).
Also, there is a possibility your computer is not infected however an installer for a malware was downloaded. If that is the case running Eset online should fix it,

Nick

Thanks. As soon as Spybot has finished scanning,,, ill uninstall Avg and then just use the 1 anti virus, MS essentials. Then ill run Malwarebytes.

I have to pay for that CCcleaner it seems? Ill empty the IE cookies, etc,, manually sure.

yoyo

bushykangaroo wrote: »

Thanks. As soon as Spybot has finished scanning,,, ill uninstall Avg and then just use the 1 anti virus, MS essentials. Then ill run Malwarebytes.

I have to pay for that CCcleaner it seems? Ill empty the IE cookies, etc,, manually sure.

You dont need to pay for it Just click the button I highlighted below on the ccleaner download page. No need to clear cookies, its more the temporary files are slower to scan (as they are larger-typically on average)


Nick

bushykangaroo

yoyo wrote: »

You dont need to pay for it Just click the button I highlighted below on the ccleaner download page. No need to clear cookies, its more the temporary files are slower to scan (as they are larger-typically on average)


Nick

Appreciate that Dude!!


Spybot finished, heres what it found.
24 things, all related to Firefox except the things under the heading My.Way.MyWebSearch which its files seemed to be H_keys type stuff.

AdRolver 1
DoubleClick 1
FastClick 2
MediaPlex 4
My.Way.MyWebSearch 10
TradeDoubler 2
WebTrendsLive 1
Zedo 3

Thats them all! Spybot deleted all them 24 yokes.
I uninstalled Firefox yesterday as I suspected it to be faulty, but some of it stayed behind i think.

Uninstalling Avg now, then going to run a few more progs, will update this thread then in a while. Half hr or so probably

yoyo

bushykangaroo wrote: »

Appreciate that Dude!!


Spybot finished, heres what it found.
24 things, all related to Firefox except the things under the heading My.Way.MyWebSearch which its files seemed to be H_keys type stuff.

AdRolver 1
DoubleClick 1
FastClick 2
MediaPlex 4
My.Way.MyWebSearch 10
TradeDoubler 2
WebTrendsLive 1
Zedo 3

Thats them all! Spybot deleted all them 24 yokes.
I uninstalled Firefox yesterday as I suspected it to be faulty, but some of it stayed behind i think.

Uninstalling Avg now, then going to run a few more progs, will update this thread then in a while. Half hr or so probably

I would first run malware bytes after AVG is uninstalled, then run Eset online scanner, once you do this your pc should be good to go . Also I would reccomend re-downloading Firefox, Google Chrome or Opera as a web browser. Internet explorer is fairly hit or miss even though since version 8 it has improved drastically

Nick

bushykangaroo

Right, Avg uninstalled! Then ran ccCleaner which deleted 1.3Mb of cookies, etc..

Ran Malware bytes and it found nothing, heres the little log it gave me:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 6540
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
09/05/2011 20:25:41
mbam-log-2011-05-09 (20-25-41).txt
Scan type: Full scan (C:\|E:\|)
Objects scanned: 194688
Time elapsed: 25 minute(s), 35 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)


Im going to run the Eset onuggested and then Adaware.

I dont understand how the trojan isnt being found in all these scans, does this mean the trojan is gone? I noticed the computer seems to be getting faster as I progressed through with these virus scanners but which 1 would have tackled the trojan?

bushykangaroo

Eset scan just finished, found the 2 things below:

C:\Program Files\ZoneAlarmSB\bar\1.bin\NPZONESB.DLL Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\Program Files\ZoneAlarmSB\bar\1.bin\Z4PLUGIN.DLL a variant of Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined

Running Adaware now, ill just update microsof essentials then and leave it at that, will I? Anything else to do?

Capt'n Midnight

moving thread as it's now malware rather than windows install

more eyes should help

bushykangaroo

Computer still seems slow, although not as bad as it was and no virus alers flashing up now from the anti-virus program. Only running 1 anti-virus program, MS essentials and zone alarm firewall free versions.

When it starts up its can be ok, but its slow to start and the hd seems to be chugging louder than usual sometimes, also there could be nothing open and the hd could be chugging and you'd be wondering what its doing.

Is the hd dying, any way to check? Its only a 4400rpm if i remember correctly, buts only got about 20g of 80g on it. Anyway to know if its dying?

Capt'n Midnight

you can use hdtune to check for SMART errors on the HDD
it will do surface scan too


manufacutrers utils are also good for tests ( PC / HDD manufacturers )