How to get rid of a virus, without internet.

Any specifics can you give us on how do you know you have a virus ?

Whatever427,

You have to make use of someone's computer to download and burn what Fatal has said , ofcourse if it is possible

Also, another way, and what I would do in this instance, is to take your hard drive out of the infected computer and install it as a slave in your known good system...  DO NOT OPEN ANY FILES ON THE DRIVE..  Do the virus scan with the known good computer's AV solution...  Make sure the AV Definition files are up to date before you do..   This will take care of anything infected on the hard drive..

FE

Evening Ashwin..!!  TGIF...!!

Fatal_Exception,


Good evening to you too.

Fatal, thx, I want to go try it, but Im not sure if this computer can burn. Its pretty new, but all I know is he uses it usually to burn songs onto a cd. So would that be the same?

BTW:  regardless of whatever you decide, you NEED an AV solution on your system..!!!   I do use AVG on several of my home systems, and even on my Home Server, and I recommend it highly, as the price is right...  :)

And just in case your system is just being hijacked by spyware, you might try cleaning the junk out of it...

Spyware/Adware removal tools
------------------------------

What is spyware : http://www.spychecker.com/spyware.html

SpyBot-S&D : http://www.webattack.com/download/dlspybot.shtml 

Ad-aware : http://www.webattack.com/download/dladaware.shtml 

CWShredder (hijack removal):  http://www.spywareinfo.com/~merijn/downloads.html


If you are still having problems..  run the System File Checker..

System File Checker  

Start > Run > type "sfc /purgecache" {enter}

Start > Run > type "sfc /scannow" {enter}

Have your OS cd in your cdrom drive.

(You can also run these commands from the Command Shell – dos prompt)

Correct..  a burner is a burner..  If he has XP or any burning software, that will work just fine..

Here's a way to prevent it from running until you get it resolved...

Click Start->Run->MSCONFIG
Remove all checked items from the startup tab and reboot.

Darn..!!  I knew I missed something..!!  :)

LOL

Thanks everyone for helping, Im tryin the burning stuff, and then if it works, Ill accept. If it doesnt, then its the other solutions, and so on. Bleh.

No problem.. you are in good hands here..

FE

Allstate!  Am I right?  Am I right?
I love riddles...

Lowery's Law of Home Repair: If it jams, force it. If it  
breaks, it needed replacing anyway  

:)

Myrtle's Funeral Parlor:
"We'll be the LAST ones to let you down!"

Ok, I offically quit tryin to burn something. It wont let me, but songs. Sooo, Ill try findin the virus now. Here we go.

Rah Rah Ree - Kick 'em in the knee!
Rah Rah Rass - kick 'em in ... the other knee!

Is the system you are on running XP..??  If so, just open up your Cdrom drive window and drag the AVG exe file into it, along with the Def file..  Put a bland Cd in the drive, go to File > Write to CD..  It should burn just fine that way..

Still think you should pull the hard drive out and slave it to the other system...  But stay on course and let us know what you find..

FE

Lorenz's Law of Mechanical Repair: After your hands become  
coated with grease, your nose will begin to itch.

Yea, Ill burn if this doesnt work. I guess theres nothing to lose now, lol.

I cant do that just because my brother will kill me risking a virus onto his computer.

Heres what each reg file said. (My net wont work cause of this virus on my other computer, so I wrote it down on a piece of paper, *shrug*)

For the HKEY_CURRENT_USER one:

Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/Run]

For the HKEY_LOCAL_MACHINE one:

[HKEY_LOCAL_MACHINE/Software/Mircosoft/Windows/CurrentVersion/Run]

"MSConfig"=C://Windows//PCHealth//Hephctr//Binaries//MsConfig.ece/ auto"

[HKEY_LOCAL_MACHINE/Software/Mircosoft/Windows/CurrentVersion/Run/OptionalComponents]

[HKEY_LOCAL_MACHINE/Software/Mircosoft/Windows/CurrentVersion/Run/OptionalComponents/IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE/Software/Mircosoft/Windows/CurrentVersion/Run/OptionalComponents/Mapi]
"Installed"="1"
"Nochange"="1"

[HKEY_LOCAL_MACHINE/Software/Mircosoft/Windows/CurrentVersion/Run/OptionalComponents/Msfs]

OOPS! Messed up. For the last one, its suppose to go like this.

[HKEY_LOCAL_MACHINE/Software/Mircosoft/Windows/CurrentVersion/Run/OptionalComponents/MSFS]
"Installed"="1"

Can you start your system in Safe Mode..  (F8 at startup)..??

If so, then reboot and try starting it in Safe Mode with Networking..

If it starts with Networking, try to access the Net now..  If so, then dnload the AVG and run the tests..!!

FE

F8 at startup, hmmm, lets try that, so Ill brb.

I tried pressin f8 when I restarted, didnt work.. Nothing happened.

I tried again, and it worked. Its on safe mode, networking. Actually, I can even open files up, and everything. But theres still no net.

Safe mode with Networking still can not get out, eh..??   lets see if you even got a proper IP address then..

Start > Run > cmd (ok)

Then type in:  ipconfig /all

What do you get..??   In fact why don't we just throw it in a text file on your desktop...

type in:  ipconfig /all > ip.txt

You will find the text file on your desktop..  copy it and put in on a floppy..  paste it here for us to look at..

FE

You might try resetting your TCP/IP stack:
 Click Start->Run->CMD <enter>
 at the prompt, type:

 netsh int ip reset c:\resetlog.txt <enter>

Also - navigate to these keys in the registry (start->run->Regedit <enter>)

  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Winsock
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Winsock2

Repeat the following procedures on both:
Highlight the key, by clicking on it once.
Click File/Export - save it as the key's name (winsock.reg and winsock2.reg)
Now right-click it and click delete.

when you've done that on both - exit the registry and reboot...

Sirbounty-

The CMD, Netsh int ip reset c:/resetlog.txt didnt work. It came up with a error message.

Warning: Could not obtain host information from machine. Some commands may not be available.

Bleh bleh bleh.

And when you said Delete It, I hope you meant the files I just saved? Right?

Fatal -

I dont have a floppy disk, so I dont know?

Which files you just saved? From the registry?
No - the File/Export is to make a backup.
You are going to delete the Winsock keys in the registry.
If you're not certain - post back - I'm here for a while...

LoL, thanks for your help. Th Winsock keys? Oh.. Ok, misunderstood. Im go try it, thanks.

Okay - just make sure you export the keys first...(as a backup)

<I hope you heard me...maybe he hasn't left his brothers computer - or his brother will yell at him "Hey whatever-your-name-is - you got another one of those blasted emails from Experts-Exchange.  Sheesh!  What are they - spamming you or something?">

Yea, it didnt work, lol.

I dont know why, everytime I try to open a picture file or something, it'll just go..Blank, all you can see is my desktop picture, and then, after 3 seconds, it comes back. My internet is plugged in, and it works and everything, so...

*grin*   Ok...  back, but see we are still having issues...  :)

why don't we just delete the network stack and start over..??  YOu can go into your Device Manager and Uninstall the Network Card..  Reboot, and it should find it..  ck the properties then to make sure that the proper protocols have been installed..

What do you think..??

FE

You are saying that your NIC is working now and you can get out..??

If so, run the System File Checker commands I gave you in the comment above..

No, lol, sorry, I meant that the net works on my bro's comp. But not on mine o.0 What do you mean start over??

<ahem>
"The long and winding road...that leads to your door..."

Oh.. just thinking that if we uninstall the NIC and force a reset of the stack, we might discover something...  Just a way I would start troubleshooting if I were there..

Hi Sirbounty =D Your tips, as much as I wish to say, didnt work =( Still no net, and crap.

Should be able to download HJT, you think FE?

Not start over - Start->Run->SFC /Scannow

Ok.. we got SB singing now..  ahem...

Well - you started it with your "TGIF"...
LOL

Crap you say?  Crap? What's this crap you speak of man?

yea.. definitely need to check those system files..

Run the sfc command first..

Girl, mind you, psh.

Like the files not workin, and yea. YEA, not crap, so dont question my bad use of vocab now.

Think he is getting frustrated, SB  :)

Never happened to us before, right..??

>>The CMD, Netsh int ip reset c:/resetlog.txt didnt work. It came up with a error message.

Warning: Could not obtain host information from machine. Some commands may not be available.<<

I see the problem there...
should read:

netsh int ip reset > C:\ipreset.txt

Please try this again...

So, do this now....

System File Checker  

Start > Run > type "sfc /purgecache" {enter}

Start > Run > type "sfc /scannow" {enter}

Have your OS cd in your cdrom drive.

(You can also run these commands from the Command Shell – dos prompt)

The sfc didnt work. It started to pop up, then disappeared.. That was a joke, the vocab part, forgot to put a lol at the end ^_^

ooo  did not catch that..  would make a difference, eh..??

I believe you have some serious problems to deal with here...   If you don't have serious data to keep, I would wipe that drive in a heartbeat and resinstall the OS...    Of course, we experts don't like to suggest this, but I don't mind saying it..

:)

Didnt work. netsh int ip reset c:/ipreset.txt

I memorized it now, with all the times I tried.

Ok, I think I dont care anymore. Im just gonna reformat. And split the points, that work?

You still typing it wrong?
Try it line by line...

Start->Run->CMD

netsh<enter>
int <enter>
ip <enter>
reset <enter>

FE - don't give up yet man!  This ship's not sunk!

I mean, would reformattin kill the virus?

Oh - and type "bye" to exit that console...

Like I said above...  a great idea...  I really like to do this every 4-6 months anyway..  keeps your system running smoothly..

But get that AVG on there as soon as you get her up and running..  Update your system with all the patches..   And if you need any help, let us know..

FE

Unless it's a boot sector virus...which I doubt.
But just use setup from the XP disk to wipe the partition first.

You've got a backup of your data?

LOL, ok. Im gonna reformat. And get that avg. Thanks for hte help, both. Ill split the pts, whtaever they do.

omg. 1 hr of studies has left my inbox filled ... wow this is incredible.

i guess i have nothing to say except to watch

yea..  make sure you hit enter after each command...  works better that way..:)

My data is nothing but games and image files. Took a crap load of time to create, but nothing important. So, Im just gonna reformat it.

You missed a good one Sunray..  :)  Pretty slow on EE tonight, so we have been hanging out here..

Hey - wouldn't it be cool, if EE turned into a real-time chat forum instead of this web-posting and emailing?
Like IM...That'd be kewl...

Sure you don't want to try a repair install first?

What about email?  Got that saved?  IE favorites?

A chat room has been suggested, but I think they believe it would interfere with the format...   Would be nice as long as it was not abused..

"She was a working girl - north of England way...
Now she's hit the big time!  In the U.S.A"...
:D

What, like I'm not abusing this thread?  LOL
It's Friday - I'm bored...
Hey Sunray -how'd you force yourself to study...that's what I need to do...

Ok..  On that note, I think it is time for a snack..   :)

Hey - what are you having?

Get your case of Peaberry yet?

Ya know whatever - one thing that confused me about your registry Run entries - there wasn't anything there...
Can we try that route again, or are you really just going to format?

Open up those keys and look in the right pane (the subkeys don't matter (Optional Components)) - you should see a list in at least one of these - but it'll be on the right...

>> Hey Sunray -how'd you force yourself to study...that's what I need to do...

well what can i say. i know u r simply asking . I wud the say that u said to me the other day

uninstall Quickpost .. LOL !!!

Fatal,

YOu should surely come on MSN chat . I and SB are online all the time and having more fun there..

Sorry took so long, it wont let me split the points. It says I need 2 answers, but it wont let me click 2. So...

You select one as the accepted and enter the points.
Then simply enter points on any other Assists...

Split Points for How to get rid of a virus, without internet.
At least 2 Answers are required
Points must total 125 (you have allocated 0)

And...I tried reformattin my computer, it wont work. The virus is keeping the cd from working.

Talk your bro into letting you put that drive in as a slave..  as long as you run the AV solution and don't open any files you will be just fine..  Do it all the time..

FE

I will have to join you guys on IM later..  time for bed..  you know, old age...!!  :)

What does that say about me that went to bed an hour earlier?  :P

whatever427 - to split, you click the radio button (/option button) next to the comment you want to accept as an answer - then place the # of points to designate to that option in the box next to it.
For any assists - you would repeat the points step, but not the option button step...

Afraid you'll have to do the math on splitting 125 - you'll probably need to bump one up 1 more point than the other...

Thanx.

Ditto..

FE