• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2465
  • Last Modified:

What virus turns apps off?

Clients XP Pro machine. Never had virus protection.

Running okay, a bit slow, but okay.

Cannot install AVG. Set up starts, but nothing happens after unpacking files.

Cannot run regedit, starts up then closes, almost instantly.

Cannot run MSCONFIG. Just will not open. Run from Start>Run>msconfig. Nothing.

Copied a new MSCONFIG to the desktop and tried to run that...nothing.

I have an idea this is a virus of some sort. Any suggestions would be gratefully recieved.

Thank you :)
  • 3
  • 2
  • 2
  • +3
3 Solutions

Since it seems your client has some pretty advanced spyware and viruses, you should download a couple of tools to aid in removing them. The first I will recommend is Spybot Search & Destroy, it can be found here: http://download.com.com/3000-8022-10194058.html?tag=lst-0-3 . The second is Ad-Aware which can be found here: http://www.lavasoftusa.com/ . Install both programs, update them, and let them scan for spyware. If you find that you cannot open either one of these programs then restart the computer in safe mode and run the programs. (Safe Mode starts Windows with a minimal amount of drivers and prevents most viruses from working due to the lack of drivers present.)  Now, restart the computer normally and go to this link: http://housecall.trendmicro.com/ . This is an online virus scanner that may evade viruses that attempt to shut down AV programs, should they be present. Remove everything detected. After performing these steps, I would like to know if any searches in Internet Explorer are being redirected and if so, to where. Please let me know if there is a problem performing a certain step as there are many alternate workarounds.
I'd say try booting into Safe Mode first and foremost...then try to run MSCONFIG disabling anything/everything in the start tab...

How to access Safe Mode:

midhurstAuthor Commented:
I'm not with the machine at the mo, but will try your suggestions.

I booted in to safe mode, but msconfig and regedit wouldn't start from there either. :O/

WEBINAR: GDPR Implemented - Tips & Lessons Learned

Join the WatchGuard team on Thursday, March 29th as we recount some valuable lessons learned in weighing the needs of a business against the new regulatory environment, look ahead at the two months left before implementation, and help you understand the steps you can take today!

You might try system restore:  http://support.microsoft.com/?kbid=306084 (Restore to previous state)

or can you click Start->Run->SFC /Scannow

Check these sites for information on how to perform a repair install of XP:
 http://www.webtree.ca/windowsxp/repair_xp.htm (Last Known Good/Safe Mode/Recovery Console/Repair)
 http://www.windowsreinstall.com/ (Choose Pro or Home from the side-bar)
Rich RumbleSecurity SamuraiCommented:
Typically, you want to turn off system restore... and DL a free anti-virus scanner, Mcafee's stinger works well, but if you can't get it to run you may need to get Ad-Aware to run before. (linked above)
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm (turn off system restore on XP and ME to get rid of viri for good)

While the stinger product is good at finding and ridding you of the virus, it does not patch or portect the PC from further, or re-infection. Get a Firewall like ZoneAlarm and an AV solution like McAfee that can work "on access" in stead of after the fact.

Lot's of the lates't viri turn off AV FW and various other programs you'd use to get rid of them.
http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.yn.html (nasty! tries to kill everything...)
Removal instructions for such a virus are located at the botom of that link...
The following instructions pertain to all current and recent Symantec antivirus products, including the Symantec AntiVirus and Norton AntiVirus product lines. (mcafee's stinger is more incompassing- norton will have you DL every one of their tools, while McAfee's is all in one)
   1. Disable System Restore (Windows Me/XP).
   2. Update the virus definitions.
   3. Restart the computer in Safe mode or VGA mode.
   4. Run a full system scan and delete all the files detected as W32.Gaobot.YN.
   5. Reverse the changes made to the registry.
   6. Remove the DNS entries added to Windows hosts file.

http://securityresponse.symantec.com/avcenter/venc/data/w32.petch.html also a virus that attacks regedit and others..

Cleaning your computer  - and protecting it in the future -  can't be answered with one issue.

As you can see in my url below there are at least 7 different issues, where you should decide 1 of each, or else you does'nt protect your computer at all.

The reason is, that the many different programs not always protects against each other, and each of them does'nt protect equally.

It's very important, that you study all of these issues in my knowledgebase (some of them are freeware):

BTW: I'm using the Trend Micro virus-suite, and SoftScan , and haven't got any of my servers or computers infected since 1999.

Many Regards
Jorgen Malmgren

:o) Your brain is like a parachute. It works best when it's open

If Sfc.exe does'nt work, then try to copy all the files from C:\WINNT\system32\dllcache to C:\WINNT\system32
Files Manually Copied to the DLLCache Folder Are Not Used Until the Next Reboot
Rich RumbleSecurity SamuraiCommented:
the Viri aren't very smart... they only look for the name of the running process... nothing else, so if Adaware.exe or stinger.exe are killed by the virus, try renaming them, it worked when I came across this one before. Remember to turn off System Restore, as you'll just keep re-infecting yourself.
nader alkahtaniNetwork EngineerCommented:
Firsrt solution :

1.restart ---> Safe Mode

then use the command sfc /scannow to restore the corrupted files

restart the machine againe then install Antivirus Program --->Scan all computer

Second solution :

boot the machine in Safe Mode With Command Prompt

if you access command prompt screen type this command :



Restore your system

midhurstAuthor Commented:
Thanks guys. I learnt much from your answers and I'm grateful. Nothing worked completely and in the end, rather than spend endless hours, I reformated and reinstalled.

:o) Glad we could help you - thank you for the points
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

  • 3
  • 2
  • 2
  • +3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now