I have a laptop with Windows 2000 on it. This morning Sophos detected a worm (I think it was w32/Maddis) but couldn't remove the file:
I then followed the removal instructions which were to start the laptop in safe mode and delete the file. However now when I start the laptop it gets to the login screen, it accepts my login but after a few moments it returns to the login screen - thus it seems stuck in an endless loop.
*** Turn off System Restore , if your infected***
1) Run a FREE online virus scan, http://housecall.trendmicro.com/housecall/start_corp.asp - Even though you hopefully already have a virus scanner, it’s always nice to get another opinion.
2) Adware Personal SE: http://files3.majorgeeks.com/files/c3cbd51329ff1a0169174e9a78126ee1/spyware/aawsepersonal.exe - be sure to run the update after you have completed the install.
3) CWSheddar - http://files3.majorgeeks.com/files/c3cbd51329ff1a0169174e9a78126ee1/spyware/cwshredder.exe - This is good to run just to make sure.
4) HiJackThis - which you’re already have, so just post log to site I gave you above to make sure the other products didn't miss anything.
If hijack this looks ok, reboot and move along to PREVENTION.
1) Virus software: If you have money buy, Kaspersky, www.kaspersky.com , otherwise go with: AVG 7.0 FREE - http://free.grisoft.com/freeweb.php/doc/2/ . Kaspersky is extremely useful for it blocks malicious scripts from the web, which a large percent of spyware comes from, also has definitions for adware/riskware/malware/et
2) Software firewall: Sygate Personal Firewall: http://smb.sygate.com/download_buy.htm - both a Pro version for money, or use the free edition. This is user friendly and one of the only software firewalls that prevent .DLL injection, which is commonly used with trojans/keyloggers.
3) Run windows updates to make sure you are fully patched. Also might want to try: http://www.microsoft.com/technet/security/tools/mbsahome.mspx - great to to analyze your system. You'd want to run this as soon as you plug into the internet.
4) Spyware Blaster - http://www.javacoolsoftware.com/spywareblaster.html
This is great for blocking dialers and other spyware form accessing your computer. Works with both IE & Mozilla and updates and free as well. Doesn't have to be running, just install, updated, "enable all protection" and follow those steps once a week or so.
5) Always a good idea to have a backup browser, these days tons of exploits are publically released against Internet Explorer. I'd check out Firefox: http://www.mozilla.org/products/firefox/
Additonal clean up:
CCleaner - http://www.majorgeeks.com/download.php?det=4191
This program will clean out, temp, temp internet files, all the other junk that sites around on the computer, will help performance.
RegCleaner - http://www.majorgeeks.com/download.php?det=460
This program will remove any missing or invalid registry entries as well as perform a complete backup of changes you made. Very nice addition to system maintainance.
With these programs I’m confident this resolve your issue. I use these same programs on a daily basis and have yet to be let down. Please don’t hesitate to reply with any questions or concerns. I’ll also provide you with a few link resources to keep up to date on daily threats!
This site has a daily diary that keeps on top of all the latest threats. I live by this site. If you a real security freak, you can get the system tray icon at: http://www.labreatechnologies.com/ISCAlert.zip
McAfee Portal Site:
Great to see the latest virus/exploit threats on a daily level, which is the most active, etc.
Analyst's Diary (virustotal.com)
Congrats and good luck,