• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 3032
  • Last Modified:

Remove virus and reset all windows setting

My client laptop was infected with virus. The virus does not let the antivirus to be loaded, does not let the msconfig to be opened, taskmanager is not able to run and etc.

1- does anyone knew anything about this kind of virus? pls explain on how to remove it. I had successfully remove it but there are other virus with this similar behaviour but some are hard to remove.

2- any website to download files to reset the window system registry (display and etc).

3- any tips on how to remove virus and restore the OS back to normal (Win XP)
0
otyew
Asked:
otyew
4 Solutions
 
rpggamergirlCommented:
All tools that are out there created to fix certain viruses/infections also fixes the windows default settings. It depends what were being reset like windows firewall/antivirus etc.

With other malware like the smitfraud desktop hijacks all you had to do is manually reset the settings yourself.

Some viruses that disables utilities like task manager, regedit when virus are gone those utilities will work again.

Are you sure that the virus/malware is gone?

Let's look at your hijackthis log:
Please download HijackThis 1.99.1
http://www.cyberanswers.org/forum/uploads/HijackThis1991.exe
Open Hijackthis, click "Do a system scan and save a logfile" don't fix anything yet.
Notepad will also open, copy its contents and paste it to either these sites:
http://www.rafb.net/paste/
then at the bottom left corner click "paste"
Copy the address/url and post it here:

Or paste the log at --> http://www.hijackthis.de/ 
and click "Analyse", click "Save".  Post the link to the saved list here.
0
 
rpggamergirlCommented:
Or you could straightaway run these, I have the feeling it might be the Alcan worm:

1. Please download Brute Force Uninstaller to your desktop.
http://www.merijn.org/files/bfu.zip
Right click the BFU folder on your desktop, and choose Extract All
Click "Next"
In the box to choose where to extract the files to,
Click "Browse"
Click on the + sign next to "My Computer"
Click on "Local Disk (C:) or whatever your primary drive is
Click "Make New Folder"
Type in BFU
Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".

2. Download Alcra PLUS Remover.
http://metallica.geekstogo.com/alcanshorty.bfu 
Save it in the same folder you made earlier (c:\BFU).

Reboot to Safe Mode.
Then, please go to Start > My Computer and navigate to the C:\BFU folder.
Start the Brute Force Uninstaller by doubleclicking BFU.exe
Behind the "scriptline to execute" field click the "folder icon"  and select alcanshorty.bfu
Press Execute and let the program do it’s job. (You ought to see a progress bar if you did this correctly.)
Wait for the complete script execution box to pop up and press OK.
Press exit to terminate the BFU program.
Reboot into normal windows



0
 
Angry_BeaverCommented:
Are u sure that this is virus? may be it's Spyware... can you install/load any software? If you can install, try to install  Ad-Aware Personall (http://www.lavasoft.de/) and try to scan your Laptop for Spyware Software.
0
 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

 
zephyr_hex (Megan)DeveloperCommented:
here's a good spyware and virus removal FAQ.  if you don't know what you're dealing with, i recommend that you take the time to do a thorough cleaning.  a general rule is that if you have 1 piece of bad stuff, you usually have more.

http://forums.majorgeeks.com/showthread.php?t=35407
0
 
rpggamergirlCommented:
Hijackthis is a very good diagnostic tool, it can tell us what kind of malware etc is present in your system, it will then make it easier for us to pick the right tool for instead of trying many different scanners to see which one  works.

Most of the time hijackthis handles baddies by just fixing the bad entries.
0
 
otyewAuthor Commented:
does anyone has the url where i can download all the default registries for windows?
0
 
rpggamergirlCommented:
I don't know of any url where you can download windows default registry. Even if there were how can it work when the registry are not synchronized with what programs are installed in your system?
Importing a registry from somewhere would be a bigger problem than what you have now which is cleaning up the aftermath of the virus and removing leftovers.

What you can do is try and roll back your system to the way it was before you were infected.
Try System Restore;
Start > All Programs > Accessories > System Tools > System Restore >
then pick a date before you were infected.
Bear in mind that any program you installed, drivers and updates you've installed after the chosen date will need to be reinstalled.

By the way, have you tried any of the above suggestions, like letting us see your hijackthis log etc.
0
 
otyewAuthor Commented:
system restore is basically useless most of the time, it was obvious tat the system was changed but after using system restore, it didnt detect any changes.

ok, one last question. if i run the hijackthis program n the list of process are out. if i found some suspicious process, what should i do?

anyway thanks for the answer
0
 
rpggamergirlCommented:
I'd rather look at the hijackthis log myself if that's okay, any bad entries there could point to a specific malware/virus that needs a particular tool to get rid of.

Hijackthis is not a standalone tool, sometimes it needs other tools like for example if look2me is showing in your log, then it needed a look2me tool, if an alcan worm show up in the log then it needs the tool specially created for Alcan worm etc.

But mostly, "Fix Checked" in hijackthis removes the relevant bad registry entries.

So I would like to ask you to just post the entire log at the sites I mentioned in my post.
paste the notepad contents to either these sites:
http://www.rafb.net/paste/
then at the bottom left corner click "paste"
Copy the address/url and post it here:

Or paste the log at --> http://www.hijackthis.de/ 
and click "Analyse", click "Save".  Post the link to the saved list here.
0
 
otyewAuthor Commented:
yeah, hope to do so but it totally block my access to any website. i can connect to the internet, even do the vnc and ftp but not web browsing
0
 
rpggamergirlCommented:
you mean you can't access any site?

Then just post the hijackthis log here on your topic, not recommended but if you don't have a choice.




0
 
knuthfCommented:
rpggamergirl and others: Be careful Hijack this and hijack that may solve some problems but not ALL.

..Sometime antivirus and spyware detectors halts the installation. This will leave your registry with some modified keys, partially installed files and scripts almost ready to run - but not the entire spy.

This is one reason for not running interactive from your server - as I do.

Because: There are no tools out there that will remove traces of a worm that was caught when it tried to install. What I have been told - is to back up the registry after you have installed everything - use standard Windows Backup.

When things like this happens, try to delete all cache files. Then delete all in the Application\Temp directory that you do not know what is. Sort WindNT and WinNT\System32 on "modified date" and delete newer DLL - use "Properties" and your will see Microsoft as owner and version number - if not, just delete or rename them.

Reinstall the Registry (reboot in safe mode)

Try to recover the security database using the Recovery tool - hold F8 while loading...

If you cannot recover security, you have to reinstall the OS from scratch. E.g. as "Administrator" you get the message "You are not permitted to do this - please contact your Administrator"...

Do not waste time looking for various tools. Those are made for simple task like cleaning up and removing traces of what they can find. There is no "hook" they can look for - they cannot search every file for a new user that was about to be created.

That MS has not made a "Just rebuild my security database, it is messed up" is incredible. There are tools that will back up your security setting, and restore values.. as long as you have the right permissions - which require that the security settings are not corrupt.

So - sometimes the answer is: the system is beyond repair - just reinstall everything from scratch. All users, all networks, all settings, all applications. it will take your entire weekend - which is about 4 days less than a week searching for various tools.

When Windows Security gives odd messageses that stops you, the taskbar is gone and nothing works... your system is beyond repair.. Just reinstall. Others do it (not all the time - but....)
0
 
gonzal13RetiredCommented:
Have you tried the safe mode and then activate your antivirus?
0

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now