Solved

conficker virus?  a computer will not let me load norton properly or use windows home to reinstall

Posted on 2009-04-04
11
661 Views
Last Modified: 2013-11-08
i have a computer that was working fine until yesterday.

norton internet security 2007 ended so, i undinstalled and installed 2009
well, norton 2009 would not install.

i then lost all of my drivers to the internet, windows xp home layout - it went to calssic view.

i thought system restore - it said it was not installed
i tried windows firewall - also not installed

i tried starting with the windows xp home cd to repair - it keeps asking me
what to do, i type in 1 to select the C:/ drive
it then asks what do i want to do - i click help and nothing says restore windows
it just gives the info such as copy : delete : fixboot : mkdir: etc

could this computer be infected and will i need to do a fresh install? [ format and install? ]

i have no clue as to what is going on.

thanks
0
Comment
Question by:webdott
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 3
  • +2
11 Comments
 
LVL 8

Expert Comment

by:skywalker39
ID: 24068849
Hi webdott,

I would try scanning some free anti-virus & anti-spyware applications first. I would try AVG Anti-Virus, Malwarebytes and SUPERAntiSpyware. I would do a complete scan in normal Windows, if normal Windows fail, I would try them in safe mode. If your still having problems I would format and do a fresh install.

Here's the links:
http://free.avg.com/
http://www.malwarebytes.org/
http://www.superantispyware.com/
0
 
LVL 4

Expert Comment

by:blissbear
ID: 24068852
If you can still boot into windows, press F8 on boot before you see the windows logo and boot into "Safe Mode with netoworking".  Log into an account with Administrator access.  This will prevent most viruses from loading.

You can then attempt to install your antivirus software.

I would recommend Avast! antivirus (http://www.avast.com/index.html) as it allows you to scan the system from a very low level on boot before windows GUI loads.
0
 

Author Comment

by:webdott
ID: 24068888
i have tried the safe boot and it will not let me load any usb drives, dvd's, there are no internet connections.
i have malwarebytes, but i can not get it onto the system do to the system not letting me put any usb device in or interent. i have tried cd as well.
virus maybe?
 
0
 Watch the Recording: Learning MySQL 5.7

MySQL 5.7 has a lot of new features. If you've dabbled with an older version of MySQL, it is definitely worth learning.

 
LVL 8

Expert Comment

by:skywalker39
ID: 24068928
If you booted in safe mode only, you won't be able to get online, if you boot in safe mode with networking you will be able to get online.
0
 

Author Comment

by:webdott
ID: 24068967
skywalker39
thanks i will try safe+networking
 
0
 
LVL 33

Expert Comment

by:Dave Howe
ID: 24069695
there is a simple test for conficker here:

http://www.confickerworkinggroup.org/infection_test/cfeyechart.html
0
 
LVL 8

Accepted Solution

by:
skywalker39 earned 250 total points
ID: 24069730
If you are infected with the conficker worm, here's a link from symantec, there is a tool that you can run to remove it.
http://www.symantec.com/norton/theme.jsp?themeid=conficker_worm&inid=us_ghp_promo_conficker_worm
0
 
LVL 27

Expert Comment

by:Jonvee
ID: 24070393

Hopefully Safe + Networking will have worked.   If it does, advise running Malwarebytes.

If it will not run, try renaming it *before* saving it to your desktop.  As you're having difficulties downloading it try downloading to another machine, then into a USB memory stick (or equivalent).  Rename it first, and only then connect to the infected machine.

Another possible option is to see if you can run the Stinger which is a utility that cleans the system of viruses, that block anti virus software.   You may also need to download to a 2nd machine then rename Stinger in the same way>
http://vil.nai.com/vil/stinger/

If you can report back on whether you can run a scanner at this stage, we can advise the next move.  It may well be to run ComboFix .. details later, if required.

0
 
LVL 27

Assisted Solution

by:Jonvee
Jonvee earned 250 total points
ID: 24070429
After re-studying the question, and assuming you may still have problems, suggest you try and install Trend HijackThis 2.02:
http://majorgeeks.com/Trend_Micro_HijackThis_d5554.html

Create a folder where you would like the HijackThis file to reside and run it from there, not from the Desktop or a temporary folder.
Run the scan & save the logfile.  Then click the "Attach Code Snippet" box, paste the logfile into the "Code Snippet" page and then it can be analysed.
From the analysis we can decide more accurately whether ComboFix or any other Tool is needed.

At some later time you may find it very beneficial to completely remove Norton Internet Security 2007, if it wasn't removed cleanly the first time:

Norton Removal Tool (SymNRT) 2009.0.5.26:
http://www.majorgeeks.com/Norton_Removal_Tool_SymNRT_d4749.html
0
 

Author Closing Comment

by:webdott
ID: 31566640
it was the conficker.

i split the points because the hijack this helped me
and the removal FIXdownup from norton removed it.

i am still going to wipe and reinstall windows a few times just to make sure.

thanks for your help.
0
 
LVL 27

Expert Comment

by:Jonvee
ID: 24074805
You're welcome.
0

Featured Post

Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Let's recap what we learned from yesterday's Skyport Systems webinar.
Part One of the two-part Q&A series with MalwareTech.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…
Suggested Courses
Course of the Month8 days, 17 hours left to enroll

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question