Solved

conficker virus?  a computer will not let me load norton properly or use windows home to reinstall

Posted on 2009-04-04
11
656 Views
Last Modified: 2013-11-08
i have a computer that was working fine until yesterday.

norton internet security 2007 ended so, i undinstalled and installed 2009
well, norton 2009 would not install.

i then lost all of my drivers to the internet, windows xp home layout - it went to calssic view.

i thought system restore - it said it was not installed
i tried windows firewall - also not installed

i tried starting with the windows xp home cd to repair - it keeps asking me
what to do, i type in 1 to select the C:/ drive
it then asks what do i want to do - i click help and nothing says restore windows
it just gives the info such as copy : delete : fixboot : mkdir: etc

could this computer be infected and will i need to do a fresh install? [ format and install? ]

i have no clue as to what is going on.

thanks
0
Comment
Question by:webdott
  • 3
  • 3
  • 3
  • +2
11 Comments
 
LVL 8

Expert Comment

by:skywalker39
ID: 24068849
Hi webdott,

I would try scanning some free anti-virus & anti-spyware applications first. I would try AVG Anti-Virus, Malwarebytes and SUPERAntiSpyware. I would do a complete scan in normal Windows, if normal Windows fail, I would try them in safe mode. If your still having problems I would format and do a fresh install.

Here's the links:
http://free.avg.com/
http://www.malwarebytes.org/
http://www.superantispyware.com/
0
 
LVL 4

Expert Comment

by:blissbear
ID: 24068852
If you can still boot into windows, press F8 on boot before you see the windows logo and boot into "Safe Mode with netoworking".  Log into an account with Administrator access.  This will prevent most viruses from loading.

You can then attempt to install your antivirus software.

I would recommend Avast! antivirus (http://www.avast.com/index.html) as it allows you to scan the system from a very low level on boot before windows GUI loads.
0
 

Author Comment

by:webdott
ID: 24068888
i have tried the safe boot and it will not let me load any usb drives, dvd's, there are no internet connections.
i have malwarebytes, but i can not get it onto the system do to the system not letting me put any usb device in or interent. i have tried cd as well.
virus maybe?
 
0
 
LVL 8

Expert Comment

by:skywalker39
ID: 24068928
If you booted in safe mode only, you won't be able to get online, if you boot in safe mode with networking you will be able to get online.
0
 

Author Comment

by:webdott
ID: 24068967
skywalker39
thanks i will try safe+networking
 
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 
LVL 33

Expert Comment

by:Dave Howe
ID: 24069695
there is a simple test for conficker here:

http://www.confickerworkinggroup.org/infection_test/cfeyechart.html
0
 
LVL 8

Accepted Solution

by:
skywalker39 earned 250 total points
ID: 24069730
If you are infected with the conficker worm, here's a link from symantec, there is a tool that you can run to remove it.
http://www.symantec.com/norton/theme.jsp?themeid=conficker_worm&inid=us_ghp_promo_conficker_worm
0
 
LVL 27

Expert Comment

by:Jonvee
ID: 24070393

Hopefully Safe + Networking will have worked.   If it does, advise running Malwarebytes.

If it will not run, try renaming it *before* saving it to your desktop.  As you're having difficulties downloading it try downloading to another machine, then into a USB memory stick (or equivalent).  Rename it first, and only then connect to the infected machine.

Another possible option is to see if you can run the Stinger which is a utility that cleans the system of viruses, that block anti virus software.   You may also need to download to a 2nd machine then rename Stinger in the same way>
http://vil.nai.com/vil/stinger/

If you can report back on whether you can run a scanner at this stage, we can advise the next move.  It may well be to run ComboFix .. details later, if required.

0
 
LVL 27

Assisted Solution

by:Jonvee
Jonvee earned 250 total points
ID: 24070429
After re-studying the question, and assuming you may still have problems, suggest you try and install Trend HijackThis 2.02:
http://majorgeeks.com/Trend_Micro_HijackThis_d5554.html

Create a folder where you would like the HijackThis file to reside and run it from there, not from the Desktop or a temporary folder.
Run the scan & save the logfile.  Then click the "Attach Code Snippet" box, paste the logfile into the "Code Snippet" page and then it can be analysed.
From the analysis we can decide more accurately whether ComboFix or any other Tool is needed.

At some later time you may find it very beneficial to completely remove Norton Internet Security 2007, if it wasn't removed cleanly the first time:

Norton Removal Tool (SymNRT) 2009.0.5.26:
http://www.majorgeeks.com/Norton_Removal_Tool_SymNRT_d4749.html
0
 

Author Closing Comment

by:webdott
ID: 31566640
it was the conficker.

i split the points because the hijack this helped me
and the removal FIXdownup from norton removed it.

i am still going to wipe and reinstall windows a few times just to make sure.

thanks for your help.
0
 
LVL 27

Expert Comment

by:Jonvee
ID: 24074805
You're welcome.
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Join & Write a Comment

SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now