Spyware - Messed up XP

I've removed some sort of fake antivirus/firewall malware using SuperAntiSpyware which found and removed around 5900 bits and pieces and which seemed to have cured things.

However, on a reboot I can't run most programs. They either throw up an access denied error or a rundll32.exe missing (which I replaced without improvement) and just downright refusals to run.

I can't run things like Combofix at all and am at a bit of a dead end.

Anything to suggest that might help?
alfaroAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

kennyhenaoCommented:
If you can't do a system restore, then you will need to repair the OS using the XP CD.
0
alfaroAuthor Commented:
I think you're probably right..
0
kennyhenaoCommented:
One thing I would check on the dll file is that the security is correct.
Local admins, users and SYSTEM have read and read/execute only.

Trusted installer have full control.
0
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

mmarx82Commented:
You can try "sfc /scannow" from command prompt.
0
alfaroAuthor Commented:
Well, things have got worse. I used ERD Commander to boot the system so I could use system restore which I set back  to 1st April 2010. This worked but now the pc boots into a new user account and the old one as far as I can tell is still there but I can't open it as no program is associated with it.

It should open (I'm guessing with File Folder) but how do I go about getting this to open?

dc
0
David-HowardCommented:
Have you attempted to open the folder in Safe Mode? Perhaps you can boot into Safe Mode, log on as the Administrator and then locate and open the folder(s) that you need access to.
If possible I would copy the needed user data from this system and then start with a new OS load. 5000+ pieces of malware, etc. obviously means the system was/is heavily infected. At some point you have to ask yourself if you are certain that the system is truly clean. In these instances I've found it more advantageous to copy user data and perform a reload. In the end it saves me time and I have piece of mind that the system is clean.
0
alfaroAuthor Commented:
I can't seem to boot into safe mode. It just hangs on mup.sys..

dc
0
alfaroAuthor Commented:
In the meantime I've managed to install and run Malwarebytes which removed another 800 items and finally managed to get Combofix going and it detected a rootkit and after a reboot is running through it's stages..

I'll get back shortly..

dc
0
alfaroAuthor Commented:
The pc is working fine now but there is no sign of the missing user account data. Even GetDataBack can't find any trace of it...

Undoing system restore didn't help either..

dc
0
alfaroAuthor Commented:
Finally managed to copy the missing user data into the new user account after looking through the ErdUndoCache which seemed to have all the things that had gone walkabout. I thought this was created by using an Emergency recovery disk but all I did was run system restore..

Anyway, the pc is back where it was a few days a go but without the spyware infection and I didn't need to reinstall Windows or even repair it..

dc
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Anti-Virus Apps

From novice to tech pro — start learning today.