XP Activation error after manual clean of NICEWARE

HELP!!!!

I am running XP SP3.

Two days ago I managed to install an EXE that had a Trojan in it. Kaspersky did not pick it up pre installation.

After running Kapsersky, it appeared but would not get rid of it. The issue I have is called NICEWARE.

Basically it pops IE8 over and over again with adverts.

I did some research and saw that IFY.EXE was causing the issue.

I looked in MSCONFIG and it formed part of my Boot Up.

So......................

Switched into Safe Mode. Deleted IFY and all the others from TEMP and PRE FETCH.

Rebooted, rescanned and then Windows said I needed to activate my product.

Looked in Registry and it looks like something is stuck in SOFTWARE / CURRENT VERSION / RUN

Thus I now have two issues. I have attempted to get rid of IE8 using REVO but it did not seem to work. In fact I would say it failed half way through. Never seen REVO fail.

Thus I went in Control Panel, and I think IE8 has gone.................except lo & behold.............adverts popping in IE8.

Second part of crisis is that I cannot activate my genuine product.

I click activate, opens a blue window with two failed images, or at least I think they are failed images. Nothing happens, cant click anything, cant do anything with it in Safe Mode.

Really out of options.....................

Thanks

Julian
77SevenAsked:
Who is Participating?
 
neuroskunkCommented:
First of all, do this:
Input XP installation CD in tray.
Start - Run - sfc /scannow
After complete - reboot.
This command restore broken system files.
0
 
77SevenAuthor Commented:
Hi neuro skunk, I have removed my CD drive. I can go try borrow one, is there anyway I can get those files?

Is that what you think is wrong a broken sys file?

0
 
compaqusCommented:
I would recommend Spyboot to clean the system

 http://www.safer-networking.org/en/mirrors/index.html

Then we'll get to the activation part.

0
Cloud Class® Course: Python 3 Fundamentals

This course will teach participants about installing and configuring Python, syntax, importing, statements, types, strings, booleans, files, lists, tuples, comprehensions, functions, and classes.

 
johnb6767Commented:
Might be best to remove those problem files/RUN entries while the drive is slaved to another machine.
0
 
77SevenAuthor Commented:
Tried that from CD (borrowed a drive), it was struggling with DLLs.

I have just tried again...will update ASAP
0
 
77SevenAuthor Commented:
Its saying that files required must be copied to the DLL cache.

I have a CD drive attached via USB. It has my original gen CD in. I try RETRY, makes no differnce?

any ideas??
0
 
neuroskunkCommented:

Try to mount or unarchive iso image, but I afraid, sfc command too simple for asking location of files.

Also try to activate by Microsoft key update tool
http://www.microsoft.com/genuine/selfhelp/pkuinstructions.aspx

I dont advice you install any new third-party software in this situation.
And NEVER use more than one antivirus at time. It can lead to seriuos problems.
0
 
optomaCommented:
Download IE8 stanalone installer and install IE8 in safe mode with command prompt.
On reboot to normal mode, activation process should continue normally.
http://www.microsoft.com/windows/internet-explorer/worldwide-sites.aspx

Then run these in normal mode
Run TdssKiller and Hitmanpro.
http://support.kaspersky.com/viruses/solutions?qid=208280684
http://www.surfright.nl/en/hitmanpro

If still having issue run Combofix and post log here
http://www.bleepingcomputer.com/combofix/how-to-use-combofix


>Tools may be required to be downloaded on another machine and transferred via removable device

>If they still dont run, redownload them but rename them prior to saving them
0
 
77SevenAuthor Commented:
None of it worked. I had to rebuild machine. Gutted....

Great advice though
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.