Avatar of columbiaG
columbiaG
Flag for United States of America asked on

windows xp issue

A user seems to have downloaded something that appears to be running in the background. I am not allowed to restore to any date (even in safe mode) and the antivirus (SEP12) didn't stop it.

It slows the pc to the point that it will not do anything and the operation in safe mode does not seem to allow any repairs. My only option seems to be a reformat and install again

Suggestions for alternatives ??????
Microsoft Legacy OSWindows XP

Avatar of undefined
Last Comment
columbiaG

8/22/2022 - Mon
ASKER CERTIFIED SOLUTION
jgerbasi

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
lee555J5

I would try a pre-Windows malware scan. Try one of these:
AVG boot cd
Kaspersky
F-Secure

Lee
Honez

It would probably be faster to re-image the machine, plus you would be 100% sure that you removed whatever it is off the machine.  Security is the #1 priority.

But if you really want to fight this thing, remove the drive and slave it to another computer and do a complete virus scan, you can also do other disk utilities such as defrag... also scan it with malwarebytes

Enable hidden folders and browse to the following

C:\docs and sets\%username%\cookies
Delete the entire folder

c:\docs and sets\%username%\local settings
Delete the following folders
Temporary internet files
temp

c:\windows\temp
empty the temp folder

You can then put the disc back in the host computer and boot from it.  If it is still slow, you can try Rkill, followed by and immediate scan by malwarebytes, or something else.  You should be able to see what processes are running via the task manager, or if you are really stubborn you can use process monitor

Like I said originally, it would be faster/safer to re-image, but I am always up to a good challenge.  Plus it would be nice to know exactly what they did.  Remember to restrict their rights in the future.   If you have a ghost cast server set up, you can get the re-image process down to about 40 minutes.

Hope to hear how it goes.
Darr247

That's the only symptom... taking up all the CPU time so it's unusable?

Did you try killing the process in Task Manager on the Processes tab before it makes it to that point?
This is the best money I have ever spent. I cannot not tell you how many times these folks have saved my bacon. I learn so much from the contributors.
rwheeler23
columbiaG

ASKER
MBAM seemed to have worked, but if this is found not to be enough, installing a new image will be next....thanks for the help