Can't Restart My Computer Worm.Win32.NetSky?

Also, this is a laptop, Windows XP Media Center Edition, no floppy drive.

When I choose boot in safe mode, boot normal, or use last known good settings, it starts to load then goes back to the screen giving me the booting options.

I tried pressing ESC while it was loading, and then changing the settings in that menu back to default. This didn't seem to do anything.

Thanks for the help

I found on the internet that HP which let you hold F11 during startup, which will take you to the System Recovery Partition. This worked, and I followed the steps and now it's making backup files. I'm assuming this is going to take a while. Also, I should mention, I have the Windows XP CDs, but not with me. I won't be able to get my hands on them for about a week. I read some things about downloading boot CDs from the internet. Are these safe options, and are there any recommended sites to get these from?

ok, well system restore worked. I have no idea where it restored me to.. I seem to still have all my files, but it did something to my programs. It made me setup windows again. So I think I need to tell it where my programs are or something.

As for now I have MBAM running off of my flashdrive. So at least I can use the computer, but I'm afraid to really do much on it.

What other malware programs should I be trying to run?

Thanks

Hi travs1, short handed here, sorry you had to navigate this stuff alone. For the moment do the MBA-M and allow it to remove everything it finds. Post back here with it's log. We can decide where to go and what to do after that.
Judy

Right now MBAM is the only scanner I have. System Restore screwed with everything, and although the computer is running faster, all of my programs aren't installed/ the location has been changed since I created a new username. I believe that's what happened. Either way, I'm just happy I can get the computer turned on.

Here is the log from the MBAM scan, let me know what I should do next.

Thanks a lot

Here is the log:

Malwarebytes' Anti-Malware 1.44
Database version: 3510
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

1/13/2010 1:41:25 AM
mbam-log-2010-01-13 (01-41-25).txt

Scan type: Full Scan (C:\|D:\|F:\|)
Objects scanned: 265530
Time elapsed: 2 hour(s), 11 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Mo Problems\Local Settings\Temp\tdfdld.exe (Trojan.Hiloti) -> Quarantined and deleted successfully.
C:\BunnyFix\Combo-Fix.sys (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\kbd8trmp.dll (Trojan.Hiloti) -> Quarantined and deleted successfully.

What the recovery partition does is restore the computer back to original factory state, which is probably why things look and work differently. It is likely you won't be able to get back the additional programs you had on there, or any of the files you may have had as the restore would have wiped them off. Don't know what version of XP you had on there...did you keep it updated? If so, you will likely have to download all updates again.
Right click My Computer and choose properties, that first page that shows will tell you what Service Pack is now loaded. It will say XP SP...something...1, 2 or 3.
You also may need to update any drivers you may had updated in the past.
You ABSOLUTELY, POSITIVELY need to get an anti-virus program on there ASAP. I would recommend that you download, install, update and then do a full scan with Avira Free. It is an excellent anti-virus program. When it updates it does have a large pop-up add that comes up...the only thing I ever hear people complain about with this program. Me? I like it, shows me the program has updated. When it pops up "X" out of it with the "X" in the upper right corner. You need to do this to be certain there are no other infections on there. After you do that then you need to update Windows by going to Windows Update. Until you do this your computer is still at risk because of security issues that the updates will take care of.
Judy

Avira is running right now.

I'm going to try to see if I can figure anything out about my old files. They're all still there and I have access to them. But because of the restore I had to create a new username for windows. I suppose that's what you would call it. Either way, all my stuff is installed to the old windows folders, so I doubt I can move it. I will probably have to delete everything and then reinstall it to the new windows folder.

Right now when I go into my computer and click on my documents, I click on my name, and then I get another set of folders showing My Documents, and then I have to click on my name again then I can finally get to my stuff.

I doubt that's a very clear explanation of what I see, but that's not too important. It's just going to be a hassle to have to get everything organized again.

Anyway, I'll let you know what Avira finds later today or tomorrow.

Thanks for the help

Don't dump anything, I will refer this to others, maybe I can get a solution for you to get all your "stuff" out of the old user files.
By the way, you should also Update MBA-M and run a new Full Scan with it. I didn't notice that your database was out of date during your last scan. Update and do it again, post that log here after a reboot.
Judy

I've done a few scans with Avira and MBAM. They have all found something except for the last scan I ran for each.

What is Avira doing with the files it's found though? I think it's found 9 files or so, but as far as I can tell they've only been quarantined. Do I need to manually delete these files?

And as for my programs, they're still there as far as I can tell. But I think they just aren't installed to my current version of windows. I meant I was planning on deleting them from the old windows, and installing them all over. If there is a better solution so I can just delete this new windows that I've started then that's great. I would like to do that instead. Right now I can see, and even access my files, assuming I have a program that is able to open them, even if it isn't my prefered program.

I'm going to post the most recent MBAM scan I've done. I think there are two or three in between that I could post if you want to see those too. It said it removed everything in those though.

Thanks for all your help,

This is the most recent MBAM scan I've done:

Malwarebytes' Anti-Malware 1.44
Database version: 3572
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

1/15/2010 6:51:19 PM
mbam-log-2010-01-15 (18-51-19).txt

Scan type: Full Scan (C:\|D:\|F:\|)
Objects scanned: 270467
Time elapsed: 2 hour(s), 15 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

If I were you I would just reinstall your programs, this might bring everything back up to date. I wouldn't go as drastic as redoing Windows, unless that is what you want to do. This would also mean of course that you WOULD lose all your files. I think the way to go is, keep the Windows as is for now, reinstall the programs you need to access your files, if that doesn't work then you do have the option to reformat and reload.

I've been having some problems with other things now that I've been back at school, so I just reformatted.

Now my question is, how do I get rid of the Microsoft Office Trial Version? I've tried add/remove, and Revo Uninstaller. In fact I tried both of these before I formatted and after. And no luck.

I own the full version so I want to get rid of this so I can install the version I've purchased. Any suggestions?

Thanks for all your help.

Try the steps given in this link for the manual removal. Sounds to me like a very common problem.
http://support.microsoft.com/kb/928218

Here's another link to look at

http://support.microsoft.com/kb/971179

Please help! I have worm win32Netsky on my computer and the removal tool is not finding it either in regular or safe mode. I can't get to system restore because all my programs are locked up. I am in safe mode now, just staring at it (it's a second computer but I desparately need the info on it.) That darn AVG antivirus let it in. I have a Norton's 360 disk but it won't let me install it. Can anybody help? Thanks a million, Barbie

Barbie, you need to begin your OWN thread, stating all your problems. You cannot receive help by hijacking another persons thread.
This thread is 6 months old and the original poster did not return

Sorry about not changing the subject line in my first post. I have worm win32Netsky on my computer, and I downloaded a removal tool and it's not working either in regular or safe mode (it says it can't find it). I cannot get into system restore to shut it off or any of my programs, for that matter. I have stuff on this computer I desparately need - can anyone help? I was using AVG antivirus when this happened; I have Norton's but it won't let me install it. Please help! Thanks a million, Barbie

Barbie, you need to begin your OWN thread, stating all your problems. You cannot receive help by hijacking another persons thread.
This thread is 6 months old and the original poster did not return

How do I change the subject line? I'm new to this forum.

Thanks, Barbie

Barbie Go here http://www.daniweb.com/forums/thread134865.html follow instructions as well as computer will let you.try to run scans in normal mode if possible. Then go to the bar just above the read me first instructions and you will see start a new thread click there, post logs in the requested manner copy/paste. please be patient as we are short on volunteers due to summer activities.Later---

OK, Ill try that - thank you :)

Barbie