Ad:

Viruses, Spyware and other Nasties Discussion Thread
Unsolved
Views: 1272

Jul 3rd, 2009

very infected hard drive need ALOT of help!

Expand Post »

Hello! I need alot of help with cleaning up this hard drive, Its a friend that said he needed some help with cleaning up his computer so i brought it over to my house and to my suprise it barely even starts up. (at first it did not) so i mounted his hard drive into my PC which is how i have it right now. when i first started it up windows it told me that it needed to check the hard drive and it did so after that i put it back into his computer and it actually started up... but it had many problems which i will list below.

Regedit is disabled by admin

Task manager is disabled by admin (I found a prgram to re enable but it only works for a limited amount of time)

The desktop background is locked and cannot be changed (the background is a fake warning that he needs to download an antivirus and that his computer is infected)

the taskbar has disappeared (i tried unlocking taskbar in properties and moving it up, windows key does not reaveal start menu)

multiple errors come up when the computer is booted

The PC restarts itself when the windows folder is up but i can access it and regedit from my PC when his is the slave drive so that is how i have been working on it.

and the computer obviously has alot of worms and trojans on it.

I hope you can help me out a bit... thank you for your time

Similar Threads

Hard drive or motherboard problem? in Troubleshooting Dead Machines
PLease how can I erase everthing on my hard drive and start as new on me Xp Dell Com. in Windows NT / 2000 / XP
External Hard Drive for RAM in Motherboards, CPUs and RAM
Cannot format hard drive due to virus in Windows NT / 2000 / XP
new Hard Drive not recognized in Troubleshooting Dead Machines

ownedswax

Reputation Points: 10

Solved Threads: 0

Light Poster

Offline

25 posts
since Dec 2007

Permalink

Jul 3rd, 2009

Re: very infected hard drive need ALOT of help!

Are you able to scan the drive with MBA-M and HJT as per the linky below?
http://www.daniweb.com/forums/thread134865.html

Give that a go, if possible. Post the logs and I'm sure someone will be happy to assist you further - bear in mind the holiday weekend here in the States......

--- It may be that a reformat would be the easiest option. Perhaps you could carefully save any important data on his HD beforehand - Of course this is risky.....

Best Luck

PhilliePhan

Moderator

Reputation Points: 171

Solved Threads: 106

Central Scrutinizer

Offline

1,575 posts
since Dec 2006

Permalink

Jul 3rd, 2009

Re: very infected hard drive need ALOT of help!

I can run a MBAM scan and did do that before i posted, but is there anyway i can set my HJT to a path so it scans the E: drive and not C: ??

and also I thought about doing a reformat and putting his data he wants still on my HD then transferring it back but i do not have the windows disks to do it

Last edited by ownedswax; Jul 3rd, 2009 at 11:08 pm.

ownedswax

Reputation Points: 10

Solved Threads: 0

Light Poster

Offline

25 posts
since Dec 2007

Permalink

Jul 4th, 2009

Re: very infected hard drive need ALOT of help!

Click to Expand / Collapse Quote originally posted by ownedswax ...

I can run a MBAM scan and did do that before i posted, but is there anyway i can set my HJT to a path so it scans the E: drive and not C: ??

Oops! I am so used to writing that sentence in various forums that I didn't even think about that!
HJT would have to be installed on the infected drive. Also, there are a few other tools at our disposal if need be.

Can you post the MBA-M Log so we can see what has been detected/removed?

I'll be away for most of the weekend, but I imagine one of the other volunteers will be able to assist you further.

Cheers

PhilliePhan

Moderator

Reputation Points: 171

Solved Threads: 106

Central Scrutinizer

Offline

1,575 posts
since Dec 2006

Permalink

Jul 5th, 2009

Re: very infected hard drive need ALOT of help!

ok so now i put the hard drive back in the infected computer because i was going to get a HJT logs because I could not figure out how to run the log to the slave drive and when it loads up i get to the windows login screen and when i click on the name to login it says loading personal settings then flashes to my desktop background for a short moment then says saving personal settings and goes back to the login screen, I tried safe mode, logging on as admin, pressing ctrl alt delete twice at login and logging in that way... any ideas??

ownedswax

Reputation Points: 10

Solved Threads: 0

Light Poster

Offline

25 posts
since Dec 2007

Permalink

Jul 5th, 2009

Re: very infected hard drive need ALOT of help!

Click to Expand / Collapse Quote originally posted by ownedswax ...

... any ideas??

Yes, but it involves a little work

One option is to burn a bootable Recovery Console CD. Here is a link to the ISO:

http://www.thecomputerparamedic.com/files/rc.iso

You'll then be able to poke around a bit for malware and run some commands such as CHKDSK etc....
See Also:
http://support.microsoft.com/kb/314058/

Frankly, I think you'll have better luck cleaning the HD with Trinity Rescue Kit
Again, you'll need to burn the bootable CD to use on the ill computer.
This will put many more options at your fingertips - Virus scans, pulling data off the drive and more. This would probably be the route I'd go. I'm not sure if there is any way to access System Restore via TRK, but that might be worth looking into. You'll probably need to explore the TRK site for usage options.

Let us know how you fare.

Best Luck

Last edited by PhilliePhan; Jul 5th, 2009 at 7:59 pm. Reason: The Usual.........

PhilliePhan

Moderator

Reputation Points: 171

Solved Threads: 106

Central Scrutinizer

Offline

1,575 posts
since Dec 2006

Permalink

Jul 13th, 2009

Re: very infected hard drive need ALOT of help!

im sorry for the delay to post back, i was on vaction... what type of disk would i use for that i have never made a bootable...

ownedswax

Reputation Points: 10

Solved Threads: 0

Light Poster

Offline

25 posts
since Dec 2007

Permalink

Jul 14th, 2009

Re: very infected hard drive need ALOT of help!

Click to Expand / Collapse Quote originally posted by ownedswax ...

im sorry for the delay to post back, i was on vaction... what type of disk would i use for that i have never made a bootable...

A CD should suffice.

If you need a tool to burn the ISO, I swear by:
http://www.imgburn.com/

Best Luck

PhilliePhan

Moderator

Reputation Points: 171

Solved Threads: 106

Central Scrutinizer

Offline

1,575 posts
since Dec 2006

Permalink

Jul 15th, 2009

Re: very infected hard drive need ALOT of help!

HI...........I think u r infected by viruses............
try "regrun" software to clean automatically or follow this manual procedure............

first open ur comp. in safe mode. then try to open "gpedit.msc" from run.If it open then see in "User configuration->Administrative Templates-> System->" u find many fields like "Prevent access to registry " etc. open it and click first disabled-> apply -> not configured-> apply->ok..
TaskManager field may find in ctlr+alt+del option which is above the system.
If this is not worked then open ur comp. in safe mode with command prompt.Go to c:\windows\system32 .see hidden files as dir /ah if no of hidden file is more than 7(these 7 are .manifest files) delete all except these 7 (.manifest files plz do not delete this...). No. of hidden directory should be 2 (dllcache and grouppolicy) also delete other directory except these.
for deleting hidden files.---------------
type in cmd ---------
attrib -s -h -r file_name
del file_name
u may to write these command every time....
U have to also disable process from msconfig then try above method for registry ,taskmanager,taskbar,cmd etc.
u also kill the process from cmd----------
tasklist
this will show all running processes...
tskill process_name(without .exe extension).
this will kill that prtcular process...

now if u have open ur registry then go to....

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
u may find userinit and shell .
double click in userinit.Delete all except "C:\windows\system32\userinit.exe" and in Shell delete all except "Explorer.exe"

be care full when doing these...

If u use regrun software ( search in google)
then u don't have to do these manually......

for more help....i m here...

Last edited by pushkar honey; Jul 15th, 2009 at 2:12 am.

pushkar honey

Reputation Points: 6

Solved Threads: 2

Newbie Poster

Offline

13 posts
since Feb 2008

This thread is more than three months old

No one has posted to this discussion for at least three months. Please let old threads die and do not reply to them unless you feel you have something new and valuable to contribute that absolutely must be added to make the discussion complete. Otherwise, please start a new thread in this forum instead.

Previous Thread in Viruses, Spyware and other Nasties Forum Timeline: Please help Worm Archive problem

Next Thread in Viruses, Spyware and other Nasties Forum Timeline: Major laptop slowdown

DaniWeb Message

Cancel Changes

User Name
Password