From: Gary L Greco on 9 Jan 2010 20:00 It started about 3 weeks ago . I thought it was a virus, one day i had trouble after installing the demo version of CU3 Adobe package of products for testing out illustrator. My machine became slow and unresponsive ,so i uninstalled it and many other programs as well. I tried to run a restore and it kept givning me the error that it could not complete the task and needed to restart. I thought it was a virus and tried to acess mc afee online to run a scan and it would not alow me. So i removed all files i could remember installing before that date, Dec 12th.I ran another scan from another virus scanner and found some small questionable files erased them and still no big improvement. I still could not go into safe mode no matter how i tried, i then tried the recovery console and used the FixMBR and FIX boot , seeing if i could restore what appears to be a corupted mbr and now it won't boot into windows at all. It just gets to the windows logo passing the f8 selection like it wasnt there at all and restarts all over again.MAP shows all the correct partitions and drives. Any ideas on what i can do? Saside from removing the drive and installing it into this pc and running a virus scan to see if i can repair it? Sounds like a virus or corrupt upgrade, or both. My luck both...:) Gary L Greco
From: Rich Barry on 10 Jan 2010 00:06 Gary, you could try a procedure that I have found works if you have System Restore points that go back before this started. Just connect the problem drive up to your working PC. Then go Windows Explorer>Tools>Folder Options>View. Check " Show hidden files and folders". Uncheck " Hide protected Operating System files". Then go to X:\System Volume Information\restore\RPfolder\Snapshot Folder. X=Your problem drive. RPFolder will be numbered ie: RP1. Copy the first five files after the Repository Folder. Then go to X:\Windows\System32\Config Folder. When Config folder is open create a new folder. Then move SYSTEM, SOFTWARE, SAM, DEFAULT and SECURITY files that already exist there to new folder. Now paste the five files you copied from Snapshot Folder. Rename each file by removing REGISTRY_MACHINE_ from each file. You should now have a recent working Registry. Recent being keyword. If you used the five files in the Repair Folder it will put you back to the registrys original state when first installed. Note: Usually you will see a few if not many RP folders. Choose the Fifth most recent. So if your most recent RP Folder is numbered RP20 then choose RP15 to select the registry files. Or in your case go back before the problem occurred. "Gary L Greco" <garylgreco(a)hotmail.com> wrote in message news:21A942D5-500F-4C9E-B797-C8D5FF418517(a)microsoft.com... > It started about 3 weeks ago . I thought it was a virus, one day i had > trouble after installing the demo version of CU3 Adobe package of products > for testing out illustrator. My machine became slow and unresponsive ,so i > uninstalled it and many other programs as well. I tried to run a restore > and > it kept givning me the error that it could not complete the task and > needed > to restart. > I thought it was a virus and tried to acess mc afee online to run a scan > and > it would not alow me. So i removed all files i could remember installing > before that date, Dec 12th.I ran another scan from another virus scanner > and > found some small questionable files erased them and still no big > improvement. > > I still could not go into safe mode no matter how i tried, i then tried > the > recovery console and used the FixMBR and FIX boot , seeing if i could > restore > what appears to be a corupted mbr and now it won't boot into windows at > all. > It just gets to the windows logo passing the f8 selection like it wasnt > there > at all and restarts all over again.MAP shows all the correct partitions > and > drives. > > Any ideas on what i can do? > Saside from removing the drive and installing it into this pc and running > a > virus scan to see if i can repair it? > > Sounds like a virus or corrupt upgrade, or both. My luck both...:) > > Gary L Greco
From: Gary L Greco on 11 Jan 2010 20:06 thaks Barry i did get up and running ,i had run a bootcfg/rebuild, Still trying toget the virus off it. Win32/Vundo is what the iobit security scanner found,my mcafee wont run at all. It just keeps reinstalling it, this is going to be...not....! Thanks Gary -- Gary L Greco "Rich Barry" wrote: > Gary, you could try a procedure that I have found works if you have System > Restore points that go back before this started. Just connect the problem > drive up to your working > PC. Then > go Windows Explorer>Tools>Folder Options>View. Check " Show > hidden files and folders". Uncheck " Hide protected > Operating System files". Then go to X:\System Volume > Information\restore\RPfolder\Snapshot Folder. X=Your problem drive. > RPFolder will be numbered ie: RP1. > > Copy the first five files after > > the Repository Folder. Then go to X:\Windows\System32\Config Folder. When > Config folder is open create a new folder. Then > > move SYSTEM, SOFTWARE, SAM, DEFAULT and SECURITY files that already exist > there to new folder. Now paste the five files you copied from > > Snapshot Folder. Rename each file by removing REGISTRY_MACHINE_ from each > file. You should now have a recent working > > Registry. Recent being keyword. If you used the five files in the Repair > Folder it will put you back to the registrys original state when first > installed. > > Note: Usually you will see a few if not many RP folders. Choose the Fifth > most recent. So if your most recent RP Folder is > > numbered RP20 then choose RP15 to select the registry files. Or in your > case go back before the problem occurred. > > > > > > > > > > > "Gary L Greco" <garylgreco(a)hotmail.com> wrote in message > news:21A942D5-500F-4C9E-B797-C8D5FF418517(a)microsoft.com... > > It started about 3 weeks ago . I thought it was a virus, one day i had > > trouble after installing the demo version of CU3 Adobe package of products > > for testing out illustrator. My machine became slow and unresponsive ,so i > > uninstalled it and many other programs as well. I tried to run a restore > > and > > it kept givning me the error that it could not complete the task and > > needed > > to restart. > > I thought it was a virus and tried to acess mc afee online to run a scan > > and > > it would not alow me. So i removed all files i could remember installing > > before that date, Dec 12th.I ran another scan from another virus scanner > > and > > found some small questionable files erased them and still no big > > improvement. > > > > I still could not go into safe mode no matter how i tried, i then tried > > the > > recovery console and used the FixMBR and FIX boot , seeing if i could > > restore > > what appears to be a corupted mbr and now it won't boot into windows at > > all. > > It just gets to the windows logo passing the f8 selection like it wasnt > > there > > at all and restarts all over again.MAP shows all the correct partitions > > and > > drives. > > > > Any ideas on what i can do? > > Saside from removing the drive and installing it into this pc and running > > a > > virus scan to see if i can repair it? > > > > Sounds like a virus or corrupt upgrade, or both. My luck both...:) > > > > Gary L Greco > > > . >
From: Daave on 11 Jan 2010 20:26 Last week, I removed a Vundo infection from a friend's PC. I used rkill.com and MBAM, using the directions here: http://www.bleepingcomputer.com/virus-removal/remove-vundo-virtumonde Note Step #8. Since Vundo deletes a core component of MBAM, you need to download *two* files: http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe http://mbam.malwarebytes.org/program/random.php Afterwards, I ran an online scan. Here are two choices: http://housecall.trendmicro.com/ http://www.eset.com/onlinescan/ IMO, you should uninstall McAfee (it is overrated and taxes system resources and costs money.. and apparently didn't catch your infection!), being sure to use their removal tool: http://service.mcafee.com/FAQDocument.aspx?id=TS100507 and use the free version of Avira AntiVir in its place: http://www.free-av.com/ Also, uninstall MBAM (the reason is included on the Bleeping Computer page) and reinstall it: http://www.malwarebytes.org/mbam.php Choose the free version. Keep it updated. Perform regular scans. Also, keep your Windows XP patched. Just make sure to select the critical security updates. You can configure Automatic Updates to inform you whenever new updates are available. You can also regularly visit this page: http://windowsupdate.microsoft.com/ Gary L Greco wrote: > thaks Barry i did get up and running ,i had run a bootcfg/rebuild, > Still trying toget the virus off it. > Win32/Vundo is what the iobit security scanner found,my mcafee wont > run at all. > It just keeps reinstalling it, this is going to be...not....! > > Thanks > Gary > >> Gary, you could try a procedure that I have found works if you have >> System Restore points that go back before this started. Just connect >> the problem drive up to your working >> PC. Then >> go Windows Explorer>Tools>Folder Options>View. Check >> " Show hidden files and folders". Uncheck " Hide protected >> Operating System files". Then go to X:\System Volume >> Information\restore\RPfolder\Snapshot Folder. X=Your problem drive. >> RPFolder will be numbered ie: RP1. >> >> Copy the first five files after >> >> the Repository Folder. Then go to X:\Windows\System32\Config Folder. >> When Config folder is open create a new folder. Then >> >> move SYSTEM, SOFTWARE, SAM, DEFAULT and SECURITY files that already >> exist there to new folder. Now paste the five files you copied from >> >> Snapshot Folder. Rename each file by removing REGISTRY_MACHINE_ from >> each file. You should now have a recent working >> >> Registry. Recent being keyword. If you used the five files in the >> Repair Folder it will put you back to the registrys original state >> when first installed. >> >> Note: Usually you will see a few if not many RP folders. Choose the >> Fifth most recent. So if your most recent RP Folder is >> >> numbered RP20 then choose RP15 to select the registry files. Or in >> your case go back before the problem occurred. >> >> >> >> >> >> >> >> >> >> >> "Gary L Greco" <garylgreco(a)hotmail.com> wrote in message >> news:21A942D5-500F-4C9E-B797-C8D5FF418517(a)microsoft.com... >>> It started about 3 weeks ago . I thought it was a virus, one day i >>> had trouble after installing the demo version of CU3 Adobe package >>> of products for testing out illustrator. My machine became slow and >>> unresponsive ,so i uninstalled it and many other programs as well. >>> I tried to run a restore and >>> it kept givning me the error that it could not complete the task and >>> needed >>> to restart. >>> I thought it was a virus and tried to acess mc afee online to run a >>> scan and >>> it would not alow me. So i removed all files i could remember >>> installing before that date, Dec 12th.I ran another scan from >>> another virus scanner and >>> found some small questionable files erased them and still no big >>> improvement. >>> >>> I still could not go into safe mode no matter how i tried, i then >>> tried the >>> recovery console and used the FixMBR and FIX boot , seeing if i >>> could restore >>> what appears to be a corupted mbr and now it won't boot into >>> windows at all. >>> It just gets to the windows logo passing the f8 selection like it >>> wasnt there >>> at all and restarts all over again.MAP shows all the correct >>> partitions and >>> drives. >>> >>> Any ideas on what i can do? >>> Saside from removing the drive and installing it into this pc and >>> running a >>> virus scan to see if i can repair it? >>> >>> Sounds like a virus or corrupt upgrade, or both. My luck both...:) >>> >>> Gary L Greco >> >> >> .
|
Pages: 1 Prev: XP Suddenly Runs Sloooower.. Next: XP in a start up loop |