Log in:
SEARCH
Register Now! It's FREE!
Members click here to Sign In!

more news
News
RECENT ANNOUNCEMENTS
RealPoor.com » Articles archive » Realpoor Trading Tutorials

Feb 20, 2009

Some virus cleaning tips

by rrich/Realpoor Trading Tutorials

Rate this article: [ 12 voters ]
COMMENT ARTICLE JOIN DISCUSSION WRITE ARTICLE WRITE ABOUT VIRUS


Hello peoples!
I just finished spending 2 days on fixing up a pals laptop that had the worse infection I have seen.
This will just be a short guide on how to eliminate some of the errors that were caused because of them and will hopefully help some people out.

!!!! YOU CAN LOSE INFORMATION BY MESSING UP, BE CAREFUL, I TAKE NO RESPONSIBLILITY !!!!



Some of this might need to be done in Safe-Mode. To get there hit F8 BEFORE the windows logo shows up when starting your computer. I normally just hit F8 repeatedly until it finally shows up. The regristy may also be needed. If you do not know what it is or how to get to it then you do not know enough about it for me to trust you with it. Google a tutorial for regedit.

1st issue encountered:
Windows XP would log out as soon as it logged in.
 
Turns out he tried to do his OWN fix and deleted userinit.exe. Copying the original from the Windos XP CD (named USERINIT.EX_ in the I386 folder) fixed the problem. In the registry it may have been changed to wsaupdate.exe so if copying the file over doesn't work. Try copying it and renaming it to wsaupdater.exe. If that works then you will need to search the registry and change the value. The copy can take place by putting your hard drive into another computer, or running the recovery console on the Windows XP CD.

This registry value should be set to userinit.exe
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonUserinit

After doing this explorer wasn't loading properly but I could log in and use ALT+CTRL+DELETE then select File -> Run New Task and type in explorer to get it to load up. The fix for this will be discussed later.

2nd issue encountered:
Couldn't run a proper virus scan because the Trojans hijacked the DNS and wouldn't let downloads / updates occur properly.
 
Two things to do here are use Hijack This to identify if you have any Unknown Winsock LSP entries. The one I found was ntdll62.dll which was doing redirects. This was removed using LSPFix with the "I know what I am doing" option..... don't use that if you don't know what you are doing Razz. WinSock XP Fix and SmitfraudFix are also great assets.
Next, had to clear the DNS cache. Start -> run and type in cmd. Then in the command window type ipconfig /flushdns.

This let me get online and get some scanners and update them!
You might need to see if you have a proxy set. Go to control panel -> Internet Options -> Connections -> LAN Settings and make sure that Automatically Detect Settings is checked and nothing else. If you know information that should be there and was given to you by an admin or ISP then use that instead.

3rd issue encountered:
Lots of Trojans / malware / spyware
Let programs do the dirty work for you! I suggest the following, and use more than one of them. Can't count on one program being able to fix everything.
Antivirus / Spyware/ Adware / Malware
SUPERAntiSpyware
Malwarebytes' Anti Malware
AVG Antivirus
Avast Antivirus
Dr.Web CureIt!
Spybot - Search & Destroy
Ad-Aware

Rootkits
Sophos Anti-Rootkit
Link to others:Best Free Rootkit Scanner/Remover

I would also suggest disabling system restore and the pagefile so that any lingering infections would be cleared out of them. Remember to enable them again when you feel you are infection free.
 
 4th issue encountered:
Explorer wasn't loading on login
 
Make sure that the registry is set to use the proper shell.
Set this key to "Explorer.exe" (no quotes needed)
HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionWinLogonShell
then run sfc from the command prompt to make sure all important system files are the correct versions. Decent instructions here: How to use the Scannow SFC tool in Windows XP. I would suggest creating a new user and logging in to check and see if it is a Profile thing or not. If the new user logs in fine and you don't... you have profile issues. I also like to think that creating a new user makes windows do the necessary things to make sure that it load properly on 1st login and that it may repair missing registry entries. BUT that is just somehting I like to think and have no proof that it actually occurs Rolling Eyes

Hopefully this helps some of you out in the future!
The problems I had were much more severe and required LOTS of registry searching and editing, but it is hard to give a short guide on how to navigate and fix a registry. So... best of luck to you if that is what you need to do!

If you have any other usefull ideas then add them to a comment!

Important notification about information and brand names used in this article!

Author's biography

Author's bigraphy is not available.



COMMENT ARTICLE JOIN DISCUSSION WRITE ARTICLE WRITE ABOUT VIRUS

Comments
The following content represents the opinions of RealPoor.com users. It does not represent views and opinions of RealPoor.com and its owners.

Posted 15/04/09 - 08:38 by windshell
Avast does great job for me. I also have Zone Alarm firewall and I run SuperAntispyware occasionally.
Posted 13/04/09 - 20:26 by draiklord
Sooo useful!! *runs to use the tips on laptop thats been infected*
Posted 15/03/09 - 11:16 by LostMK
Also: as far as the best PAID protection, you may want to consider "PrevxEDGE" @ http://www.prevx.com
Posted 21/02/09 - 04:59 by Dethblood
Hey guys if your looking for Amazing quality computer cleaning software here is some programs i have been using for over 6 years.

Anti virus: Avast anti virus- 100 percent free home edition, daily updates and amazing security for all your needs, web, p2p, mail, network, msn. It constantly scans your computer in every way to keep you safe, 100 percent legit and great program.

Cleaners: CC cleaner is an amazing program to help clean your Internet files(temp, cookies, the usual), that IE and Firefox will often miss or not delete when asked for some reason. It also cleans registry but you should know that any registry cleaning program is dangerous to use if you don't know what its deleting or moving.

Tune up utilities 2009 - Really good low budget program used to clean and tune up your computers hard drive, De frags, registry, temp files, partial entry's, You name it, its got it. there's a 30 day trial you can get, and just get re downloading it every 30 days Razz, and its not limited use during the trial its full out. Good luck guys and contact me for technical support.
COMMENTS
Readers posted 4 comments for this article

Username:

Comment text

Visual confirmation

How many BLACK quadrates are available on the image below? [numeric answer only]



Answer: *

Image verification code explanation
Confirmation is necessary to make sure that you are a human being, rather than a program. Please read the question above carefully, then with same care take a look at the picture and answer the question. Please note that answer you enter is a case sensitive. On all general questions (e.g. background color) answer in lower case. In most cases, important notes regarding the answer will be written in question itself (e.g. numeric characters only) so read it carefully.


 
RELATED ARTICLES
 
 
FROM THIS AUTHOR
 
 
ARTICLE CATEGORIES
 
 
TOP RATED ARTICLES
 
 
POPULAR ARTICLES
 
 
POPULAR TAGS
 
age of conan best console game game review games gaming mmo mmorpg paypal pc playstation ps3 rating realpoor review runescape scam scammer screenshots top list trade trading video game video games video-games world of warcraft wow xbox xbox 360
 
AUTHOR'S PROFILES