Results 1 to 6 of 6

Thread: Help with spyware/virus/trojan

  1. #1
    Junior Member
    Join Date
    Mar 2006
    Posts
    12

    Help with spyware/virus/trojan

    I am not too sure the right place to post my problem, please let me if this is not the right forum for help.

    I have a 5 years old Toshiba Satelite 5100 laptop, one night I had the blue screen of death, and hard drive died. no bootable can read the drive.

    I bought a sega 80g drive and reinstall the XP home from the recovery disk, but once I connect to Internet, I got some virus/spyware/trojan, display some popup, one is "Your computer is infected, windows has detected spareware infection which corrupted the registry.." and ask me to go to registrycleanerxp.com, which I believe it's a spyware site.

    I repeated to format drive and reintall homeXP a few times, still could not get rid of those virus/spyware/trojan, is my BIOS infected? or somewhere?

    I use free online Trendmicro Housecall to scan the pc, and found the following virus/spyware/trojan

    Troj_xpack.GR
    TROJ_AGENT.NID
    WORM_SDBOT.AWG
    WORM_NACHI.A

    and the Housecall can not clean those virus/spyware/trojan (coz it's free??), so I went to do the manual clean, but some registry key can not be deleted, especially the LEGACY_WLMSNGR under HKEY_LOCAL_MACHINE>CurrentControlSet>Enum>Root, and I can not kill this service in Task Manager process, (end process and come back righ away).

    Please help me, I am desperated!
    Last edited by RedButton; May 18th, 2007 at 04:55 PM.

  2. #2
    Senior Member
    Join Date
    Oct 2005
    Posts
    197
    Use hijackthis to find the registry keys. Use killbox to delete on reboot. Boot into safe mode scan the system with a good anti virus. Maybe even adaware.

    If you find a system file that you can't get rid of google the file name. It will probably pull up a form with people talking about how to clean it and the steps to take.

    That should do it. If you need help just post.
    meh. -ech0.

  3. #3
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    Any servicepacks installed with XP?

    If you just installed from an old XP CD, turn on the build in firewall before going online, before SP1 it wasn't turned on by default. First thing to do online is windows update.

    The popup you are describing is usually found on dubious sites. Update first and keep away from that site.
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  4. #4
    Junior Member
    Join Date
    Mar 2006
    Posts
    12
    Thanks for the help.

    1st I want to make sure my BIOS is fine, I hears some nasty stuff can get into BIOS.

    To SirDice:

    The Old CD come with SP1, and I forgot to mention that I can not get windows update. when I go to windows update site, it's just sitting there, and some time giving me the RUNDLL and then everything frozen and I have to turn power off. And the sound of power off is kind of weird.

    To ech0:

    How do you do "Use hijackthis to find the registry keys. Use killbox to delete on reboot.", please give me some details.

    So what I will do when go home:

    reformat, reinstall

    turn firewall on and scan in safe mode

    also I have a XP pro copy and it's strange that when I install from the Pro CD, it failed when copying Drivers.CAB, but it's ok when I launch in XP home and do upgrade.

  5. #5
    Senior Member IKnowNot's Avatar
    Join Date
    Jan 2003
    Posts
    792
    and the Housecall can not clean those virus/spyware/trojan (coz it's free??)
    Maybe because the file(s) are in use and can not be accessed?
    Maybe the file(s) just can't be cleaned at all and need to be deleted?

    I repeated to format drive and reintall homeXP a few times, still could not get rid of those virus/spyware/trojan, is my BIOS infected? or somewhere?
    If you think that is the case, what bios version are you running? Is it the latest for that machine?

    While you are at toshiba's site looking for the latest bios ( using a known clean machine ) you might also want to download any other applicable updates and burn them to a disk or usb.

    When I have to rebuild a machine, or for that matter build a new machine, I get all the updated drivers, etc. before I begin the rebuild process. Save them to disk, virus check everything, then begin my rebuild and install all necessary upgrades before I make any physical connection to the Internet. ( Even SP2 can be downloaded and put on disk. )

    Then, as SirDice said, make sure the firewall is running then run windows update before going anywhere else on the net.

    edit: Before you ask, try here: Windows XP Service Pack 2 Network Installation Package for IT Professionals and Developers
    Last edited by IKnowNot; May 18th, 2007 at 07:41 PM.
    " And maddest of all, to see life as it is and not as it should be" --Miguel Cervantes

  6. #6
    Junior Member
    Join Date
    Mar 2006
    Posts
    12
    Thanks.

    What I did is using the old recovery disk, since it has all the drivers,etc. Then connected to MS and Toshiba site to do updates.

    You are right, I should patch everything then go to Internet ( Sometimes just lazy.

    Mostly I am worried about the BIOS infected, but look at those spayware/worm names, maybe that' not the case, hopefully.

    can I get all the patch/security for MS to burn CD from the site Windows XP Service Pack 2 Network Installation Package for IT Professionals and Developers ?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •