Antivirus XP 08, Rootkit, Trojan.gaslide. PC infested.

Status
Not open for further replies.
i cant get it to boot off memtest. i used f2 to change the boot order to cd rom first, and also have tried using f10 to choose boot cd first. i can hear it reading the cd, but then it just goes on like it normally would if you left a regular music cd in....
does it matter that i downloaded memtest with vista, and not xp? becuase i could try again with a pc with xp...
 
i edited the boot order so that it went cd rom, cd rom, cd rom, harddrive.
no luck in three tries.
i edited it so that it went cd, cd,cd,cd, and it finally booted the disc. its scanning right now.
 
xxdanielxx I haven't even read the thread in full
Now, I know instead of this message, I could have!

But maybe after the Mem Scan, there can be a write up of

What is the current fault
What has been tried
Any other further info

In a few lines!
This thread is just too big!
 
there is nothing much just removing malware last thing he tried to run was combofix. But he could not run it so he rebooted and the loops started to happen first thought was he corupted the reg but he cant even get into the recovery console so that points me to bad hardware
 
Yep

I'd say HardDrive
Best to backup (externally to another computer, mounted as a slave)
Then install Windows clean
Why?
Because this will eliminate Hardware
 
how do i backup using another computer?
also, i have an external hardrive i use for my laptop, not sure if that helps any, but i figured i should say it...
 
You need to physically remove your existing (possible faulty) HardDrive
Then go to a Desktop computer
Unplug the Slave ( being the CD/DVD drive)
Plug in your HardDrive

Boot from the Desktop normally
But in "My Computer" the Desktop will now have 2 Drives (C drive, and yours)
You can then "back up" your drive
 
do i have to worry about the hardrive giving the other computer any of the malware that infected the first one?
also, can i just reinstall windows without backing it up? i realize i would lose everything stored on the hd, but i might be able to convince my father (its his pc) to do it....i don't think he had anything vital on it, he just wanted to avoid the hassle...
 
yes you can just reinstall windows at this point it would be the best and easiest way. Use your system recovery disc
 
reinstalled windows, and everything appears fine.
however, i downloaded spyware doctor, and it found 4 infections of trojan.virtumonde. ??????? how is that possible? shouldn't reinstalling have wiped everything clean?
 
also, what should i have on the pc to prevent this from happening again? he originally had AVG, and i now have spyware doctor, should i have something else?
 
should i download HJT and post a log? I have disconnected it from the internet since i ran the Spyware doctor scan and found the virtumonde. Is it possible that something was left behind when i reinstalled XP? I immediately downloaded all the windows/java updates i was told to, and the only sites i have gone to are the emachines page, because it was the default homepage, and pc tools.com to download Spyware doc....
 
i downloaded spyware doctor, and it found 4 infections of trojan.virtumonde. ??????? how is that possible?
Click to expand...

You know how you "re-installed" Windows (from restore discs)

Was this a clean install (new formatted install)
Or just a repair install?

I can only think that you must have Trojans in the restore discs, or spyware doctor itself is giving false positives, or is in fact corrupted, itself.
Do you have extra drives installed, maybe?
 
i did the "destructive" install, using "emachines Microsoft Windows XP media center edition 2005 system recovery CD/DVD"
i had used the same disc on another identical pc before, about a year ago, with no problems...
i have none of the same symptoms, just 4 infections showed up in the scan. i scanned again, and found nothing. the 4 are currently quarantined.

what do you mean by extra drives installed?
 
not exactly sure what this means, but this is what Gparted is showing me

partition filesystem size used unused flags

/dev/dha2 fat32 4.21GiB 3.21GiB 1016.36MiB

/dev/dha1 ntfs 182.1 GiB 7.28GiB 174.82GiB boot
 
patrick713 said:
not exactly sure what this means, but this is what Gparted is showing me

partition filesystem size used unused flags

/dev/dha2 fat32 4.21GiB 3.21GiB 1016.36MiB <-Hidden Partition

/dev/dha1 ntfs 182.1 GiB 7.28GiB 174.82GiB boot
Click to expand...
Ah Huh!
We found a hidden partition! About 4 Gig in size

What's this other Partition? It's probably the small recovery partition for Windows (Xp or Vista?)

How do you access this partition?
Well usually there is a prompt (like F10) or something, when you turn on the computer. Selecting this prompt will allow you to restore your entire computer back to when it was delivered.
But...
If you format, or install Windows clean using a Windows CD, the prompt will also be removed (very annoying I know) mind you, it also contains Trojans!

Now what to do with this new found partition (I don't like removing them basically)
You could contact the computer manufacture support page, and actually get this prompt back (usually a small boot config program to load up)
But...
The Trojans!!!
And scanning it, may remove important system files from being restored one day
???
Thinking again :confused:

What are your thoughts on this?
 
so you're saying i cant just delete it? and if i access it, it releases the trojans?
great...
so was this partition already there, and the trojans infiltrated it? or did they actually create it?
 
Status
Not open for further replies.

Similar threads

midian182
Man finds his PC infested with bugs of the six-legged kind
Replies
17
Views
2K
J Oelschl
J
P
Cyberpunk 2077 vulnerability reportedly allows malicious mods to take over your PC
Replies
5
Views
892
Uncle Al
Uncle Al
Scorpio53
Windows XP PC only boots in safe mode
Replies
10
Views
6K
Cycloid Torus
Cycloid Torus

Latest posts

Back