TechSpot

Antivirus XP 08, Rootkit, Trojan.gaslide. PC infested.

By patrick713
Aug 12, 2008
Topic Status:
Not open for further replies.
  1. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,214

  2. patrick713

    patrick713 TS Rookie Topic Starter Posts: 59

    i cant get it to boot off memtest. i used f2 to change the boot order to cd rom first, and also have tried using f10 to choose boot cd first. i can hear it reading the cd, but then it just goes on like it normally would if you left a regular music cd in....
    does it matter that i downloaded memtest with vista, and not xp? becuase i could try again with a pc with xp...
     
  3. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,214

  4. patrick713

    patrick713 TS Rookie Topic Starter Posts: 59

    i downloaded it, and burned the program using it.
    it still won't boot.
     
  5. patrick713

    patrick713 TS Rookie Topic Starter Posts: 59

    i edited the boot order so that it went cd rom, cd rom, cd rom, harddrive.
    no luck in three tries.
    i edited it so that it went cd, cd,cd,cd, and it finally booted the disc. its scanning right now.
     
  6. patrick713

    patrick713 TS Rookie Topic Starter Posts: 59

    i'm guessing 7 passes is going to take forever.... so i'm going to wait until tomorrow morning to do it.
     
  7. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    About 4Hrs
     
  8. patrick713

    patrick713 TS Rookie Topic Starter Posts: 59

    thats about what i guessed...so that would be 3:30 in the morning......sleep wins today. :haha:
     
  9. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,214

    hey maybe kim can help with the lope of reboots it can be related to hardware
     
  10. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    xxdanielxx I haven't even read the thread in full
    Now, I know instead of this message, I could have!

    But maybe after the Mem Scan, there can be a write up of

    What is the current fault
    What has been tried
    Any other further info

    In a few lines!
    This thread is just too big!
     
  11. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,214

    there is nothing much just removing malware last thing he tried to run was combofix. But he could not run it so he rebooted and the loops started to happen first thought was he corupted the reg but he cant even get into the recovery console so that points me to bad hardware
     
     
  12. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    Yep

    I'd say HardDrive
    Best to backup (externally to another computer, mounted as a slave)
    Then install Windows clean
    Why?
    Because this will eliminate Hardware
     
  13. patrick713

    patrick713 TS Rookie Topic Starter Posts: 59

    how do i backup using another computer?
    also, i have an external hardrive i use for my laptop, not sure if that helps any, but i figured i should say it...
     
  14. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    You need to physically remove your existing (possible faulty) HardDrive
    Then go to a Desktop computer
    Unplug the Slave ( being the CD/DVD drive)
    Plug in your HardDrive

    Boot from the Desktop normally
    But in "My Computer" the Desktop will now have 2 Drives (C drive, and yours)
    You can then "back up" your drive
     
  15. patrick713

    patrick713 TS Rookie Topic Starter Posts: 59

    do i have to worry about the hardrive giving the other computer any of the malware that infected the first one?
    also, can i just reinstall windows without backing it up? i realize i would lose everything stored on the hd, but i might be able to convince my father (its his pc) to do it....i don't think he had anything vital on it, he just wanted to avoid the hassle...
     
  16. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,214

    yes you can just reinstall windows at this point it would be the best and easiest way. Use your system recovery disc
     
  17. patrick713

    patrick713 TS Rookie Topic Starter Posts: 59

    reinstalled windows, and everything appears fine.
    however, i downloaded spyware doctor, and it found 4 infections of trojan.virtumonde. ??????? how is that possible? shouldn't reinstalling have wiped everything clean?
     
  18. patrick713

    patrick713 TS Rookie Topic Starter Posts: 59

    also, what should i have on the pc to prevent this from happening again? he originally had AVG, and i now have spyware doctor, should i have something else?
     
  19. patrick713

    patrick713 TS Rookie Topic Starter Posts: 59

    should i download HJT and post a log? I have disconnected it from the internet since i ran the Spyware doctor scan and found the virtumonde. Is it possible that something was left behind when i reinstalled XP? I immediately downloaded all the windows/java updates i was told to, and the only sites i have gone to are the emachines page, because it was the default homepage, and pc tools.com to download Spyware doc....
     
  20. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    You know how you "re-installed" Windows (from restore discs)

    Was this a clean install (new formatted install)
    Or just a repair install?

    I can only think that you must have Trojans in the restore discs, or spyware doctor itself is giving false positives, or is in fact corrupted, itself.
    Do you have extra drives installed, maybe?
     
  21. patrick713

    patrick713 TS Rookie Topic Starter Posts: 59

    i did the "destructive" install, using "emachines Microsoft Windows XP media center edition 2005 system recovery CD/DVD"
    i had used the same disc on another identical pc before, about a year ago, with no problems...
    i have none of the same symptoms, just 4 infections showed up in the scan. i scanned again, and found nothing. the 4 are currently quarantined.

    what do you mean by extra drives installed?
     
  22. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    Any extra Partitions (Hidden?) in My Computer
    You can use Gparted live CD to see any hidden partitions
     
  23. patrick713

    patrick713 TS Rookie Topic Starter Posts: 59

    not exactly sure what this means, but this is what Gparted is showing me

    partition filesystem size used unused flags

    /dev/dha2 fat32 4.21GiB 3.21GiB 1016.36MiB

    /dev/dha1 ntfs 182.1 GiB 7.28GiB 174.82GiB boot
     
  24. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    Ah Huh!
    We found a hidden partition! About 4 Gig in size

    What's this other Partition? It's probably the small recovery partition for Windows (Xp or Vista?)

    How do you access this partition?
    Well usually there is a prompt (like F10) or something, when you turn on the computer. Selecting this prompt will allow you to restore your entire computer back to when it was delivered.
    But...
    If you format, or install Windows clean using a Windows CD, the prompt will also be removed (very annoying I know) mind you, it also contains Trojans!

    Now what to do with this new found partition (I don't like removing them basically)
    You could contact the computer manufacture support page, and actually get this prompt back (usually a small boot config program to load up)
    But...
    The Trojans!!!
    And scanning it, may remove important system files from being restored one day
    ???
    Thinking again :confused:

    What are your thoughts on this?
     
  25. patrick713

    patrick713 TS Rookie Topic Starter Posts: 59

    so you're saying i cant just delete it? and if i access it, it releases the trojans?
    great...
    so was this partition already there, and the trojans infiltrated it? or did they actually create it?
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.