Man, do I need some help with my daughter's computer. She called saying her PC keeps crashing.
First look I found:
Yes, computer crashed, with 'no hard drive found' on reboot.
Finally rebooted, ran PCDoctor > 150+ infections, ran Malwarebytes > 50+ infections.
cleared those, but McAfee security center did not appear to be functioning properly. Cannot get to site for updates, nor any security sites. Tried running regedit, screen blanks and then give me initial screen. will not run, nor will anything from 'Run'.
Created alt 'msconfig' and that runs, alt regedit still will not.
I found she was still on XP - SP2, tried to update to SP3, could not download from Microsoft.
Could not reinstall McAfee, (opted for the download option) and whatever is in there blocks the re-install. Last definition update was 5/9.
I ran the 8 Step fix. It helped somewhat. I keep running scans, each one keeps finding yet another infection. I finally was able to run a McAfee scan (first one stopped the scan after I saw '2 infections' flash on the screen). McAfee found and deleted more. I ran MS Malicious Software Removal Tool after all scans were clean. It found 1 Trojan - Win32/Alureon.
Finally got to install SP3 this morning, thought that might repair some things. No.
Thought about doing a Restore Point, all restore points before May 13 are gone. I have no way to know if that one is good, but I would doubt it. I'm figuring that is about when things went south.
Notes on attachments: include first and last logs for 'mbam' and 'SUPER'
Does anyone have any ideas? Or am I just toast? How can I restore OS functionality and clean out the infections once and for all (or at least this iteration?) I know a rebuild will fix it, but I would like to avoid that. (I spent 2 weeks on my wife's PC)
Thanks, Eric
<><><><><><><><><><><><><><><><><><><><><><><><><>
Update: 10:30 CDT
I've been working on this for a while. More clues:
It appears my problems started after KER.EXE installed itself. (since removed)
Could not RUN > COMMAND - it gave me an error on AUTOEXEC.NT
Tried to boot in safe mode w/ command prompt. It did not come up with a command prompt. Managed to copy AUTOEXEC.NT from my PC to my daughter's PC (file was missing). COMMAND successfully runs.
Tried regedit again, would not run. Copied regedit.exe regedit.com. From command prompt I ran c:\windows "Start regedit.com". Regedit runs!
Checked HKLM\Software\classes\exefile\shell\open\command set to "%1" %*
Now, I still cannot get to McAfee.com to update my virus definitions.
New questions are: What do trojans do to block access to security sites? Since I now have access to the registry, what should I look for set or reset?
Eric
First look I found:
Yes, computer crashed, with 'no hard drive found' on reboot.
Finally rebooted, ran PCDoctor > 150+ infections, ran Malwarebytes > 50+ infections.
cleared those, but McAfee security center did not appear to be functioning properly. Cannot get to site for updates, nor any security sites. Tried running regedit, screen blanks and then give me initial screen. will not run, nor will anything from 'Run'.
Created alt 'msconfig' and that runs, alt regedit still will not.
I found she was still on XP - SP2, tried to update to SP3, could not download from Microsoft.
Could not reinstall McAfee, (opted for the download option) and whatever is in there blocks the re-install. Last definition update was 5/9.
I ran the 8 Step fix. It helped somewhat. I keep running scans, each one keeps finding yet another infection. I finally was able to run a McAfee scan (first one stopped the scan after I saw '2 infections' flash on the screen). McAfee found and deleted more. I ran MS Malicious Software Removal Tool after all scans were clean. It found 1 Trojan - Win32/Alureon.
Finally got to install SP3 this morning, thought that might repair some things. No.
Thought about doing a Restore Point, all restore points before May 13 are gone. I have no way to know if that one is good, but I would doubt it. I'm figuring that is about when things went south.
Notes on attachments: include first and last logs for 'mbam' and 'SUPER'
Does anyone have any ideas? Or am I just toast? How can I restore OS functionality and clean out the infections once and for all (or at least this iteration?) I know a rebuild will fix it, but I would like to avoid that. (I spent 2 weeks on my wife's PC)
Thanks, Eric
<><><><><><><><><><><><><><><><><><><><><><><><><>
Update: 10:30 CDT
I've been working on this for a while. More clues:
It appears my problems started after KER.EXE installed itself. (since removed)
Could not RUN > COMMAND - it gave me an error on AUTOEXEC.NT
Tried to boot in safe mode w/ command prompt. It did not come up with a command prompt. Managed to copy AUTOEXEC.NT from my PC to my daughter's PC (file was missing). COMMAND successfully runs.
Tried regedit again, would not run. Copied regedit.exe regedit.com. From command prompt I ran c:\windows "Start regedit.com". Regedit runs!
Checked HKLM\Software\classes\exefile\shell\open\command set to "%1" %*
Now, I still cannot get to McAfee.com to update my virus definitions.
New questions are: What do trojans do to block access to security sites? Since I now have access to the registry, what should I look for set or reset?
Eric
