I am running Windows XP Media Center edition with SP 3 on a Sony Vaio VGN – FE660G – T2300 1.66 GHz – 1 MB RAM.
This computer has a hidden partition for system restore – but it did not come with system restore CDs/DVDs. I have used the hidden partition a few times so far already. Once every 12 months or so (sometimes more frequently) I back up my data and Use the Restore C: drive option in the system restore utility from Sony that uses the hidden partition to do its job.
Last week my computer was infected with “Super AnitVirus Pro” - It was a bad infection – (browser redirections both IE and Firefox , auto browser launch sessions, search re-direct) pop-ups about password stealing attacks from unkown/strage IP addreses etc. and no ability to launch new programs or run taskkill or even taskmgr. I was not able to launch MBAM. I could only run Super Anti Spyware and Avira Anti virus – probably because they are set up to start at run time. They both reported some infections but were running for too long and I was getting concerned what “Super AnitVirus Pro” was doing to my system while I was not running in safe node (some forums also suggested running in safe mode to do the detection) – so I paused the Super Anti Spyware scan, cleaned the infections that it had reported up until that point and used the power switch to turn off the computer and tried to re-boot in safe mode. Safe boot did not work and still does not. Same for “Safe booth with networking and command prompt”. So, I tried booting with “last known good configuration” and it worked.
No visible trace of “Super AnitVirus Pro” as far as I can tell, but my computer is still infected with the “search re-direct” virus. I in-installed Mozilla Firefox and and re-installed the latest Fire Fox but that has not helped.
So far I have scanned my complete system with
1. Avira Antivirus – 9.0.0.418
2. Super Anti Spyware – 4.31.1000 – Core 4339 Trace 2191
3. MBAM – 1.42 – db vers 3304 – fingerprints 163461
None of the above reported any infections
I had only one JRE and removed it using “Add/Remove programs”
I also ran HiJackThis.
I have attached logs for MBAM, SAS and HiJackThis
I also ran ccleaner and atf cleaner and they both cleaned up some junk
After searching and browsing Some forum posts I thought might have a rootkit virus. So I ran McAfee Rootkit Detective Version 1.1 and Trend Micro Root Kit buster 2.80.1077. Both reported no infections.
To be on the safe side though (and because I still have the “google search re-direct” issue) I want to restore my C: to factory settings, but my Sony Recovery Console says “Cannot find the recovery drive. If you have not removed the recovery drive, re-starting the system might resolve the issue”. I have re-starred several times, but that has not helped.
I have my data (and any other software I will need to re-install) backed up, so that is not an issue.
I really would like to get to the hidden partition and restore my C: to factory settings with original Windows XP MCE and update from there and re-install everything,
At this point I have 3 issues, the last one is the most important, because if it is resolved the other 2 will become non issues.
1. I still cannot boot in any of the safe modes – but normal mode boot or last know good config both work
2. I still have the “google search re-direct” issue.
3. I cannot see me C: drive under disk management or device manager or “diskpart”, but I can boot all right and see the C: drive in windows explorer, dos window etc.
I downloaded EASEUS partition master and it shows my C: drive as the primary active partition and it also shows the hidden drive as “*:”
I have attached screen shots.
The following services are all started
Plug and Play
RPC
Logical Disk Manager
Logical Disk Manager Admn svc
I will certainly most appreciate any help/suggestions you might provide.
This computer has a hidden partition for system restore – but it did not come with system restore CDs/DVDs. I have used the hidden partition a few times so far already. Once every 12 months or so (sometimes more frequently) I back up my data and Use the Restore C: drive option in the system restore utility from Sony that uses the hidden partition to do its job.
Last week my computer was infected with “Super AnitVirus Pro” - It was a bad infection – (browser redirections both IE and Firefox , auto browser launch sessions, search re-direct) pop-ups about password stealing attacks from unkown/strage IP addreses etc. and no ability to launch new programs or run taskkill or even taskmgr. I was not able to launch MBAM. I could only run Super Anti Spyware and Avira Anti virus – probably because they are set up to start at run time. They both reported some infections but were running for too long and I was getting concerned what “Super AnitVirus Pro” was doing to my system while I was not running in safe node (some forums also suggested running in safe mode to do the detection) – so I paused the Super Anti Spyware scan, cleaned the infections that it had reported up until that point and used the power switch to turn off the computer and tried to re-boot in safe mode. Safe boot did not work and still does not. Same for “Safe booth with networking and command prompt”. So, I tried booting with “last known good configuration” and it worked.
No visible trace of “Super AnitVirus Pro” as far as I can tell, but my computer is still infected with the “search re-direct” virus. I in-installed Mozilla Firefox and and re-installed the latest Fire Fox but that has not helped.
So far I have scanned my complete system with
1. Avira Antivirus – 9.0.0.418
2. Super Anti Spyware – 4.31.1000 – Core 4339 Trace 2191
3. MBAM – 1.42 – db vers 3304 – fingerprints 163461
None of the above reported any infections
I had only one JRE and removed it using “Add/Remove programs”
I also ran HiJackThis.
I have attached logs for MBAM, SAS and HiJackThis
I also ran ccleaner and atf cleaner and they both cleaned up some junk
After searching and browsing Some forum posts I thought might have a rootkit virus. So I ran McAfee Rootkit Detective Version 1.1 and Trend Micro Root Kit buster 2.80.1077. Both reported no infections.
To be on the safe side though (and because I still have the “google search re-direct” issue) I want to restore my C: to factory settings, but my Sony Recovery Console says “Cannot find the recovery drive. If you have not removed the recovery drive, re-starting the system might resolve the issue”. I have re-starred several times, but that has not helped.
I have my data (and any other software I will need to re-install) backed up, so that is not an issue.
I really would like to get to the hidden partition and restore my C: to factory settings with original Windows XP MCE and update from there and re-install everything,
At this point I have 3 issues, the last one is the most important, because if it is resolved the other 2 will become non issues.
1. I still cannot boot in any of the safe modes – but normal mode boot or last know good config both work
2. I still have the “google search re-direct” issue.
3. I cannot see me C: drive under disk management or device manager or “diskpart”, but I can boot all right and see the C: drive in windows explorer, dos window etc.
I downloaded EASEUS partition master and it shows my C: drive as the primary active partition and it also shows the hidden drive as “*:”
I have attached screen shots.
The following services are all started
Plug and Play
RPC
Logical Disk Manager
Logical Disk Manager Admn svc
I will certainly most appreciate any help/suggestions you might provide.
