After removing Malware/Virus, can't install secuity apps

F

FragMagnet

[H]ard|Gawd
Joined
Mar 11, 2000
Messages
1,529
I'm trying to help out a friend from work. He has an older Dell (2.66 P4, 1 gig, 60 gig, XP Home), Using a mix of Norton AV, the latest ad-aware, and windows firewall, he was infected with a Win32 derivitive that included a dialer and a few other things.

Now I used Kaspersky Rescue disc (updated), and Panda, which removed a bunch of things. We seem to be able to navigate the system now, but it won't let us install either Kaspersky free, Avira, or Malwarebytes. As well as Security Centre is disabled in the Services, and won't enable in anyway. I tried the Avira, Bitdefender, and vba32 rescue discs, but though they appeared to start, they always black-screened while initialising as if a video driver problem.

So did something get disabled that requires re-enabling ? Or is there still some junk that the functional software didn't find ? At this point I said re-format, but he still wants to try to save it !

Any suggestions/experiences ?
 
Even when you successfully remove the infection, performing a clean install is easier then reverting the changes it made to registry and folder permissions, etc.
 
Take a look at the "How-to Guide for Virus/Trojan/Malware Removal" stickied thread over in the networking and security forum.
I'd run the symantec unhookexec.inf file linked towards the end of that thread.
 
unhookexec.inf is the thing to try now to allow you to recover any unreplaceable data, but honestly, I agree that at this point, it's better to format and reinstall Windows, because god knows what all the malware has gotten into.
 
YeOldeStonecat said:
Take a look at the "How-to Guide for Virus/Trojan/Malware Removal" stickied thread over in the networking and security forum.
I'd run the symantec unhookexec.inf file linked towards the end of that thread.
Click to expand...

evilsofa said:
unhookexec.inf is the thing to try now to allow you to recover any unreplaceable data, but honestly, I agree that at this point, it's better to format and reinstall Windows, because god knows what all the malware has gotten into.
Click to expand...

Thanks guys for the thread and the correct forum (hadn't noticed that one before), I'll work through that, and if there is no recourse, then a format it is. I would like to get him at least functional so I can get through Christmas before going over there to reformat his system
 
Try renaming the installer files for those products.

Or, install under Safe Mode (should work).

I find it funny though that you install the best products last. Norton, Panda, Ad-Aware ... all suck
 
In my experience(I look after 80+ computers/7 servers/3 networked printers/6 wireless access points on a daily basis as well as work on people's computers on the side) do a format. If you know what you are doing, the computer will be working so much better when you are done, that he will thank you for it.
 
bigdogchris said:
Try renaming the installer files for those products.

Or, install under Safe Mode (should work).

I find it funny though that you install the best products last. Norton, Panda, Ad-Aware ... all suck
Click to expand...

Agreed, but his system has functioned with 4 accounts, him, his wife, and 2 kids, since 2003, and this is the first time he was hit with anything. Myself, I've used Avira for a while, and before that was AVG and Avast.

Avira installed under safe mode wouldn't work, or under normal mode, and the only recue discs that actualy were able to boot the comp was Kaspersky and Panda (Panda was never installed), the free Kaspersky wouldn't install either ! So I was making do with what's available....
 
I've had some luck with TrendMicro Housecall (online virus scanner) when a machine was too infested to install AV. Not perfect but helps clean it out to get a real a/v installed.

http://housecall.trendmicro.com/


Try also renaming the .exe files as someone else suggested. That fools some virus programs.

Manually remove anything you don't recognize from msconfig startup...some may respawn themselves upon reboot, but that can stop a few.

If something is detected and the AV cannot remove, you can sometimes track down the folders and manually delete yourself.
 
FragMagnet said:
Agreed, but his system has functioned with 4 accounts, him, his wife, and 2 kids, since 2003, and this is the first time he was hit with anything. Myself, I've used Avira for a while, and before that was AVG and Avast.

Avira installed under safe mode wouldn't work, or under normal mode, and the only recue discs that actualy were able to boot the comp was Kaspersky and Panda (Panda was never installed), the free Kaspersky wouldn't install either ! So I was making do with what's available....
Click to expand...

If you can hook the drive up to another machine and scan from there it would probably help. Follow YeOlde's advice, if that doesn't work reformat and do a fresh install. Tell him that's the way it goes..offer to back his shit up and warn him that there may be infected files in the backup, unless you're positive there's not.

Looks like there's some malware still lingering or the malware that was there corrupted the system.
 
Last edited:
You must log in or register to reply here.
Back
Top