Massive infection... Help required please

  awest3 16:26 25 Jul 11
Locked

Friends PC has got massivley infected...Old HP running xp sp3.

Not sure how this happened but suffice to say his son has been home for the weekend.

IE will not open, but can get onto the internet through AOL, AVG keeps throwing up infection screens which purport to put the infections into the vault..but you cannot open AVG dialog. It will not restore, I've tried 5 different restore points, comes back and says 'restore incomplete'. I cannot get it to load in safe mode just comes up with an error. I've downloaded and run malwarebytes which found just 1 virus and deleted it. AVG's infection screen says many files infected with zbot ? zeus ?

Any assistance welcomed thanks...

  rawprawn 16:40 25 Jul 11

If you have the XP SP3 disk run Repair XP Reair XP Instructions

  awest3 16:53 25 Jul 11

I'm sure he's not got that disk..he will only have the original xp install disk. I think he has downloaded sp2/3 over the net.

  rawprawn 17:14 25 Jul 11

In that case I would try and slipstream XP Instructions

  robin_x 18:52 25 Jul 11

If you are at 'last resort' stage, try Combofix. Very powerful and quite quick.

  awest3 09:02 26 Jul 11

HI, Thanks for these. I downloaded A2 last night and left it running..When I left it had identified 12 infections and was about 25% through. I'll be going round later on to check it. I also found a 'Spyware doctor' progam which it reakons will cure the problem..I'll give it a try later.

Thanks again..will update later on

  awest3 16:53 26 Jul 11

looks like I've banjoed myself... I tried malwarebytes, superantispyware, Emisoft and Spybot even did a scan with Spyware Doctor... all to no avail.

Looks like a reformat is on the cards....

This virus zbot.g, aswell as stopping you using IE, AVG and numerous other stuff also stops you from booting up in safemode (any of them) and keeps returning you back to 'normal startup'. Trying to force a safemode startup I altered startup via msconfig to always start in safemode, now I just go around in circles because a normal start is now in safemode which the virus will not allow. Can anyone tell me how to alter the startup file so its back to starting normally. I'm assuming I'll have to create a startup CD and get it to boot from there..

Any help/suggestions welcomed...

  Fruit Bat /\0/\ 17:12 26 Jul 11

Mbam is supposed to remove zbot.g

If you can nolonger get into windows can you Boot to the command prompt and type:

%systemroot%\system32\restore\rstrui.exe

Press Enter and follow the on-screen prompts to restore to an earlier date/time

if will not boot to command prompt then:

Restore from recovery console http://www.myfixes.com/articles/system

  awest3 19:09 26 Jul 11

will give it a try and get back...Thanks

  hiwatt 19:18 26 Jul 11

Bookmarked!

  woodchip 19:29 26 Jul 11

virus will be in the recovery files, so its not going to shift it that way, me thinks. may be better to use his restore disc as this will wipe the drive and reinstall it to running order

This thread is now locked and can not be replied to.

Surface Pro (2017) vs Surface Pro 4

20 groundbreaking 3D animation techniques

How to mine Bitcoin on Mac