|
|||||||
 |
|
|
LinkBack | Thread Tools | Search this Thread | Rate Thread | Display Modes |
05-07-2012, 01:12 PM
|
#1 |
|
Member (9 bit)
Join Date: Oct 2005
Location: Berea, Ohio
Posts: 266
|
a variant of Win32/Spy.Zbot.ZR trojan
The computer turns on... the background is black, no windows on the desktop..
About 20 pop-ups saying that "a write command during the test has failed to complete. This may be due to a media or read/write error. The system generates an exception error when using a reference to an invalid system memory address." What would be the best way to go about removing this?
__________________
Network admin in training, please excuse my ignorance. |
|
|
|
05-07-2012, 01:44 PM
|
#2 |
|
Staff
Premium Member
Join Date: Sep 2004
Location: Cardiff, Wales. UK
Posts: 6,559
|
There are several ways of dealing with this. My preferences would be either one of these two ways:
Remove the harddrive and slave it to a working computer with up to date virus and malware scanner software. Slaving a harddrive to scan for viruses. Or create the Windows Defender Offline boot disk. Microsoft System Sweeper has changed
__________________
Niwa no niwa ni wa, niwa no niwatori wa niwaka ni wani o tabeta. |
|
|
|
|
05-08-2012, 06:30 AM
|
#3 |
|
Member (9 bit)
Join Date: Oct 2005
Location: Berea, Ohio
Posts: 266
|
I forgot to mention that it's windows xp, it's a work computer.
Will that second option still work? |
|
|
|
|
05-08-2012, 06:48 AM
|
#4 |
|
Staff
Premium Member
Join Date: Sep 2004
Location: Cardiff, Wales. UK
Posts: 6,559
|
To what extent will your employers allow you to work on the machine?
Yes the second option will work fine with XP, just make sure you use the correct version, 32bit or 64bit. Is my PC running the 32-bit or 64-bit version of Windows? |
|
|
|
|
05-08-2012, 07:08 AM
|
#5 |
|
Member (9 bit)
Join Date: Oct 2005
Location: Berea, Ohio
Posts: 266
|
To the full extent, whatever i need to do they will let me. I have 6 servers to watch over, and about 60 computers.
It was marked as an entry level position, and they know i have alot to learn. But they were excited for me to grow and develop, so for me its a heck of an opportunity. |
|
|
|
|
05-08-2012, 07:56 AM
|
#6 |
|
Staff
Premium Member
Join Date: Sep 2004
Location: Cardiff, Wales. UK
Posts: 6,559
|
My advice would be to clean up that infected machine and then start making some images of the different variations of machines your are watching over.
The image will allow you to get a faulty or infected machine back up and running in the minimum amount of down time. |
|
|
|
|
05-08-2012, 09:48 AM
|
#7 |
|
Member (9 bit)
Join Date: Oct 2005
Location: Berea, Ohio
Posts: 266
|
So I downloaded the program, ran it and put it on a disc.
When I put the disk into the computer I changed the boot priority to have the disc drive be first. Pressed f12 and chose boot from CD/DVD. When it said press any key I did, however it still loaded straight to windows. Any idea? |
|
|
|
|
05-08-2012, 10:01 AM
|
#8 |
|
Member (11 bit)
Join Date: Feb 2003
Location: Tucker Ga. USA
Posts: 1,358
|
Could be a bad drive, failing to read the burned copy.
Could you download it again and burn on a different machine. |
|
|
|
05-08-2012, 10:04 AM
|
#9 |
|
Member (9 bit)
Join Date: Oct 2005
Location: Berea, Ohio
Posts: 266
|
I replaced the drive real quick with a different one,
Got it to "work".. In at the point where there is a blue box that says "windows defender offline" with a white scrolling status bar.. The status bar has been going back and forth for about 10 minutes with no change, is this normal? The computer is pretty old, but this seems excessively long |
|
|
|
|
05-08-2012, 12:25 PM
|
#10 |
|
Member (9 bit)
Join Date: Oct 2005
Location: Berea, Ohio
Posts: 266
|
2.5 hours and it never moved past the scrolling loading screen...
Any ideas? Seems like a strange problem. |
|
|
|
|
05-08-2012, 12:33 PM
|
#11 |
|
Moderator
Staff
Premium Member
Join Date: Nov 2008
Location: Detroit, MI
Posts: 5,223
|
Something is wrong with the burn I suspect because it should be at that scrolling point for a couple of minutes. You can also try running the mssstool32.exe and select to load the program on a USB stick instead of a DVD. The program should still be in the same place you downloaded.
|
|
|
|
|
05-08-2012, 03:16 PM
|
#12 |
|
Member (9 bit)
Join Date: Oct 2005
Location: Berea, Ohio
Posts: 266
|
Alright....
Well, i made a new disc, fixed that problem. Ran the scan, found 10 severe threats, "fixed them". After doing that i logged back into windows and things still don't seem right. Start>all programs> is completely empty. Looking at the C drive shows nothing either. Cant right click or drag and drop anything onto the desktop. the ESET NOD32 security program we use does not load... What would you do now? |
|
|
|
|
05-08-2012, 03:22 PM
|
#13 |
|
Staff
Premium Member
Join Date: Sep 2004
Location: Cardiff, Wales. UK
Posts: 6,559
|
Time for a bit more reading/research. There is some very helpfull material in these two threads.
Solution for missing start menu shortcuts Virus Cleaned - All files, folders HIDDEN SYSTEM - SOLVED! Look for comments about the "unhide.exe" app. |
|
|
|
|
05-09-2012, 04:03 PM
|
#14 |
|
Member (9 bit)
Join Date: Oct 2005
Location: Berea, Ohio
Posts: 266
|
Alright, took me a while but i got it mostly figured out.
Ran unhide.exe Everything that was on the desktop is once again on the desktop.... I read through those 2 posts you linked to and have been unable to find any of the files that were in programs in the start menu.. The places i read to check are: Documents & Settings>User name>Local Settings>Temp>smtmp. also checked Windows/Temp as that other post says to do. They were in neither of those 2 places... although, using xp i was unsure how to search for hidden files as well... Maybe that could be my problem? How do i do that? |
|
|
|
|
05-09-2012, 04:13 PM
|
#15 |
|
Staff
Premium Member
Join Date: Sep 2004
Location: Cardiff, Wales. UK
Posts: 6,559
|
The Local Settings folder is a hidden folder so you'll have to use the Folder Options in the Control Panel to select Show Hidden Folders.
|
|
|
|
|
05-11-2012, 10:13 AM
|
#16 |
|
Member (9 bit)
Join Date: Oct 2005
Location: Berea, Ohio
Posts: 266
|
Alright, well i un-hid it.. looked everywhere, and nothing...
Any other ideas? Im still missing more than half of the EXE files for the programs in the start menu. I did a few of them manually, but others i just couldnt find. |
|
|
|
|
05-13-2012, 04:46 AM
|
#17 |
|
Staff
Premium Member
Join Date: Sep 2004
Location: Cardiff, Wales. UK
Posts: 6,559
|
At this stage, with so much system file damage on that machine, I think it's time to start afresh. Do you have all the disks to reinstall Windows and the other software that is used on that machine?
If you are going to start afresh, it is vitally important that you "zero fill" the harddrive prior to reinstalling Windows. |
|
|
|
|
| Bookmarks |
| Thread Tools | Search this Thread |
| Display Modes | Rate This Thread |
|
|
Linear Mode
