On 03/11/2012 00:12, glee wrote:
"Tony" wrote in message
...
On 01/11/2012 23:36, glee wrote:
"Tony" wrote in message
...
On 01/11/2012 22:51, Tony wrote:
On 01/11/2012 21:18, philo wrote:
On 11/01/2012 02:54 PM, Tony wrote:
On 01/11/2012 19:28, philo wrote:
On 11/01/2012 02:18 PM, Tony wrote:
stupidly I have allowed a file_restore trojan to highjack my pc. I
have
tried running system restore in safe mode with cmd. I have rub
Malwarebytes in safe mode. System restore just freezes and
Malwarebytes
doesn't help either. I thought I might re-install Windows from
CD but
this says I have a newer version already and stops. I've tried to
format C to allow installation from the cd but the drive won't
unmount.

Can I create, somehow, a bootable flash drive so that I can
re-inatall
from my CD?

Any ideas would be very welcome.

Tony



You cannot format your drive from within a running OS

you need to *boot* with your install cd


be sure to back up your data first and scan it for malware

Thanks. I can't access any files to back up.

I've tried *booting* from my cd however after lots of files have
copied
I get the BSOD with this message
STOP:0x0000007B(0xF78D2524,0xC0000034,Ox00000000,0 x00000000)

Tony



Then you have hardware problems too.

Could be a dirty or scratched cd.

your cd rom may be bad or need a dusting out


CAUTION: If you format your drive all your data will be gone
so that needs to be backed up first. You need to use a live Linux cd
and an external drive

thanks. again, unfortunately now you've lost me, i'm afraid. Linux is
something I read about but don't know what a live Linux cd is. I do
have an external drive though. Also my pc hard disk is partitioned
with
all my data on drives other than "c" so I was hoping to reinstall
windows to "c" & then access all my data from the other partitions.

In the meantime I'll clean my disK & hoover out my cd rom

I've now read up live Linux cd's, Ubuntu seems the most user friendly.
I'm off to bed now but will try & create a live Linux cd tomorrow

Before you go wiping everything out, create a bootable Kaspersky Rescue
CD (which is Linux-based) from the downloadable ISO file, and boot with
it (with your network cable connected so it can go online to update).
Click the option to update, then when the update is done, click to scan,
and make sure you check mark the C: drive to be included in the scan. It
will find any malware and give you the option to remove it. Write down
everything it finds and post back with the info before you remove
anything, if you need help determining if it's ok to remove something it
finds.

Kaspersky Rescue Disk 10
http://support.kaspersky.com/viruses/rescuedisk

How to Use the Kaspersky Rescue Disk to Clean Your Infected PC -
http://www.howtogeek.com/howto/36403...r-infected-pc/



You can also use its Linux operating system after the scan is done and
closed, to mount your Windows drive, and use the file manager to copy
your files to a USB stick, if desired.

Hi. Thanks so much for all the ongoing help. I've created a Kapersky
Rescue Disk, Updated it and spend the morning Scanning my PC.

It hasfound 2 Trojans, although it describes it as having found 3
malicious objects, perhaps because 1 is in two places.
-
Trojan-FakeAV.Win32.FakeSysDef.ekk in AppData/eKiousRYqssWq.EXE and
also in HKEY Local Machine....\RUN

and Root.Boot.SSTA. in /dev/sda

In both cases Kapersky recommends removal.

I've also taken your advice and used File Manager to back up my data
to another drive

This newsgroup is not the best place to deal with malware removal, but
in addition to the Fake/Rogue AV trojan, you have what looks to be a
"boot kit".... a root kit which infects the Master Boot Record (MBR)....
Root.Boot.SST.A
This may also be involved in XP setup failing with a BSOD, if setup had
reached the point where it was going to start from the hard drive.....
and possibly even before that.

Make SURE you have saved ALL your personal files to another drive, then
have Kaspersky remove everything it finds, all copies of the malware.
The first detection is a file... eKiousRYqssWq.EXE, the second detection
is a Registry entry telling that file to run at every Windows start
(HKEY Local Machine....\RUN). The third detection is the boot kit....
Root.Boot.SST.A

When done, have Kaspersky shut down/restart the computer and see if
Windows will start. Post back with your results.... even if Windows
starts, you are not done cleaning.

I've given up on it. Having backed up all my data I've now carried out
a clean installation. I am grateful however for all the assistance I've
received.

My installation has not gone as well as I'd have liked so I'll post a
new question.

Tony