A Windows XP help forum. PCbanter

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Go Back   Home » PCbanter forum » Microsoft Windows XP » Windows XP Help and Support
Site Map Home Register Authors List Search Today's Posts Mark Forums Read Web Partners

trojan has highjacked pc



 
 
Thread Tools Display Modes
  #16  
Old November 2nd 12, 02:03 PM posted to microsoft.public.windowsxp.help_and_support
Tony
external usenet poster
 
Posts: 12
Default trojan has highjacked pc

On 01/11/2012 23:36, glee wrote:
"Tony" wrote in message
...
On 01/11/2012 22:51, Tony wrote:
On 01/11/2012 21:18, philo wrote:
On 11/01/2012 02:54 PM, Tony wrote:
On 01/11/2012 19:28, philo wrote:
On 11/01/2012 02:18 PM, Tony wrote:
stupidly I have allowed a file_restore trojan to highjack my pc. I
have
tried running system restore in safe mode with cmd. I have rub
Malwarebytes in safe mode. System restore just freezes and
Malwarebytes
doesn't help either. I thought I might re-install Windows from
CD but
this says I have a newer version already and stops. I've tried to
format C to allow installation from the cd but the drive won't
unmount.

Can I create, somehow, a bootable flash drive so that I can
re-inatall
from my CD?

Any ideas would be very welcome.

Tony



You cannot format your drive from within a running OS

you need to *boot* with your install cd


be sure to back up your data first and scan it for malware

Thanks. I can't access any files to back up.

I've tried *booting* from my cd however after lots of files have
copied
I get the BSOD with this message
STOP:0x0000007B(0xF78D2524,0xC0000034,Ox00000000,0 x00000000)

Tony



Then you have hardware problems too.

Could be a dirty or scratched cd.

your cd rom may be bad or need a dusting out


CAUTION: If you format your drive all your data will be gone
so that needs to be backed up first. You need to use a live Linux cd
and an external drive

thanks. again, unfortunately now you've lost me, i'm afraid. Linux is
something I read about but don't know what a live Linux cd is. I do
have an external drive though. Also my pc hard disk is partitioned with
all my data on drives other than "c" so I was hoping to reinstall
windows to "c" & then access all my data from the other partitions.

In the meantime I'll clean my disK & hoover out my cd rom


I've now read up live Linux cd's, Ubuntu seems the most user friendly.
I'm off to bed now but will try & create a live Linux cd tomorrow


Before you go wiping everything out, create a bootable Kaspersky Rescue
CD (which is Linux-based) from the downloadable ISO file, and boot with
it (with your network cable connected so it can go online to update).
Click the option to update, then when the update is done, click to scan,
and make sure you check mark the C: drive to be included in the scan. It
will find any malware and give you the option to remove it. Write down
everything it finds and post back with the info before you remove
anything, if you need help determining if it's ok to remove something it
finds.

Kaspersky Rescue Disk 10
http://support.kaspersky.com/viruses/rescuedisk

How to Use the Kaspersky Rescue Disk to Clean Your Infected PC -
http://www.howtogeek.com/howto/36403...r-infected-pc/


You can also use its Linux operating system after the scan is done and
closed, to mount your Windows drive, and use the file manager to copy
your files to a USB stick, if desired.

Hi. Thanks so much for all the ongoing help. I've created a Kapersky
Rescue Disk, Updated it and spend the morning Scanning my PC.

It hasfound 2 Trojans, although it describes it as having found 3
malicious objects, perhaps because 1 is in two places.
-
Trojan-FakeAV.Win32.FakeSysDef.ekk in AppData/eKiousRYqssWq.EXE and also
in HKEY Local Machine....\RUN

and Root.Boot.SSTA. in /dev/sda

In both cases Kapersky recommends removal.

I've also taken your advice and used File Manager to back up my data to
another drive

Tony
Ads
  #17  
Old November 2nd 12, 02:21 PM posted to microsoft.public.windowsxp.help_and_support
philo 
external usenet poster
 
Posts: 4
Default trojan has highjacked pc

On 11/02/2012 06:52 AM, glee wrote:
"philo" " wrote in message
...
On 11/0troller and it's not set to IDE mode in
the BIOS. If he needs those drivers and doesn't load them, he will get
a 0x0000007B error.

Advanced troubleshooting for "Stop error code 0x0000007B
(INACCESSIBLE_BOOT_DEVICE)" errors in Windows XP
http://support.microsoft.com/kb/324103




snip


If the OP does in fact have an SATA drive and a non sp2/3 version of
XP without the SATA drivers it would be normal for the setup to continue,
then inform the user there is no drive avail to install XP on


Yes, that is what one usually expects to see, but it isn't always the
case. You can get a 0x7B stop error instead..... it's been documented
in the field many times. You can also get the stop error if you load
SATA drivers via F6, and they are not the correct drivers. I am
pointing out that it is a possible reason for his error, if he has a
SATA controller in use. The fact that you have not seen the error in
this situation doesn't mean it hasn't happened. It's been noted before
in real-world practice.


Very well then.


--
https://www.createspace.com/3707686
  #18  
Old November 3rd 12, 01:12 AM posted to microsoft.public.windowsxp.help_and_support
glee
external usenet poster
 
Posts: 1,794
Default trojan has highjacked pc

"Tony" wrote in message
...
On 01/11/2012 23:36, glee wrote:
"Tony" wrote in message
...
On 01/11/2012 22:51, Tony wrote:
On 01/11/2012 21:18, philo wrote:
On 11/01/2012 02:54 PM, Tony wrote:
On 01/11/2012 19:28, philo wrote:
On 11/01/2012 02:18 PM, Tony wrote:
stupidly I have allowed a file_restore trojan to highjack my
pc. I
have
tried running system restore in safe mode with cmd. I have rub
Malwarebytes in safe mode. System restore just freezes and
Malwarebytes
doesn't help either. I thought I might re-install Windows from
CD but
this says I have a newer version already and stops. I've tried
to
format C to allow installation from the cd but the drive won't
unmount.

Can I create, somehow, a bootable flash drive so that I can
re-inatall
from my CD?

Any ideas would be very welcome.

Tony



You cannot format your drive from within a running OS

you need to *boot* with your install cd


be sure to back up your data first and scan it for malware

Thanks. I can't access any files to back up.

I've tried *booting* from my cd however after lots of files have
copied
I get the BSOD with this message
STOP:0x0000007B(0xF78D2524,0xC0000034,Ox00000000,0 x00000000)

Tony



Then you have hardware problems too.

Could be a dirty or scratched cd.

your cd rom may be bad or need a dusting out


CAUTION: If you format your drive all your data will be gone
so that needs to be backed up first. You need to use a live Linux
cd
and an external drive

thanks. again, unfortunately now you've lost me, i'm afraid. Linux
is
something I read about but don't know what a live Linux cd is. I
do
have an external drive though. Also my pc hard disk is partitioned
with
all my data on drives other than "c" so I was hoping to reinstall
windows to "c" & then access all my data from the other partitions.

In the meantime I'll clean my disK & hoover out my cd rom

I've now read up live Linux cd's, Ubuntu seems the most user
friendly.
I'm off to bed now but will try & create a live Linux cd tomorrow


Before you go wiping everything out, create a bootable Kaspersky
Rescue
CD (which is Linux-based) from the downloadable ISO file, and boot
with
it (with your network cable connected so it can go online to update).
Click the option to update, then when the update is done, click to
scan,
and make sure you check mark the C: drive to be included in the scan.
It
will find any malware and give you the option to remove it. Write
down
everything it finds and post back with the info before you remove
anything, if you need help determining if it's ok to remove something
it
finds.

Kaspersky Rescue Disk 10
http://support.kaspersky.com/viruses/rescuedisk

How to Use the Kaspersky Rescue Disk to Clean Your Infected PC -
http://www.howtogeek.com/howto/36403...r-infected-pc/


You can also use its Linux operating system after the scan is done
and
closed, to mount your Windows drive, and use the file manager to copy
your files to a USB stick, if desired.

Hi. Thanks so much for all the ongoing help. I've created a Kapersky
Rescue Disk, Updated it and spend the morning Scanning my PC.

It hasfound 2 Trojans, although it describes it as having found 3
malicious objects, perhaps because 1 is in two places.
-
Trojan-FakeAV.Win32.FakeSysDef.ekk in AppData/eKiousRYqssWq.EXE and
also in HKEY Local Machine....\RUN

and Root.Boot.SSTA. in /dev/sda

In both cases Kapersky recommends removal.

I've also taken your advice and used File Manager to back up my data
to another drive


This newsgroup is not the best place to deal with malware removal, but
in addition to the Fake/Rogue AV trojan, you have what looks to be a
"boot kit".... a root kit which infects the Master Boot Record (MBR)....
Root.Boot.SST.A
This may also be involved in XP setup failing with a BSOD, if setup had
reached the point where it was going to start from the hard drive.....
and possibly even before that.

Make SURE you have saved ALL your personal files to another drive, then
have Kaspersky remove everything it finds, all copies of the malware.
The first detection is a file... eKiousRYqssWq.EXE, the second detection
is a Registry entry telling that file to run at every Windows start
(HKEY Local Machine....\RUN). The third detection is the boot kit....
Root.Boot.SST.A

When done, have Kaspersky shut down/restart the computer and see if
Windows will start. Post back with your results.... even if Windows
starts, you are not done cleaning.
--
Glen Ventura
MS MVP Oct. 2002 - Sept. 2009
CompTIA A+

  #19  
Old November 3rd 12, 11:58 AM posted to microsoft.public.windowsxp.help_and_support
Tony
external usenet poster
 
Posts: 12
Default trojan has highjacked pc

On 03/11/2012 00:12, glee wrote:
"Tony" wrote in message
...
On 01/11/2012 23:36, glee wrote:
"Tony" wrote in message
...
On 01/11/2012 22:51, Tony wrote:
On 01/11/2012 21:18, philo wrote:
On 11/01/2012 02:54 PM, Tony wrote:
On 01/11/2012 19:28, philo wrote:
On 11/01/2012 02:18 PM, Tony wrote:
stupidly I have allowed a file_restore trojan to highjack my pc. I
have
tried running system restore in safe mode with cmd. I have rub
Malwarebytes in safe mode. System restore just freezes and
Malwarebytes
doesn't help either. I thought I might re-install Windows from
CD but
this says I have a newer version already and stops. I've tried to
format C to allow installation from the cd but the drive won't
unmount.

Can I create, somehow, a bootable flash drive so that I can
re-inatall
from my CD?

Any ideas would be very welcome.

Tony



You cannot format your drive from within a running OS

you need to *boot* with your install cd


be sure to back up your data first and scan it for malware

Thanks. I can't access any files to back up.

I've tried *booting* from my cd however after lots of files have
copied
I get the BSOD with this message
STOP:0x0000007B(0xF78D2524,0xC0000034,Ox00000000,0 x00000000)

Tony



Then you have hardware problems too.

Could be a dirty or scratched cd.

your cd rom may be bad or need a dusting out


CAUTION: If you format your drive all your data will be gone
so that needs to be backed up first. You need to use a live Linux cd
and an external drive

thanks. again, unfortunately now you've lost me, i'm afraid. Linux is
something I read about but don't know what a live Linux cd is. I do
have an external drive though. Also my pc hard disk is partitioned
with
all my data on drives other than "c" so I was hoping to reinstall
windows to "c" & then access all my data from the other partitions.

In the meantime I'll clean my disK & hoover out my cd rom

I've now read up live Linux cd's, Ubuntu seems the most user friendly.
I'm off to bed now but will try & create a live Linux cd tomorrow

Before you go wiping everything out, create a bootable Kaspersky Rescue
CD (which is Linux-based) from the downloadable ISO file, and boot with
it (with your network cable connected so it can go online to update).
Click the option to update, then when the update is done, click to scan,
and make sure you check mark the C: drive to be included in the scan. It
will find any malware and give you the option to remove it. Write down
everything it finds and post back with the info before you remove
anything, if you need help determining if it's ok to remove something it
finds.

Kaspersky Rescue Disk 10
http://support.kaspersky.com/viruses/rescuedisk

How to Use the Kaspersky Rescue Disk to Clean Your Infected PC -
http://www.howtogeek.com/howto/36403...r-infected-pc/



You can also use its Linux operating system after the scan is done and
closed, to mount your Windows drive, and use the file manager to copy
your files to a USB stick, if desired.

Hi. Thanks so much for all the ongoing help. I've created a Kapersky
Rescue Disk, Updated it and spend the morning Scanning my PC.

It hasfound 2 Trojans, although it describes it as having found 3
malicious objects, perhaps because 1 is in two places.
-
Trojan-FakeAV.Win32.FakeSysDef.ekk in AppData/eKiousRYqssWq.EXE and
also in HKEY Local Machine....\RUN

and Root.Boot.SSTA. in /dev/sda

In both cases Kapersky recommends removal.

I've also taken your advice and used File Manager to back up my data
to another drive


This newsgroup is not the best place to deal with malware removal, but
in addition to the Fake/Rogue AV trojan, you have what looks to be a
"boot kit".... a root kit which infects the Master Boot Record (MBR)....
Root.Boot.SST.A
This may also be involved in XP setup failing with a BSOD, if setup had
reached the point where it was going to start from the hard drive.....
and possibly even before that.

Make SURE you have saved ALL your personal files to another drive, then
have Kaspersky remove everything it finds, all copies of the malware.
The first detection is a file... eKiousRYqssWq.EXE, the second detection
is a Registry entry telling that file to run at every Windows start
(HKEY Local Machine....\RUN). The third detection is the boot kit....
Root.Boot.SST.A

When done, have Kaspersky shut down/restart the computer and see if
Windows will start. Post back with your results.... even if Windows
starts, you are not done cleaning.


I've given up on it. Having backed up all my data I've now carried out
a clean installation. I am grateful however for all the assistance I've
received.

My installation has not gone as well as I'd have liked so I'll post a
new question.

Tony
  #20  
Old November 9th 12, 01:28 PM posted to microsoft.public.windowsxp.help_and_support
David H. Lipman
external usenet poster
 
Posts: 4,185
Default trojan has highjacked pc

From: "Tony"

stupidly I have allowed a file_restore trojan to highjack my pc. I have tried running
system restore in safe mode with cmd. I have rub Malwarebytes in safe mode. System
restore just freezes and Malwarebytes doesn't help either. I thought I might re-install
Windows from CD but this says I have a newer version already and stops. I've tried to
format C to allow installation from the cd but the drive won't unmount.

Can I create, somehow, a bootable flash drive so that I can re-inatall from my CD?

Any ideas would be very welcome.

Tony


Please define what you think a "file_restore trojan" is.


--
Dave
Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk
http://www.pctipp.ch/downloads/dl/35905.asp


  #21  
Old November 15th 12, 09:09 PM posted to microsoft.public.windowsxp.help_and_support
Greegor
external usenet poster
 
Posts: 96
Default trojan has highjacked pc

STOP:0x0000007B [etc]

Are you positive your install CD is genuine?
  #22  
Old November 15th 12, 09:18 PM posted to microsoft.public.windowsxp.help_and_support
Greegor
external usenet poster
 
Posts: 96
Default trojan has highjacked pc

Have you tried booting from another hard disk and
setting up this infected drive as a second drive?
(Slave jumper)

Then virus scan the heck out of the infected drive?

Got a utility to wipe the MBR?

Treat it as a data drive until you migrate the
files off it.

 




Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is Off
HTML code is Off






All times are GMT +1. The time now is 02:55 PM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright ©2004-2024 PCbanter.
The comments are property of their posters.