Re: XP VIRUS DAMAGE

From: Malke (malke_at_nospoonnotreally.com)
Date: 05/08/04 

Date: Sat, 08 May 2004 14:16:29 -0700

Roy Coorne wrote:

> HARRY wrote:
>> After removing the sasser worm my computer is still behaving
>> strangely.
>>
>> Task Manager shows no processes
>> Clicking on some desktop items gets " error no path found"
>> Automic Live Updates has been unabled and is unavailable.
>> Unable to install anti virus software or access manufacurers web
>> pages.
>>
>> I have manually downloaded all the latest updates and used anti
>> spyware to delete any dangerous files but still all these problems
>> persist.
>>
>> If anyone has any advice I would be most grateful.
>>
> Do a fresh install of Windows after saving your data - there is no
> other safe way out.
> If you are brave, a repair install might do.
>

Harry - do *NOT* do a Repair Install. Your computer is not completely
clean. You have more than just the Sasser worm. The usual way to deal
with this is to:
 
 1) Take the infected machine off the Internet and any lan immediately.
 2) From a different, clean machine download Stinger (http:/
vil.nai.com/vil/stinger/) and run it in Safe Mode. Stinger is a limited
virus checker, but its advantage is that it is standalone and doesn't
need to be installed.
 3) Hope that Stinger cleans up the machine enough to be able to
reinstall your av or install a new, current one. Update its definitions
and do a full scan.
 4) Continue the cleaning process by removing any spyware with Spybot
Search & Destroy (http://www.safer-networking.org) and Ad-aware
(http://www.lavasoftusa.com). Be sure to update these programs before
running them. These programs are free, so run them both since they
complement each other. You may also want to run the latest CWShredder
from http://www.spywareinfo.com/~merijn/index.html. Always read the
instructions before running a spyware removal tool. It is best to run
antivirus and spyware removal tools in Safe Mode.
 5) After you've installed your full-featured av, updated its
definitions and run a full system scan.
 6) Make sure you are running a firewall.
 7) Make sure you've applied all security patches to Windows from
Windows Update.
 
Malke 

-- 
MS MVP - Windows Shell/User
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic!"

Relevant Pages

  • Re: AV proggies close down
    ... I cant install any spyware detecting programs. ... instructions before running a spyware removal tool. ... You will probably have to fix the hosts files before you can get to any ... you'll get a Windows dialog box saying ...
    (microsoft.public.security.virus)
  • Re: Window disapears
    ... instructions before running a spyware removal tool. ... Do not install drivers from Windows Update. ...
    (microsoft.public.windowsxp.general)
  • Re: XP Pro (Full) Setup Issues
    ... You got bit by, I believe, the Sasser worm. ... You must not get on the web without first installing a firewall and virus ... each time I install it the ... run "Windows Update" its during this time that I start to get very odd ...
    (microsoft.public.windowsxp.setup_deployment)
  • Windows Update causes svchost.exe 100% CPU
    ... >I have a Windows SBS 2003 Server and when it reaches ... I was able to install some updates one ... windows components of the add/ remove prog area as well as ... all up to date with the sasser worm going around. ...
    (microsoft.public.windowsupdate)
  • Re: P4C800-DELUXE XP Install Problems --- Hanging
    ... Windows Install Guide by Mr Steveo from ABX Zone Website. ... Additionally, if you have a Springdale or Canterwood chipset motherboard, ... Install chipset INFs before any video or sound drivers. ...
    (alt.comp.periphs.mainboard.asus)