Re: malware

From: Li'l Roberto (whoisit_at_nospam.invalid)
Date: 02/02/05 

Date: Wed, 2 Feb 2005 10:27:39 +1030

Malke
Don't appologize ! you are a knowlegeble and prolific poster here and I
understand your situation, I also support PCs for a living.

Booting with a Bart's PE disk and running AV is one of my first
considerations when dealing with virus's, trojans or malware. In this
particular case F-PROT, my prefered AV just doesn't find anything
amiss.
Also you would expect to be able to deal with these files using
cmd from the Bart PE CD and then CDing to the relevant folder
[system32 in this case].

If no one else has any other suggestions I reluctantly think your option
2 [a reformat] will be the only solution left regretably, as this is a
business machine and obviously it's security is at risk presently.

rgds
Li'l Roberto

"Malke" <malke@nospoonnotreally.com> wrote in message
news:uLFMKVGCFHA.3592@TK2MSFTNGP11.phx.gbl...
> Li'l Roberto wrote:
>
>> Malke
>> this all began just before Christmas, you may recall directing me
>> to
>> the AUMHA forum ? see this post below from 30/12/04
>
>> Anyway none of those good people were able to help me resolve
>> the
>> issue, sure we can see the entries in msconfig and the registry
>> run
>> keys, but the damn files are just not visible in the system32
>> folder.
>> Today I tried MAP's suggestion, however TDS couldn't find any
>> reference
>> to the files -unlike HJT.
>> I need a way of discovering these files so I can delete them, any
>> more suggestions ?.
>>
>
> Hi, Li'l Roberto - Unfortunately, I must have read a thousand newsgroup
> posts between Christmas and now, as well as do this sort of thing for a
> living, so no - I'm sorry but I don't remember your particular problem.
> Also, your original post is no longer available from here.
>
> So - with that said, let's move on. In a difficult case like yours, I
> would do one of two things, one of which requires a great deal of skill
> and knowledge of Windows operating systems:
>
> 1. Boot with ERD Commander (which can be downloaded for an emergency) or
> a Bart's PE. This will give you access to the system in a Windows-like
> environment but not running Windows. Delete the files from there.
>
> 2. Format and clean install Windows.
>
> Here are links to ERD Commander and to the Bart's PE Builder page (you
> have to build your own PE):
>
> http://www.winternals.com/index2.asp
> http://www.nu2.nu/pebuilder/ (Bart's PE)
>
> Best of luck,
>
> Malke
> --
> MS MVP - Windows Shell/User
> Elephant Boy Computers
> www.elephantboycomputers.com
> "Don't Panic!"

Relevant Pages

  • Re: malware
    ... you are a knowlegeble and prolific poster here and I ... [system32 in this case]. ... > living, so no - I'm sorry but I don't remember your particular problem. ... > environment but not running Windows. ...
    (microsoft.public.security.virus)
  • Re: MSCOMCTL.OCX
    ... > for Windows XP and Windows 2000. ... It should be put into the system32 folder, ... Register the one in another folder, ...
    (microsoft.public.vb.general.discussion)
  • Re: maccies - living in the past.
    ... Windows and update them? ... not only is Vista not ... 'Pretty Bullet Proof' the XP and 2003 codebases are. ... I am saying that so far as IT is concerned, living in the ...
    (comp.sys.mac.advocacy)
  • Re: System32 files missing!
    ... I think I accidentally deleted the System32 folder thinking that I ... You can't delete the System32 folder; Windows won't let you. ... how lame most first-tier tech support is, I very much doubt that Comcast ... all your data backed up before you take the machine into a shop. ...
    (microsoft.public.windowsxp.general)
  • Re: Cannot login to Windows XP after repair
    ... %system32% represents the path to the System32 folder. ... Windows XP CD-ROM into the CD-ROM drive, ... If you have a dual-boot or multiple-boot computer, select the installation ... xp cd on two sep hard drives? ...
    (microsoft.public.windowsxp.help_and_support)
Quantcast