THE BOOK--Playing The Percentages In Baseball

A pretty common technique for viruses is to set a system proxy server. If you go into Control Panel, Internet Options, Connections tab, and click the LAN Settings button, make sure the “Use a Proxy server” is unchecked.

Using something like Hiren’s Boot CD lets you boot an installation of XP outside of your current OS and install and run anti-virus programs without ever having to boot into your infected OS installation. Once you clear out most it with that, a combination of ComboFix and a few anti-virus and anti-spyware programs should be able to take care of the rest.

An “iso” file is a disc image, and using various free iso burning utilities you can burn the iso to a a disc, and then use that as the install disc.

And if you do decide to simply start clean again, you should probably format your hard drive, which basically means wiping it.

Have you gone into msconfig to see if any weird processes are running on startup that you can disable?

Tom, do yourself a favor and get Windows 7 rather than trying to mess with Vista, especially if you’re trying to work an Xp to Vista upgrade. 

I had my desktop at home on Vista, and had quite a few problems with that OS over 2-3 years.  Recently it completely hung up on me over some mouse/keyboard issues (trying to switch to a wireless keyboard & mouse, actually), to where I couldn’t boot it no matter how hard I and my computer-expert-brother tried.

I finally decided to just get on Windows 7, which I’ve had on my laptop for a year now with literally zero problems.  Since then, bliss…

Whatever it might cost you to get Win 7 ($100?), put that against the hours of struggle you are sure to have with the XP to Vista “upgrade"…

Definitely don’t go to Vista - a terrible operating system, counter-intuitive for long-time Windows users. Windows 7 is, amazingly, an actual upgrade. Like XP has been for the past 8-10 years, I’d expect it to remain the industry standard for a while. This is virtually certain where I work (gov’t in Canada), since we are all getting upgraded to Windows 7 from XP.

If you don’t want to invest in that, I’d do the clean wipe/reformat and re-install XP. It doesn’t take as long as it used to in past decades, and it’s a clean method. Windows systems try their best to remember everything you have ever done or had installed - the more upgrading and re-installs you do, the worse various systems conflicts get. And you won’t miss the accumulated junk even a well-maintained system can’t avoid in Windows once it is gone.

Re: Vista v Windows 7.

At home, we currently have three machines:
Dell Desktop XP, nearly 5 years old
Toshiba Laptop, Win7, 2 years old
HP Laptop, Win7, 1 month old

The basic idea is that the HP is mine, the Toshiba is my wife’s, and the Dell is the “family” one (eventually to be my kid’s).

The idea was also that I would eventually migrate everything off the Dell, and move to the Toshiba/HP.  (I’ve been REALLY lazy about this.)

Right now, the Toshiba has a couple of apps, and that’s it.  All the data has been moved there as of this weekend.

The HP doesn’t have any apps yet, and this off-season was when I was going to move all my baseball stuff, and my other goodies, to there.

That’s my target.  So, the ideal scenario is that the Dell gets whatever band-aid I can give it, until it becomes its destiny: a backup hard drive, and web-access machine.  In the meantime, so as to not rush me into configuring both Toshiba and HP, I want it somewhat usable.

And I hear you on the Vista: I got the upgrade disk almost 5 years ago, and only last night did I actually open the packaging, just fearful of the Pandora box.  The only reason I even considered it is that this would be a way to fix the O/S without touching the data files or apps.

If on the other hand I can fix the O/S with this iso file (i.e., leave my data files and apps untouched), then I’d much prefer that.  Would I be able to “update” my current (and damaged) XP SP3 by “upgrading” to the ISO disk?  I hope I can, but I presume I can’t.  Hence, since I have Vista, then I was going to try a real upgrade that way.

If I have to go with a Win7 desktop, I’d almost prefer to just buy a new one for 300$ or 400$, rather than spend 100$ on the OS itself.  The monitor is fine and can be reused.  But, I prefer staggering my PC purchases every 2-3 years.  Getting three machines in the span of 2 years seems overkill to me.

If you need to start clean on your 5 year old Dell desktop, you should try to activate the disk image backup that came with most Dells during this time.  This is an image of the OS as the machine shipped, on a hidden HD partion.  You activate it before XP loads by hitting Ctrl + F11.  You then enter some bios level promts and warnings that you will lose everything on your system HD, but you will end up XP installed and no virus. 

However, hitting Ctrl + F11 needs to happen at same time you would tell XP to boot into Safe mode, so you might need a wired keyboard to make this work.

Thanks to everyone for their suggestions.

I tried Step1 (WinSockFix) and that did not help.

I also did a chkdsk, and that uncovered several problems.

I really think what I’ll do is defer maintenance on this machine until the weekend.  It’s turning into a time bear, and in any case, I have two other laptops that I need to configure and are my primaries anyway.  After I get those working, I’ll come back to the old desktop, and decide what to do (have more “fun”, or just reinstall from scratch).

I just went through this on my dads PC tonight. Ran Malwarebytes and got rid of some spyware that may or may not have been related, but what got rid the popup and it’s magical .exe closing abilities was this:

The fake security program has a shortcut on the desktop. Right click on it and get it’s properties, noting the location it points to. In my case it was under Documents & settings/all users/application data, right at the bottom.

Once you have the location restart your computer and hit F8 to go into safe mode. After you start up in safe mode go to the location noted, delete the file, then delete the file from the recycle bin.

I’m not 100% sure it’s gone, and I’ll be running a couple other programs over the next few days to make sure, but doing that got rid of the popup and the shortcut on the desktop.

Force XP to boot to Safe Mode without the keyboard:

Start / Run / type msconfig / BOOT.INI tab / check /SAFEBOOT / OK / Yes to restart.

http://tinyurl.com/d3fucmy

hylen/10: thanks, I actually found that also this morning!  I appreciate you documenting it here.

***

Dark/9: it’s preferable to run malwarebytes in safe mode (or even from a boot disk).  That was my mistake: I ran it while the system is running. 

But by that point, the virus attached itself to my virus exe files, so running those propogated the issue.  It even hit my Oracle listener, and iexplore.exe, and Msft security essentials.  It looks like to went after whatever exe files I already had running.  So, if you were lucky enough to not have malwarebytes running at startup, then it was still clean.

There were other files that I noticed looked very weird.  One was called ed85cba5 (I think that’s what it was).  And if you look in task manager, there was an exe file of all numbers.  It was a string of 10 or so digits, followed by colon, followed by another 10 or so digits.

When I ran System Restore, all of those failed.  When I ran a virus scanner, it quarantined various system restore ini and exe files.

If you’re having trouble loading Malwarebytes, you might try downloading a new copy (say on your laptop and copying it over with a thumb drive) and saving it under a different name. Without seeing the expected name for the program, the fake name might let it slip by the virus. (Safe Mode, of course) Careful with the thumb drive, though, you wouldn’t want it to infect your other machines. A one-time only CD would work for the copying, which you could then destroy.

I had success with this method a few years ago when a virus targeted my anti-virus programs, rendering them unusable.

You probably already know, but best not to reconnect to any network until you’re sure you have wiped the virus out. If it’s still active, it could invite a few of it’s friends over for dinner.

Typically, virus programs delete all earlier system restore points to protect themselves, so no surprise it won’t work for you.

Personally, I’d just start over with a clean install. Could end up less time consuming than trying a work-around, you could be sure the virus isn’t lurking around somewhere, and your machine will probably run better as a result.

I too contracted this same virus.  I was able to squelch it by running my already installed MBAM in Safe Mode.  I still have some iexplore item from some place still hijacking some web searches.  I start iexplore as administrator and it seems to work a little better.  I still get an occasional audio ad file playing too.  I believe I will nuke and pave this weekend.  Superantispyware found even more-
c:\programdata\privacy.exe
c:\users\yourname\AppData\local\temp\450F.tmp
HKCU\software\microsoft\windows\currentversion\run\privacy protection
I had to use the MBAM File Assassin tool to remove other suspicious files including the Desktop Privacy shortcut.

Here you go:

http://www.bleepingcomputer.com/virus-removal/remove-privacy-protection

I am so glad to find this discussion.  I got hit by the same virus, I ran Microsoft essentials and it found the Trojans that were downloaded onto the hard drive and killed them.  However, I still cannot get Internet connectivity, nor can I get my restore points to work.  I also ran malwarebytes and that seemed to catch a few more.  I did delete the program privacy.exe, looking at the shortcut placed on the desktop.  Seeing that I kind of figured that this was not a very sophisticated attack.  However, I’m going to try some of the above suggestions to try and get my Internet connectivity back.  I think if I can get that.  I’m pretty confident most of the viruses are gone.  If anyone has any further suggestions for getting back the Internet connectivity – which is mainly what I need – please let me know!  And thanks for all your help up to this point.

Postscript for me: I ended up losing both of my CD/DVD drives as well for some reason (why?  I don’t know… they were both working fine, but I must have done something… chkdsk was the only system-level thing I ran).  So, I was unable to install from there.  And this weekend, I was unable to even boot at all.

In any case, I had decided to simply give up, in light having everything transferred to the two laptops.  The third machine simply became a pain in the b-tt, not to mention that a replacement would cost under 300$ (if I needed to), with at least double the memory, hard disk, and speed than the desktop has.

So, I’m just going to stick with the two laptops, and if one of them goes, then I’ll worry about getting a new machine.