How do I recover from a bad virus infection?

September 5, 2007

Over the past weeks on my older Windows XP machine:

  • I’ve had frequent re-infections of some virus or Trojan that resets my IE home page, disables Task Manager, and blocks my access to System Restore.
  • Several times each day, I run AdAware, Spybot, and my virus program (Panda) to remove identified infections and spyware.
  • I read where disabling System Restore and then running a virus scan would clean out any virus strands that were inadvertently being backed-up with each shutdown/startup cycle.
  • My virus and spyware programs sometime identify Services.exe and Winlogon.exe as viruses. When this happens, these files are referenced as being in located in the C:\Windows\inetdata sub-directory (which is not where they should be).

Did I royally screw things up by disabling System Restore? I understand by doing this, I erased all existing restore points so that wouldn’t surprise me.

First let me say this…

YIKES!

You’ve got a serious infection here. In all honesty, I’m not sure the patient will survive. But let’s run through some options.

<!– if (!document.phpAds_used) document.phpAds_used = ‘,’; phpAds_random = new String (Math.random()); phpAds_random = phpAds_random.substring(2,11); document.write (“”); //–>

Here’s how I’d proceed:

  1. disconnect from the network
  2. boot in safe mode
  3. run the system file checker
  4. run your AV and Spyware scans. Turn on any “immunize” options in the spyware checker
  5. Reboot in normal mode.If things work properly at this point skip the next two steps
  6. Reinstall Windows XP. When you reinstall, you should have the option of doing a “repair” install or an install “on top of” the existing installation.If things work properly at this point skip the next step.
  7. If things are so bad that it’s still not working properly, in your shoes I’d reformat the machine and rebuild it. Trying to coerce it into working again may just be more effort than it’s worth. Be sure to save the data you care about first, of course.
  8. Enable or get behind a firewall
  9. Reconnect to the network.
  10. Update your anti-virus software’s database and your spyware scanner’s database and run scans again.
  11. Visit Windows Update, and do take SP2.

It concerns me a great deal that you’re getting reinfected so quickly and so often. If you’re not doing something silly, like opening unidentified attachments, or visiting malicious web sites, that shouldn’t be happening at that rate.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: