We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Windows XP home edition
Comments
-
Thanks for the PM niftydigits and all who have replied here,
I'm really sorry but I'm going to have to come back to this tomorrow morning as I'm having eyes rolled at me and I have to get ready to go out.
Thanks so much for all of your help. It's very much appreciated, I just wasn't expecting to have to do this now. (my mistake, sorry)
:starmod:you're awesome.. act like it:starmod:0 -
Caitlin_Bree wrote: »The infection that was detected (in previous posts) was rogue windows system protection
I'd assumed the main components of the infection were cleared, as per your previous thread:Caitlin_Bree wrote: »Malwarebytes got rid of the trojans, but only after restarting in safemode and running it again to catch a restore point modification which was reinstalling the trojan.
Now malwarebytes is saying the computer is clean but I'm not sure I trust it.
"....a restore point modification which was reinstalling the trojan"
I'm assuming after initially removing the malware you ran a full scan which detected files in the system volume information folder (aka Sytem Restore).
When creating restore points, Windows may backup certain files - it doesn't distinguish between good or bad so it may backup malware files. These files in system restore cannot "reinstall the trojan" unless you actually utilise system restore to restore the system to a point where the infection becomes active again.
As I said, scanners may pick up leftover traces - without the main components of the infection, these are relatively harmless.
If the infection is being removed & then returning, it points to another problem - possibly a rootkit as it's not unknown for these rogues to be present along with a rootkit infection.
Without a diagnostic log of somekind it's hard to tell what is going on without it being sheer guesswork.
.0 -
It depends on your neighbours situation of course, but it seems crazy to me to spend money on a copy of XP for a pc that is obviously pretty old and creaky at the best of times. Maybe rather than struggling on with this one, they would be better off putting the money towards buying a new up to date laptop or netbook. How much effort is it worth putting into this machine?0
-
It depends on your neighbours situation of course, but it seems crazy to me to spend money on a copy of XP for a pc that is obviously pretty old and creaky at the best of times. Maybe rather than struggling on with this one, they would be better off putting the money towards buying a new up to date laptop or netbook. How much effort is it worth putting into this machine?
They have the disc now.0 -
if you havent done so, replace the battery should be a CR2032 if you have a 99p shop locally they sell them. or a poundland, usually 8 batteries 4 of which should be 4xcr2032 and 4xcr20360
-
Well after putting out a call for XP home, the owners managed to find their disc. So thank you to everyone for their suggestions but that part's sorted now.
Yes.. a rootkit, that's what I was getting at. That the infection was returning, not that it was being restored from an actual restore point. Something was allowing the problem back or hiding it if it was started in anything other than safe mode and without using a process killer first.
If you say the CMOS isn't related I'll take your word for it. I don't know enough to say differently. I was going on what I read here:http://www.infosec.gov.hk/english/faq/files/protectionfromvirus&mc_faq_eng.pdf (no3)
Regarding the infection. There was a trojan and a couple of viruses that were removed initially, which were detecting after being cleaned. I got those off and it seemed to be ok but I still didn't trust it.
So, as recommended, I did the antivirus boot scan and it detected Trace.Registry.Searchit and Rogue.Win32.SystemProtection..
After taking them off it scanned as clean, and windows security essentials started working. But on restart, it scanned as infected again and security essentials reverted to being disabled. so it seemed to be redetecting it.
I also had problems getting the update on emsisoft to work (similar issue as with security essentials) and am unsure as to why it suddenly started working. But it did. The infections were removed and security essentials were re-enabled.(This was all prior to the beginning of this post)
As I said, it is working now, but ridiculously slow. And my distrust is heightened by it seeming to detect something else with each different antivirus scan after appearing to be ok-ish.
I still need to do another antivirus boot cd scan to see if it's finding anything new. I just have a couple more questions.
If it is a rootkit, will I have to go through diagnostics with hijackthis and fix whatever first? or would reformatting deal with any system changes that have been made?
Also, would reformatting deal with the CMOS issue if it is corrupted? (I'll change the battery too to be sure.)
And, will reformatting fix issues with the commit charge if there are any?.. or is that more to do with the physical side of things? (I realise the computer's old and it's not going to upgrade it).
I have no idea what the BIOS set-up is and wouldn't know where to look to tell you. Yes it is a PATA disk . I know they had someone fix it a few years back, I wonder if that might explain the weird wiring.
Thanks so much for your patience and help... and apologies for the length of this.
:starmod:you're awesome.. act like it:starmod:0 -
It depends on your neighbours situation of course, but it seems crazy to me to spend money on a copy of XP for a pc that is obviously pretty old and creaky at the best of times. Maybe rather than struggling on with this one, they would be better off putting the money towards buying a new up to date laptop or netbook. How much effort is it worth putting into this machine?
The PC is/was fine for what they want to use it for, and while they will eventually have to upgrade, it jerks my chicken that they should have to do this now because someone took advantage of them.
If I can get it back to them in the same condition as before, without them having to pay out any money, I'd much rather do that.
:starmod:you're awesome.. act like it:starmod:0 -
reformatting the hard disk and reinstalling windows has no effect on cmos, would wipe any infection if there is one, and would help reduce commit charge if that is a problem, but would obviously wipe all their data and programs and settings too, so you may need to back data up, which is best done when you are sure the machine is clean from infections, which in this case is best done with a boot cd (although it might not detect everything)
did you do the kaspersky update before scanning?
commit charge is how much ram is being used by the system and programs, especially the ones at startup, on a 512MB system, it's quite easy to use more ram than it has, once many years of startup crap has been loaded on, that is when a system goes slow.
on restart it scanned as infected, what scanned what? what was infected, which files, in which directories, which infection?
re slow, post the commit charge, peak commit charge, and hijackthis, it takes seconds.!!
> . !!!! ----> .0 -
I didn't use Kaspersky. Should I scan it with that too? So far I've used malwarebytes, zone alarm, hitman pro and emsisoft.
Malware bytes picked up for the first lot of infections in documents and settings, but I can't tell you what or where they were as there is now only one log in there and it only contains negative detections.
I'm pretty sure there was a log containing something but it's not there now. (I didn't delete it.)
Emsisoft scanned the C drive and found: Trace.Registry.Searchit and Rogue.Win32.SystemProtection in Application data\ lots of numbers and letters (I'm not really sure what you're asking me, sorry)
Is the commit charge info on the bottom of the task manager window? (848M/1250M) or under "performance"?
Total 868720
Limit 1280052
Peak 1038456
Do I just need to scan and save the logfile for you with hijackthis? or do I need to "analyzethis" beforehand?
One more thing, the only things they really want saved are docs and photos so reformatting and reinstalling all the programs on it won't be an issue as long as I can keep them. I'm assuming it won't be a problem to save personal files of these types to disc. (will it?)
:starmod:you're awesome.. act like it:starmod:0 -
Reinstalling the programs won't be hard(but will be time consuming) if you have the required disks.0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 351.7K Banking & Borrowing
- 253.4K Reduce Debt & Boost Income
- 454K Spending & Discounts
- 244.7K Work, Benefits & Business
- 600.1K Mortgages, Homes & Bills
- 177.3K Life & Family
- 258.4K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.2K Discuss & Feedback
- 37.6K Read-Only Boards