Posted on 05/30/2011 9:08:08 AM PDT by Outlaw Woman
Harddrive Failure Start up menu is empty (No outlook express, no list of program files) but still has My Computer on it.
OS XP Home Pentium R D 2 80GHz
Try going here and download Norman Malware Cleaner this does not have to be installed you can also download all the other malware and virus programs here just hit freeware.
http://www.snapfiles.com/Freeware/security/fwantispy.html
I run bual boot, both XP PRO 32 and WIN 7 PRO 64. It was the XP partition and ALL my other hard drives which got hit.
In a dual or multi boot partition the unused or inactive partitions are invisible to the active partition and therefore my WIN 7 partition survived unharmed.
I got bit by that very thing a while ago. Afterwards, I disabled the MS anti virus (run Kaspersky) and now if I EVER see that popup (which I don't) I would know. I had to use one of the help forums cybertech.com I believe was the name/. Those can take a few days though. It's free but all volunteer.
Looked to me like you were getting some good direction. I’m like you - I could not BELIEVE that I had been taken in by the scam.
I am interested if unixfox would share about the COmboFix - they used that to help me only after they looked at a Hijack This! log.
Thanks so much for the link. My connection is spotty as this virus keeps shutting me down about every 10 minutes but please know I greatly appreciate your help and your ‘story’. (I feel a little better...not much but some...lol)
http://en.wikipedia.org/wiki/CCleaner
Thank you.
What a day! I am now back in business thanks to the help/suggestions/links you provided and really I can’t thank all of you enough. Just in case somebody digs this out of the archives in the future I will recount what I did.
I went to the liquor store...no wait wrong tale! lol
I managed to get the Task Manager up and running
I typed in ‘restore’
System Restore came up and I set it back just before the virus scan at 4:00AM yesterday morning. It worked! (this function has NEVER worked for me before)
My desktop was restored, minus several files/icons and all program files were back in the start menu as well as email etc.
I then went about ‘cleaning house’
I went to bleepingcomputer (a fitting name I might add) and downloaded combofix and ran it. I was watching the ‘scan’ and at the end it started deleting files (I panicked but resisted the urge to cancel the scan). After that it logged what it did so I have that saved.
I also ran the registry scan that is on that site and it picked up over 525 problems with the damage level being ‘high’. It “fixed” 16 but...if I want the remaining to be fixed, I have to pay...not ready to do that just yet.
Then I ran malwarebytes.
Malwarebytes picked up 2 infected areas ‘trace.win’. At the end I clicked remove and they were nuked.
In the meantime, Microsoft essentials icon turned red and said that there was a ‘threat’ and asked if I wanted to fix it (rated severe btw). I clicked yes and it was nuked. From the name, ‘Trojan.fake...’ I’m relatively sure that was the culprit.
I then went to the control panel, folder options and clicked on show folders and the remaining icons came back on my desktop.
All my pictures and Documents are back as well; however, they are ‘dimmed’. Don’t know what is up with that. All the information is there though.
All my Favorites have been wiped out as well as the ‘Favorites Bar’. I’m bummed about that because there were many sites marked plus I had a FR Folder which I ‘stored’ various threads. So if anyone knows if there is something I need to do to retrieve those, please let me know. (Like with the hidden files option)
I’m not finished as I am running the Cleaner that is on C-net and probably will do an additional MS scan yet tonite.
Oh btw, on bleepingcomputer, when I downloaded combofix, an option came up to install a ‘system restore console’ which surfaces after a reboot. This will be handy if something ever happens to the task manager or whatever.
So..that’s my story and I’m stickin’ to it. Thanks again. I would buy all a drink/soda or something if we were in the same area but as it is just know I am grateful to you. (This internet thing NEVER ceases to amaze me...even after all these years!)
ow
There were no ‘hidden’ or ‘read only’ files like on all my other drives.
you might try running the attrib command in the cmd box under run.
go to the start command (lower left) and click start and then type cmd
you should be in the C;———— directory
type cd \ (notice that is a BACK slash, which should put you in the root directory on the C drive
now type attrib -h -r *.* /s
which should now unhide whatever is remaining hidden. If this doesn't restore your missing files then they are most likely permanently gone. This what I had to do to regain access to all my other hard drives (d, E, F, and G) to regain access to the files on those drives.
If you have any questions regarding the attrib command, while at the C: prompt type help attrib and it will show the options available.
Click on the start box in the lower left corner.
Click on RUN in the box which now shows up.
Type cmd in the little window which opens up with a black background.
type CD \ at the end of the last line displayed.
(you should now be at the root of the C drive.)
Now type attrib -h -r *.* /s
hit enter.
This will remove the ‘hidden’ and ‘read only’ attributes on all the files on your C drive. The *.* implies ALL files and directories and the /s means to include all the sub directories as well.
NOTE: this now unhides all of the normally hidden operating system files as well. To rehide the normally hidden and protected operating system files you need to go to ‘my computer’ and click on the C drive’
Now on the top line you need to click on tools and on the small menu which pops up click on Folder Options which brings up another menu box containing the folder options.
Within this box you now click on view which brings up yet another menu box with a whole lot of options.
Within this menu box click on ‘do not show hidden files and folders’ and also click on ‘ hide protected operating system folders’ as well which will now hide the operating system files and folders so you can't accidentially delete them.
PLEASE NOTE: I sue the classic view in WIN XP because I am most familiar with it so some of the commands may be different if you use the newer XP view.
I'm sorry that I wasn't more precise in my last post but I was in my WIN 7 PRO 64 partition on a string of video file conversions (compressions) which has been running for a day now and I didn't want to stop it just to log in under XP to double check what I had previously typed.
My long running conversions has just finished and so I logged in under XP to make sure that what I typed was correct. Dan
one correction to my ‘more precise?’ ecplaination:
type cmd in the small box with the white background and then CD\ in the larger box with the black background.
Love a happy ending
BFLR
Sure thing!
You can try CCLeaner to fix the rest of the registry issues, Another free program and it usually works pretty well for me.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.