The dreaded rebuild!

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Hello all,

As the title suggests I am trying to avoid the dreaded rebuild!

I have a mates machine from work which is riddled with viruses / spyware that basically stop anything from running when the machine boots. I cannot install any virus software or spyware removal software as the machine locks up the minute it loads into XP.

Last known good config shuts down the machine as a vssppcmp.exe (looked for this on google and nothing was found so no idea what it is) error pops up and shuts the machine down again. Started in safe mode and removed as much rubbish as I can find but the problem still occurs and obviously I can’t install anything in safe mode.

Is there any other way of checking and removing these viruses and spyware programs?

In the long term I think a rebuild will be the best option and get him to get a firewall and virus software package on the machine, but just wanted to know if anyone had any other ideas.

Cheers

 

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

I can't find that error by Googling either or on Microsoft's XP support page. Last known good config starts the computer using information that was saved to the Registry during the last shutdown. If you are getting an error in Last Known Good that shuts down XP, I'd say you have a major glitch somewhere in the Registry.

About the closest I came to finding an answer of any sort was this:

http://support.microsoft.com/kb/244905/

It describes a situation where an imcompatible driver is stopping Windows from being loaded. Maybe it can work here, too. Hope it helps.

 

Try downloading and installing the ewido suite. (It has a free 15 day evaluation period. After that the functionality is somewhat reduced.) Run it first and then run HijackThis and post the log from it, or at least post the log in an attachment as they can get pretty long.

We'll see if we can't get it figured out.

I've just lately come across the Ewido suite, and it seems to be pretty good. However, there is one caveat. You need to delete each bad piece of malware individually or it will get rid of some needed Active X programs on a Windows computer. Or, you can just reinstall all the needed software that goes missing after you let it get rid of everything automatically.

It is amazingly thorough as I've cleaned up a couple of badly infected computers with it. It is about the only anti-malware/spyware software available that will find and kill the junk that lives in memory rather than on the hard disk.

 

Down loading now

My only concern is how to get it onto the infected machine as I am having difficulty installing anything.

 

Try booting into safe mode. Or, try running HijackThis first and we'll go through it. That may get you enough time to be able to install ewido.

 

Tried safe mode before but I will give it another go

Just downloading hijack-this and I will give it a go

Thanks for the help freeloader

 

Running the ewido suite now, already found 38 infected objects!

I was trying to install the microsoft anti-spyware software before and would not let me in safe mode. Ewido has installed and is running.

Hijack-this stopped and threw out an error report which I will attach later on once the ewido suite has finished scanning.

 

nod32 mate!! install in safe mode... never failed me once!there is a trial version so it wont cost you!

 

Thanks Zimbo

Just running the ewido at the moment over in the test lab!

Will try your suggestion as well

 

You need to run this after you finish running the ewido tool. If you don't it will be a huge waste of time because we'll be looking at stuff that doesn't exist anymore.

 

Roger that!

Ta mate

 

Just want to say a big thank you to all that helped on this problem.

Freeloader - Ewido did the trick mate as I can now boot into windows properly, cheers.

If you would still like to view the reports let me know and I will post them.

Many thanks to all

 

Yeah, i would like to see the reports and i am sure others would too.
Well done on sorting it out. Grab yourself a beer.

 

I think posting the report as an attachment would be a good idea. I hate to be a bit of a pessimist but you can't be sure you got everything...just the junk that was causing the worst set of problems. There could be more critters lurking in the woodworks.

 

Yup. That's why I recommended running HijackThis and posting the log. Do post it as an attachment though as they can be really long depending on what all is running on the computer.

 

Yup - just to add:

Copy the output from the report into a .txt file, then upload that as an attachment. Works a treat, and saves our server space and bandwidth at the same time

 

I am currently running the hijack program and once that is complete I will attach the reports so you can have a browse over them!

 

I believe it is virtually impossible to eradicate all malware from a badly infected PC. You need to use a variety of removal tools, the ones mentioned here, as well as Spybot S&D, Lavasofts Adaware, Microsoft's anti-spyware beta and whatever else you can get your hands on for free.

The logs that Highjackthis produce are very difficult to decipher, there are forums on the net that have experts totally dedicated to analysing them. We can certainly give it our best shot but there is a likelihood that some evil critter could still be resident. I suppose as long as the computer is usable you have done your job.

The only way to be absolutely sure that your windows computer is free from malware is to re-install the OS.

Malware is becoming more complex and devious every day. As PC support professionals we need to be aware of the various threats and have a game plan for getting rid of them and blocking them in the future.

I always install Spyware Blaster (google the name it is free) on my customers machines. It is not a removal program but it blocks known sites and known weaknesses in both Firefox and IE from being compromised in the first place.

 

I agree with this. If the computer needs to be trusted, then rebuilding it is the only way to go. If it's just used for casual surfing and email it's not as big a deal. But, if it's used to purchase things online, do online banking, and other tasks such as that the only way it can truly be considered trustworthy is wipe out the system drive and start over.

It was a mistake on my part not to point this out as this is what I do with my own computers and those that I work on for people who need to trust theirs.

 

Report files

Hijack would not let me have the full report as it wasn't a full registered version.

Installed microsoft anti-spyware beta but as you said a re-install is the best solution.

Just happy I can now make a backup of his data files that he wants to keep. This is his home machine and he has a flash drive that he uses at work, will be having a 'quiet' word with him tomorrow as that flash drive could affect our network is he takes it home.