Windows Legacy OS forum

General discussion

Huge problem with my XP

by RCyberW / October 19, 2008 4:11 AM PDT

Okay I think I got something called brastk yesterday. During the time when the problem occured, I tried scanning using AVG, Spybot, and AdAware, CCleaner, and System Restore. But System Restore could not restore back to the previous states. So I went online and found a solution how to delete the problem manually. However, after I think I solved the problem, I tried to create a System Restore point, only to find that I cannot create one, and all my previous pointers have been wiped clean, I do not see any cleaning point. I also tried ScanDisk, somehow the function is dead along with defragment. Can someone tell me is there a way to solve all these?? All my other features of Windows XP runs fine, but the ones in System Tools or related are the ones that are corrupted.

Discussion is locked
You are posting a reply to: Huge problem with my XP
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: Huge problem with my XP
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Damage is not always repairable.
by R. Proffitt Forum moderator / October 19, 2008 4:43 AM PDT
Collapse -
are you ready ??
by Nightmares0nwax / October 20, 2008 8:58 AM PDT

you wont fix your problems until you remove that malware. unfortunately not all signature base scanners will detect and remove it. your bet bet is to do a hjt scan, save the log and post it on the cnet HJT forums.

an alternative is

there are many more also.

hjt can be downloaded here, change teh executable name before you run teh scan for maximum effect.

one tool you might need to delete startup entries for the malware is autoruns. deleting teh startup then rebooting means files can easily be deleted. there might be more than one piece of malware there so best to get hjt log analysed first.

antihookexec is a program you can run in conjunction with anti malware apps. it helps these programs detect user mode rootkits, which are used to hide malware elements
pop the antihookexec.exe into C:\windows\system32 folder. and from teh command line you can run programs by typing

antihookexec "C:\path\to\program\you\want\to\run"
antihookexec "C:\program files\autoruns\autoruns.exe"

or you can put auto runs into your system32 folder and type in a command line

antihookexec programname.exe
antihookexec autoruns.exe

i would run antihookexec in conjunction with autoruns and HJT.

you might find that you may have a rootkit, which is stealth malware.

rootkitty is included on UBCD, you need a windows xp installation disc to make a UBCD though. UBCD can be used for many diagnostics including unimpeded virus scans. rootkitty does two scans, one when windows is booted is loaded normally, you save teh results to a text file, and another scan when booted with UBCD, save teh results to a text file and compare them. its finds discrepencies, or hidden software.

rootkit revealer searches for api hooking, which finds user mode rootkits.

icesword finds dkom rootkits and other kernel mode rootkits

darkspy is a superior rootkit finder if used correctly. it installs its own rootkit so to speak to hide itself. it has different modes and does and online offline scans.

gmer is a kernel mode anti rootkit app, it find the most common types of hooking

these will produce false posatives because they are heuristic scanners, not definition based. so do scans and make logs and post them on legitimate IT help sites.

one thing to remeber is before removing a rootkit, remove its startup entry first with HJT or autoruns if you can. reboot then you can do your business. im sure if you find a good HJT forum they will have guides how to remove malware.

before doing any rootkit scans, disconnect from the internet physically. close down all security applications, like firewall, anti virus, anti spyware. this is to minimise false pasatives.

prevention is better than cure:-

get rid of avg it is absolute rubbish. weather you like it or not is iirelevant it just does not do a good job at all. use avast. its free and has anti rootkit GMER technology

also download sandboxie, there is an explination with simple pictures to what it does on its homepage. it catches 99% of browser based nasties. use it in conjunction with your browser
problem is when you run your browser all its application data is loaded into teh sandbox, so any changes you make will be made to the sandboxed version, this includes bookmarks, noscript rules, etc. so when you delete it your bookmarks etc will be lost. to get round it you can make a batch file to run before you delete it. bookmarks for firefox are stored in a file called sqlite, search for it. im not sure where ie stores its bookmarks as i dont use it, and i have yet to find out whene noscript stores its rules.

use firefox(because its better) with:- - blocks scripts which is a common way to transmit malware. easy to use. - Web Of Trust, provides ratings on weather a website is trusted or not, its is a top program. keep it updated to be effective.

last but not least
hostman - if you keep it regularly updated it will simply block bad websited. how it does it is through your HOST file foud C:\windows\system32\drivers\etc\hosts it can be opened and edited with a text editor.
after updating you might find that a website youw ant to use is blocked, like myspace for example. open your hosts with a text editor and press ctrl + f, this will prompt a "find" box. type and delete all the entries for myspace. then save. that is the basics of editing your host file.
anythin you want to block, use teh format that is already there, there will be thousands of entries made by hostman. note hostman does not need to run constantly, only when updating.

phew, hope this helps. i passionately hate malware =)

Collapse -
and more..
by Nightmares0nwax / October 20, 2008 8:59 AM PDT
In reply to: are you ready ??

i guess i forot to mention that if you still cannot use some administrative tools chances are that it was no correctly removed. best to be certain.

Popular Forums
Computer Newbies 10,686 discussions
Computer Help 54,365 discussions
Laptops 21,181 discussions
Networking & Wireless 16,313 discussions
Phones 17,137 discussions
Security 31,287 discussions
TVs & Home Theaters 22,101 discussions
Windows 7 8,164 discussions
Windows 10 2,657 discussions


Your favorite shows are back!

Don’t miss your dramas, sitcoms and reality shows. Find out when and where they’re airing!