Windows Legacy OS forum

General discussion

I had the win32.zafi.b virus & now cant boot up

I got a lot of information from the internet, what finally got the virus was Avast. I then loaded my purchased kasperskey & restarted the computer. Everytime it starts it goes through the start up but then I see a quick flash of blue then the safe start up mode comes up. The laptop will only start in safe mode. I remember avast asking me about files in the windows\system32.. I said to delete them. Could I have deleted something that is causing the computer to not boot up? What do I do about this? The only other thing I remember that may or may not be an issue is I was prompted to install hardware. I thought this maybe another virus so I declined & restarted my computer. The only hardware I used was a usb drive that I'd used before on the computer. I used the usb drive to upload the avast software to the laptop. I have tried to remove the Kaspersky protection but I can't. Unfortunaely I purchased this laptop from someone a few years back & dont have any of the restore disk. The laptop is running windows xp professional with sp2 installed (registered copy). The laptop is a Dell lattitude D600. I am in no way computer savvy so if there is something else I should list please let me know.

Thanks in advance

Discussion is locked
You are posting a reply to: I had the win32.zafi.b virus & now cant boot up
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: I had the win32.zafi.b virus & now cant boot up
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
How to see that Blue Screen.

In reply to: I had the win32.zafi.b virus & now cant boot up

That blue screen that you see flashing by may be important. It is called the Blue Screen of Death, (BSOD), and will display when a fatal error is encountered. (The term "Fatal error" does not necessarily mean what it implies). The BSOD can hold important messages relating to what caused the error, and any STOP error codes.

When a computer does display a BSOD the only recourse is to make a manual note of the message, then turn the computer off using the switch on the case, but seeing what that message says is important.

Windows is normally set to "restart" on a system failure, and that's why you don't see the message, but you can prevent that. When you are next booted into Safe Mode, find your "My Computer" icon on the Desktop display or in the Start menu, and right click it. Then select Properties.

In the System Properties window, click the Advanced tab, then under "Startup and Recovery", click the "Settings" button. In the new window, remove the tick under System Failure where it says "Automatically restart". Click OK/Apply/OK.

Now you can reboot, and if the system halts with a BSOD, make a note of the message, including the STOP error code, and report back here.

Other things I would do.

1] Disconnect all USB devices before booting up, (except your mouse and keyboard if they are USB).

2] Try another anti-malware tool called MalwareBytes Anti-Malware, (MBAM). It is a free utility. If you cannot download and/or install it on your laptop, download the file and the manual update on another computer, and copy it to a CD and transfer it to this one. Full instructions are in Marianna's post here;
http://forums.cnet.com/5208-6132_102-0.html?forumID=32&threadID=320206&messageID=2927328&tag=forums06;posts#2927328

If you can run a full scan with that in Safe Mode, that would help.

Let us know how you get on.

Mark

Collapse -
WOW!! Thanks!

In reply to: How to see that Blue Screen.

This is what I get...

A problem has been detected and windows has been shut down to prevent damage to your computer

DRIVER_IRQL_NOT_LESS_OR_EQUAL

If this is the first time you've seen this stop error screen, restart your computer. If this screen appears again, follow these steps:

Check to make sure any new hardware or software is properly installed. if this is a new installation, ask your hardware or software manufacturer for any windows updates you might need.

If problems continue, disable or remove any newly installed hardware or software. Disable BIOS memory options such as caching or shadowing. If you need to use safe mode to remove or disable components, restart your computer, press F8 to select Advanced startup options, and then salect safe mode.

Technical information:

*** STOP: 0x000000D1 (0x00000000,0x00000002,0x00000000,0xF8C1CF69)


So, I already tried to remove the software & it wont let me in safe mode. I'm not sure what hardware unless it didnt recognize the usb for some reason. Again I'm not the best at this stuff so any help would be further appreciated. The usb drive is not installed, so how do I remove the software/hardware install?

Thanks Mark for you time.

Collapse -
I think I may know...

In reply to: WOW!! Thanks!

I went to the add hardware & there are 3 "?" all of them say the say: The drivers for this device are not installed ( code 28). The only hardware was again the usb stick used to download virus protection software. I will begin to search the net for the software fore the PRETEC usb stick. Still any help is appreciated. Oh is there a way I can just remove the hardware, I tried right clicking but nothing happens. I tried having windows install but no luck. I got the usb drive so long ago I'm not even sure it cam with software. I even tried installing the usb stick which it reads but still no luck.

Collapse -
It may not be the USB ports

In reply to: I think I may know...

Without that USB stick connected the problem may not be the USB ports as they would be inactive. At least, that is what it seems to me, but I am not a technical person.

I would be reluctant to tell you to delete any entries in the Device Manager such as USB. The problem is you have no XP CD, and so re-installing drivers particular to that laptop means hunting them down, probably from the laptop manufacturer. That missing CD is going to be crucial at some stage, possibly now, and you need to address that.

Do you have any other USB devices connected? If not, then we look at the STOP error message again, and it says new hardware, or software is properly installed. So, if you have not installed any 'new' hardware, (don't count a USB stick, that is just an external device and not new hardware installed internally), then we look at any new software installed.,

But here is the other problem. You also mentioned that you told Avast to delete files from the System32 folder. Since System32 holds most, if not all, the important divers and other files that make the Operating System work, deleting files from there is always difficult. With the original XP CD you could perform a 'Repair Install', but that is impossible without that CD.

Can you still access Avast in Safe Mode? if so, is it possible that you just told Avast to quarantine those files, and not delete them? If you did, then you could re-install them from quarantine.

I have just re-read your first post and realized something. The BSOD first appeared when you installed Kasperskey and then restarted the computer.

That makes me wonder if there is a conflict between Kasperskey and Avast. If so, my suggestion would be to remove Kasperskey.

If you cannot boot into Normal Mode to remove Kasperskey, then you must do it in Safe Mode. One way would be to try a System Restore, back to a date/time just before installing Kasperskey.

If that doesn't work, (is System Restore turned off, or has it been disabled), then try removing Kasperskey through the Control Panel > Add/Remove Programs.

If that fails, then you get to remove/delete Kasperskey the hard way. You delete all Kasperskey folders in Program Files, check for any folders in your Documents and Settings folders, (and for good measure in other Document and Settings folders), and delete those, then visit the System Configuration editor, (Start > Run, type in msconfig and click OK), and remove any ticks for Kaspersky in the Startup tab.

You may have to edit the registry as well, but we will leave that for now.

Try that, and let me know how you get on.

Mark

Collapse -
I tried what you mentioned Mark..

In reply to: It may not be the USB ports

I tried what you mentioned but I still can't delete kapersky it keeps saying it maybe running.. I removed the ticks for it in the start up but it still did the same thing. I know that I have windows XP pro SP2, is there a way to get the CD? or the software?

Collapse -
UPDATE

In reply to: I tried what you mentioned Mark..

While surfing the net for fixies, I came across a snp shot of someones D600 device list. I'm missing the monitor in my device list. Also I can only go into safe mode but when I try to go into safe mode with networking the blue screen pops up with the same information as previously posted. going to the dell site now to get the drivers for the monitor...

Collapse -
Stopping the Process or Service

In reply to: UPDATE

If Kaspersky is still running in Safe Mode, then you need to either stop the Process, or stop the Service.

You can stop the Process in the Task Manager. Either right click the Taskbar and select Task Manager, or press CTRL+ALT+Del at the same time. When the Task Manager window displays, look for all or any Kaspersky processes, highlight them, then click the End Process button. It may help to click the column header for "Image Name" once to list the processes in alphabetical order.

If that doesn't allow you to delete the software, then look at Services. Goto Start > Run, type in services.msc, and click OK. A window will open listing all services, and you can highlight any of them, double click, and change the Startup type to Disable, then under Service status, stop the service.

In both of these, the problem is identifying which process or service is Kaspersky.

I take it that System Restore didn't work? If not, what about the option in the Safe Mode list of options for "Last known good configuration"?

I wouldn't worry just yet about that "missing monitor" in Safe Mode. It could be a consequence of running in Safe Mode, because in that mode only generic devices and drivers are loaded; eg, there are no graphic drivers loaded, and that is why the display is so large and lumpy. It is in VGA mode. Many devices will not list in the Device Manager.

However, being unable to load windows in "Safe Mode with networking" is more worrying. I am going to guess that Avast deleted some critical system32 files.

Is there any way you can get an XP CD? Yes, but it would be retail, and it may mean a complete re-install. Even then, you would need to find all the drivers yourself, as Microsoft doesn't do that very well.

I have to say, this is not looking good.

Mark

Collapse -
OK UPDATE...

In reply to: Stopping the Process or Service

With much of your help Mark, Ihave done some learning. I now know that the 02Micro Smartcardbus_reader drive is missing. This is resposible for network, correct? I was able to get the VGA driver installed but for some reason I can not install anything related to network drivers. I keep getting an error in a box titled Windows installer that "the system administrator has set policies to prevent this installation". I am the only user on the laptop & I checked I have Admin status. The only other user in safe mode is admin but I tried in both my login & in the admin login & still I cant download the driver. Is there a setting that I dont know about?

Collapse -
Also...

In reply to: Stopping the Process or Service

I have the windows debugger downloaded to my usb drive but it wont let me install this either stating the same error as previously mentioned. So the issue is I cant download certain software because of some admin setting

Popular Forums

icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

SMART HOME

This one tip will help you sleep better tonight

A few seconds are all you need to get a better night's rest.