Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

Resolved Question

Windows vista virus help?

by Jan 26, 2013 2:52AM PST

Hello,

My windows vista computer recently started logging us off as soon as we logged in. It still let us access the administrator account, yet I could not do much from there.The problem still persisted when I rebooted into safe mode.

<div>I went into the registry and found the userinit file, and it had another path. It linked to a strangely named file, within a strangely named folder in the admin accounts appdata/local folder. I changed the userinit back to the default one, C:/Windows/System32/userinit.exe, but as soon as I confirm it, it re-adds the appdata/local file. I deleted the file, yet whenever I reboot it re-generates itself.

I also discovered that the virus blocks access to microsoft sites, antivirus sites, and other sites which could be used to destroy it (e.g. bleepingcomputer.com). It also stopped me running anti-virus software. It disabled the windows security center. I tried to restart it manually from the services.msc, but there was not a service listed as security center.

Also throughout all the tests, MS security essentials kept telling me to restart, run a scan, and that everything was 'ok'. I uninstalled it eventually.

<div>I tried to run MBAM, and it would not run. I used the chameleon feature, and that started MBAM. I ran a full system scan, and it detected serveral things (including one which edited the userinit registry file). It deleted them all and told me to restart, so I did. Once it had restarted I tried to log in to the accounts which were not allowing access, but it failed. Infact, it didn't seem to do anything.
</div></div>
I attempted to run SUPERAntiSpyware, and tried to update it as it was really outdated, yet it would not connect to their servers to update, as the virus was blocking it.

Another thing I did was to check the hosts file but it was unmodified.

So there is my massive list of problems and failed solutions, does anyone have any idea how I could fix this?

P.S. Do not know if this will help, but it doesn't seem to be infecting other computers on the same network, as I'm currently on my Win7 laptop, which is fine.

Discussion is locked

stickman5758 has chosen the best answer to their question. View answer
5 Posts
- Collapse + Expand Details

Best Answer

- Collapse -
Restore to factory settings
by Jan 26, 2013 3:02AM PST

If you don't have a full system backup (which everybody should but many don't), I'd copy any data I wanted to keep and then restore to factory settings. You should've burned the discs needed to do that when you computer was new, but if you didn't, you can contact your manufacturer to see if they will send them to you for a small fee.

When you've gotten your system back like you want it, I urge you to get yourself an external hard drive and a good 3rd party backup program. You can set it up to do everything automagically at the time and frequency of your choice. 1 TB external hard drives are about $70 these days and a really good FREE backup program is the Easeus todo backup free which you can download from
http://www.todo-backup.com/products/home/free-backup-software.htm . That can save you a lot of time and frustration the next time something like this happens. Sooner or later it happens to all computers for one reason or another.

Good luck.

- Collapse -
Restoring...
by stickman5758 Jan 26, 2013 3:30PM PST

Well I was worried that I was going to have to reset it, but I'm not sure if we have a factory state backup, because when we first brought the computer it was our first one and we were not brilliant with them...

I do know that we have a backup, but that is only of some files and is not external, so may have been infected as well. I'm also not sure how recent it is, which may be another problem.

I will search around for backup discs and stuff, and get back to you. If I was going to get my files off if I didn't have a backup, surely the drive I put them onto will carry the infection? Is there any way of saving my files? I don't really want to infect this laptop as well Silly

Could you link me to a site which can tell me how to restore to factory settings, or is it a simple thing in control panel?

Thanks Happy

- Collapse -
Try Windows System Restore or safe mode
by jishnub Jan 26, 2013 10:10PM PST

You can try windows system restore facility.Restore your OS to a date which you feel you were not having a problem and do a regular scan using your antivirus and antispyware .

Another option I feel is boot into safe mode and a do a system scan.

- Collapse -
All Done!
by stickman5758 Jan 26, 2013 10:17PM PST

Thanks, I tried a system restore and it worked, updating everything and will be running virus scans now! Thanks! Happy

- Collapse -
Answer
Keep in mind that some virus damage is so deep
by Forum moderator Jan 26, 2013 2:59AM PST

That you have to get the user's files out then start over. An example is that recent ZeroAccess Rootkit. Here's the discussion -> http://forums.cnet.com/7723-6132_102-578886/zeroaccess-rootkit-symptoms-found/?tag=contentBody;threadListing

While I know how to fix that one it required the Microsoft issued OS DVD and a paid version of an antivirus of a specific company. The owner in one case could never get said DVD and in the next case they decided to start over.

Until we know the name of the pest, removal or writing much else is a dead end. Until the name is known, prepare for a reinstall of the OS.
Bob

Back to Spyware, Viruses, & Security forum

CNET Forums

Operating Systems
Software
Electronics & Gadgets
Hardware
Tablets & Mobile Devices
General Help
Brand Forums
Roadshow Autos
Off Topic

Other Forums

Forum Info