Page 2 of 2 FirstFirst 12
Results 11 to 14 of 14

Thread: Windows XP Pro broken - Help please

  1. #11
    Join Date
    Dec 2011
    Posts
    8
    Quote Originally Posted by jholland1964 View Post
    Before I do Is there some way I could update the mbam data manually?, like copying an entire mbam folder from an updated uninfected machine???

    If you have an uninfected machine then Why are you using a zip file to store these files? That makes no sense whatsoever. Why are you using Filezilla? All you need is a clean flash drive. You can easily move files from a flash drive to a computer.
    My Windows will not recognise flash drives or CDs when booted in normal mode, it only recognises them in Safe mode.


    Quote Originally Posted by jholland1964 View Post
    No need for zip files. Unzipping a file may be all this infection needs to react. The act of unzipping IS a running process.

    A zipped file will not necessarily remain clean. Everytime you unzip it then it is open and the files inside can become infected. Many infections spread via zipped files.

    You were not told to put any files into a zip file. You were told to use the executable files, not from a zip file.
    ...
    You are making this all the more complicated than it needs to be by doing things that are not listed in ANY steps...keeping the Task Manager open for one thing. That is a running file which may interfere. EVERYTHING except the ONE rkill should be closed. Nothing else should be open. None of those other rkill files should have been running.
    OK.. no zip files, no task manager from now on!

    Quote Originally Posted by jholland1964 View Post
    The instructions are very clear. The files don't go to any temporary folder. The file directly to the desktop, either via downloading using Safe Mode with Networking OR moving them from a flash drive to the infected computer.

    Quote Originally Posted by jholland1964 View Post
    RKill only terminates RUNNING infection processes it doesn't remove them. It doesn't remove other files that are not running.

    You don't ever run all of them UNLESS ONE of them doesn't work. Then you move to the next ONE not all of them.

    If ONE works then the others don't need to be run.

    Once ONE works then you move forward to do MBA-M and not one held in a zip file but a brand new clean copy either downloaded via safe mode with networking to the infected computer OR by transferring the brand new CLEAN MBA-M install file (not the entire program) to the infected computer and installing it.
    Ok, but It is not clear how I can tell that one WORKED...
    I run it, it shows the expected dos box, says it's killing stuff please wait... after a couple of minutes the dos box disappears then pops up the Notepad with the log file. I assume that's success? but maybe not what you mean by "worked"?

    Then I tried mbam and it failed to start... does THAT mean the rkill did not work?

    If yes then what is next step from here? Reboot and try again with a different rkill?
    or just move on to the next without rebooting as I thought I reaD (maybe I read it wrong)

    Quote Originally Posted by jholland1964 View Post
    If you really wanted assistance you would have followed ONLY the steps given, not anything else.
    By continually re-using the same "dirty" files is defeating everything. mba-m.exe should NOT have been running at all prior to rkill being run, it should not have been showing in the running processes. It should not have been started until rkill was finished and it DOES show you that it is finished.
    If it's not what I described above... In what way should it show that it's finished?

    Quote Originally Posted by jholland1964 View Post
    Your computer has an EXTREMELY dangerous infection on it as noted by the file found by MBA-M in your initial run and that is the Trojan.SpyEyes in the family of password stealers and remote access trojans.
    It is an infection that can enter the computer via a zip file, P2P file sharing, OR, visiting remote, crack and keygen sites. Obivously the removal of the ONE file by MBA-M did not remove the full infection, if it had you should not be having to still try to remove it.

    This infection injects code in legitimate files and in many cases the infected files (which could number in the thousands) cannot be disinfected properly by your anti-virus program or likely other removal programs either. When disinfection is attempted, the files often become corrupted and the system may become unstable or irreparable. The longer the infection remains on a computer, the more files it infects and corrupts so the degree of infection can vary.

    Since you have not even followed the instructions as given I am sure this infection has taken an even deeper hold on your computer.
    Your best bet at this point is a reformat and reinstall of the system.
    I am sorry to provoke your wrath, I appreciate your help and advice. I have tried to follow the instructions but have hit hurdles, and tried to overcome them by seeking ways over the hurdles, sorry if that complicated things.

    Sorry to have wasted your time. I guess I'll be re-installing from scratch then

    Thanks again, and good luck!

  2. #12
    Join Date
    Aug 2006
    Location
    The Middle
    Age
    71
    Posts
    4,079
    My Windows will not recognise flash drives or CDs when booted in normal mode, it only recognises them in Safe mode.
    Who said you couldn't use Safe Mode? I have said Safe Mode with Networking several times.

    I run it, it shows the expected dos box, says it's killing stuff please wait... after a couple of minutes the dos box disappears then pops up the Notepad with the log file. I assume that's success?
    yes, that means it worked.

    Then I tried mbam and it failed to start... does THAT mean the rkill did not work?
    No, it means that the MBA-M file was not a new file downloaded AFTER rkill worked.

    The steps must be done in a very specific way, if they cannot be done as written then posting back to say you could not do something would have been the way to go. If certain things do not work then very often there are other specific ways things should be done or other programs that could have been run in the place of those.
    Your system is now obviously very damaged and the truly easiest thing for you to do is the full reformat and reinstall. There is no way now to be 100% certain that this infection has not "dug down so deep" that it will continue to plague you. It IS a personal information and password stealer so all of your personal files and information are at great risk. The quicker you do the reformat/reload the quicker you will be back up and running. But be sure you change all of your passwords and also notify any banks or credit card companies that you may have used online with this computer, all of those accounts are at risk.

  3. #13
    Join Date
    Dec 2011
    Posts
    8
    I could not use safe mode + networking,
    although it seemed to boot, the network was not in fact reachable.

    anyhoo the disk is formatting as I write
    Although some work was lost, I feel a great relief that this ordeal is over

    Thanks once more, and power to your mouse!

  4. #14
    Join Date
    Aug 2006
    Location
    The Middle
    Age
    71
    Posts
    4,079
    As folks who know me also know I rarely recommend reformat IF it is possible to get things going as they should, however with this...well in the long run it will be a faster fix for you, plus your system should run like new.
    Have you done this before?

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •