Rogue Antivirus 2010 aftermath Help Please

[Mr.Mike]

Hi all, Basic Facts: Dell Dimension 2400, XP Home, Pentium 2.4Mhz, 1GB Ram My Client clicked "accept" on Latest version of Antivirus 2010 and then decided against using it, but too late. Virus caused screen to loose all icons and mouse became unresponsive. Booting with UBCD allowed me to inspect the registry for bad keys but there were none matching multiple lists for infected keys or files. I ran SuperAntiSpyware and CCleaner in the UBCD environment. SAS found and removed: Tracking cookies (410), rootkit.unclassified /USBHHub (8), A Malware Trace (1), and (1) Trojan.Agent/Gen - FakeAV. After removal and restart, I got a BSOD that read: Stop: 0x0000007B (0xF78BC528, 0xC000034,0x00000000, 0x00000000. I could find no reference to this one in Microsoft Help & Support. "Last Good Configuration" still got the same BSOD. I then tried to boot in safemode. Safemode was black with no icons and unresponsive mouse (although the familiar "safe mode" letters were in each corner of the screen). Then I tried UBCD XP recovery console and tried CHKDSK /P and FIXBOOT. Restart still had BSOD. Next I took an original XP Home CD and attempted a Repair of Windows. When Setup was installing device drivers, an error window announced: "The file ialmnt5.sys on Intel Extreme Graphics Window 2000/XP installation Disk is needed" (with a dropdown window to select the correct path). At which point the mouse became unresponsive so I could not select the paths suggested in a dropdown box. I tried inserting a path to a known location for the correct dell driver, but alas, no keyboard shortcut is available for "click OK".This froze the repair process completely. After another reboot to the UBCD environment, I opened Device Manager which showed the typical Yellow Question Marks for video device drivers, audio, etc. At this point, I decided to slave the HD and run Malwarebytes, Spybot, and got nowhere. Would anyone care to suggest a next step? I try not to use the forum to ask for help, but this time it has me stumped. Thank you in advance for responding.

 

[ajc196]

Do you have a Hiren's handy? Boot to the live XP and run Registry Restore Wizard, going back maybe a few days. That will cancel out the Repair Installation you started and get you back into Windows. You may have to reactivate. That will at least get you somewhere, the OS will still probably be quite corrupt but at least you'll not be stuck in the middle of a Repair Installation anymore...

 

[Mr.Mike]

AJC196, Thank you for your kind and timely response.

I assume a Hiren's is a bootable program to burn to a disk that allows you to run a registry restore wizard? I'll do a web search and look for a download.

 

[gazza]

Hi all, At this point, I decided to slave the HD and run Malwarebytes, Spybot, and got nowhere.

What do you mean by got nowhere?

 

[Mr.Mike]

What do you mean by got nowhere?

Hi gazza, by got nowhere, I mean no malicious files were found. Sorry for not being clear on that point.

 

[gazza]

I would definitely run a scan with a Kaspersky or Avira live cd and see what they find or try what a previous poster said and try restoring the registry to a date prior to the infection using a MSDART 5.0 boot disc.

 

[Mr.Mike]

I would definitely run a scan with a Kaspersky or Avira live cd and see what they find or try what a previous poster said and try restoring the registry to a date prior to the infection using a MSDART 5.0 boot disc.

I downloaded and ran the registry wizard. The result: the system was restored to where it had beed, i.e., Windows grassy hillside (bliss?) photo with no icons and an inactive mouse. First, I'll go back further for restoration (tried Sept. 15, 2010). Next I'll download your suggested Kaspersky / Avira software, and try MSDART. Thank you gazza.

 

[Mr.Mike]

Follow up: Client located their Dell XP restore disk. I ran repair function and got all her data back. However, after downloading SP2 and SP3 the CPU speed has slowed to a abysmal crawl. I'll probably throw another stick of ram in and do a good cleanup and see if that does the trick.

Hi all, Basic Facts: Dell Dimension 2400, XP Home, Pentium 2.4Mhz, 1GB Ram My Client clicked "accept" on Latest version of Antivirus 2010 and then decided against using it, but too late. Virus caused screen to loose all icons and mouse became unresponsive. Booting with UBCD allowed me to inspect the registry for bad keys but there were none matching multiple lists for infected keys or files. I ran SuperAntiSpyware and CCleaner in the UBCD environment. SAS found and removed: Tracking cookies (410), rootkit.unclassified /USBHHub (8), A Malware Trace (1), and (1) Trojan.Agent/Gen - FakeAV. After removal and restart, I got a BSOD that read: Stop: 0x0000007B (0xF78BC528, 0xC000034,0x00000000, 0x00000000. I could find no reference to this one in Microsoft Help & Support. "Last Good Configuration" still got the same BSOD. I then tried to boot in safemode. Safemode was black with no icons and unresponsive mouse (although the familiar "safe mode" letters were in each corner of the screen). Then I tried UBCD XP recovery console and tried CHKDSK /P and FIXBOOT. Restart still had BSOD. Next I took an original XP Home CD and attempted a Repair of Windows. When Setup was installing device drivers, an error window announced: "The file ialmnt5.sys on Intel Extreme Graphics Window 2000/XP installation Disk is needed" (with a dropdown window to select the correct path). At which point the mouse became unresponsive so I could not select the paths suggested in a dropdown box. I tried inserting a path to a known location for the correct dell driver, but alas, no keyboard shortcut is available for "click OK".This froze the repair process completely. After another reboot to the UBCD environment, I opened Device Manager which showed the typical Yellow Question Marks for video device drivers, audio, etc. At this point, I decided to slave the HD and run Malwarebytes, Spybot, and got nowhere. Would anyone care to suggest a next step? I try not to use the forum to ask for help, but this time it has me stumped. Thank you in advance for responding.