Infected with Antivirus Action, need help removing

[strep3241]

Recuva just finished scanning and it did not find any files from the second drive. It found all kinds of files on the first drive but nothing that I needed from what I can tell.

Could it be possible that the drive needs to show up under my computer or recuva will not detect that drive?

 

[lxskllr]

Yea, AFAIK the drive doesn't exist as far as Recuva's concerned.

 

[strep3241]

Should I take a change and go ahead and format the drive so that it will show up under my computer? Or don't format it and try linux or take the drive somewhere.

If I try linux, what do I need to download? What would linux be able to do? I am guessing I need to burn it as a iso file? Again, is all this a waste of time if the drive does not show up under my computer?

 

[RebateMonger]

If the disk is showing up in Disk Management (albeit as an unpartitioned or unformatted disk), that should be all most data recovery software should need.

 

[strep3241]

I just found another program called File Scavenger and so far it is looking good. It shows a list of files that it finds during scanning and all the files that I really need are showing up.

I am not sure but I may have to pay for it to be able to recover the files but it would be worth it.

 

[mechBgon]

WHS keeps track of each PCs network and disk drivers (the drivers that are critical to do a recovery across a network) and stores them in the WHS backups for each PC.

Since the recovery routines in WHS are from Vista, you can load the network and disk controller drivers onto a USB flash drive and load them when requested by the WHS recovery routine. No need for a floppy drive even when recovering an XP client.

The other "non-critical" drivers (video, sound, chipset, etc.) come along as part of the full system restore image, so no need to reload those drivers after the restore is completed.

The reason I suggested doing a "dress rehearsal" is that of the systems I've got attached to WHS right now, I've seen two different showstoppers during recovery:

1. One computer has the NIC listed in WHS Recovery's device list, yet it cannot connect to the server. It's an onboard Realtek. I tried the drivers from WHS's stash on a USB drive, no dice.

2. The other computer doesn't have the NIC listed, and neither the drivers from WHS's stash nor the official driver sets from Broadcom can make it show up in WHS Recovery. This system's our new point-of-sale server, the one system where I'd really like to have an ace in the hole.


Solution: I bought a couple Intel PCI-Express gigabit NICs from Newegg. I have to supply the drivers on a USB drive, but they do actually work


memoryram, I guess now you see why I was explicit about unplugging all the other drives except the boot drive Sorry I mentioned DBAN, it's normally overkill unless you've got some over-the-top malware.

 

[lxskllr]

Another free choice is PcInspector. If it sees the files, you don't have to pay to get them back...

http://www.pcinspector.de/default.htm?language=1

 

[strep3241]

I should of known about unplugging the other drives. What makes me mad is when I first started having trouble with dban, I even thought about unplugging the second drive but I did not. What a mistake that was. I am not blaming anybody but myself for this one. Hey, you live and learn, right? I I will definitely learn from this one.

Right now I am scanning with File Scavenger. If I don't have any luck with that, I will try PcInspector.

Thanks for all the help, I really appreciate it.

 

[strep3241]

Well I have some good news. It looks like File Scavenger found all the files that we were needing and many others, 107,000 files all together. We got the files recovered and so far things look good. I have not gone through every file yet but the ones I did work fine. The program costs $50 to recover the files but well worth it. Would I be able to use this on any computer with the same license?

This is one thing I don't understand. It shows the date the file was last modified and a few files shows a date of 1986. I know we have not had this hard drive that long. How is it picking up a file from 1986?

 

[lxskllr]

I'm glad it worked for you. You'll have to read the EULA for license terms, and to what extent you can use the program. Once you get all the files backed up, it might be a good idea to try several file recovery programs to see what works, and what doesn't. I'd especially try the 100% free ones. That way you'll have the information for future use if you run into a similar problem again.

As far as the dates go, I don't know. Maybe the information got screwed up along the way, and it was assigned a default date.

 

[strep3241]

Now I have another problem. I am trying to install Windows updates and it will not install SP3. About half way through the installation, a message comes up saying file could not be loaded, then says SP3 did not install correctly, press ok to undo the changes that were made.

I have tried twice now with the same result. Should I try downloading SP3 from Microsoft's website?

 

[lxskllr]

Sure. That's what I would try first. If that doesn't work, I'd try reinstalling XP again, then see if it updates ok. No point in fighting with a brand new install.

 

[strep3241]

Well I just reinstalled XP again using the full format this time, I used the quick format last time since I was in a panic. I am still having trouble installing SP3. As soon as it starts to update the registry keys, it says setup can not find the file and has to undo the changes.

The Windows XP we install has SP2 included. After I installed Windows, it installs several updates before it gets too SP3.

I have tried downloading from microsoft's website and did not help. I don't know what to do to get it to work. I never had trouble in the past installing SP3. What would cause SP3 not to install? Could it be a hardware issue? How big of a deal is it to just keep running SP2? I really do not want to reinstall Windows again. I would rather not but I don't know what to do besides taking to a shop.

What about installing software before installing SP3? The only thing I installed is Bitdefender and the sound driver.

 

[lxskllr]

Does it specify what file it's looking for?

 

[strep3241]

No it does not specify a file. As soon as it gets to the point where it starts to update the registry, the installation screen goes away and says setup file could not be found and it starts undoing the changes it made.

Would it hurt anything if I do not install SP3?

 

[lxskllr]

No it does not specify a file. As soon as it gets to the point where it starts to update the registry, the installation screen goes away and says setup file could not be found and it starts undoing the changes it made.

Would it hurt anything if I do not install SP3?

I don't think so, but you really should be fully patched. Too bad the error message isn't very helpful. Maybe someone will come along that can point you in the right direction.

Edit:
A quick Google says that installing in safe mode is the way to do it. I dunno, I never did, but it can't hurt to try.

 

[mechBgon]

No it does not specify a file. As soon as it gets to the point where it starts to update the registry, the installation screen goes away and says setup file could not be found and it starts undoing the changes it made.

Would it hurt anything if I do not install SP3?

Microsoft isn't making any more security patches for systems that don't have SP3, so it's going to be pretty important. Try a System Restore back to before it installed any other stuff, and try installing SP3 using the full-file installer (not from Windows Update). (yeah, and if necessary, you could try it in Safe Mode).

Any good?

 

[Ken90630]

Re your dad getting infected "all the time," there are typically a handful of ways to get infected:

1) Being connected to the Web with the firewall turned off (you'll be infected to the gills in a matter of minutes)
2) Opening infected e-mail attachments
3) Being tricked, by phishing e-mails, into going to a Website that is infected. From what I've read, this is now the fave tactic of cyber crooks. People are gullible, and they know that.
4) Visiting infected Websites that are intentionally or unintentionally serving up malware (some are designed to do it, while others are legitimate sites that have been hacked). X-rated sites and file sharing sites are notorious for serving up malware, particularly spyware.
5) Being tricked by fake pop-up ads that claim your PC is infected and you need to "click here to remove" the virus or whatever. Others claim your PC is "running slow" and suggest you "click here to optimize system speed" or use similar verbiage. They are themselves malware.
6) Plugging in an infected flash drive or floppy disk

Use mechbgon's excellent guide for PC security and you should reduce the attack surface to almost zero. I'll just add that Spyware Doctor outperforms SuperAntiSpyware and all other anti-spyware apps in terms of both detection and removal capabilities. Webroot's Spy Sweeper is a close second. I've used SD for several years now and it often detects malware that other a-v scanners miss entirely. You can actually use it in tandem with a good a-v as long as you turn off its real-time monitoring (or turn off the a-v's real-time monitoring). Also, 64-bit versions of Windows are the most secure because they are ostensibly immune to rootkits, arguably the worst kind of malware (and certainly the hardest to detect and remove).

Ditch AVG. It is not as good at proactive detection as some of the top tier apps like NOD32, MSE, Avira, BitDefender and eScan. Norton sucks at proactive detection, and McAfee is even worse.

Know that once you're infected, it's too late. Nine times outta ten you have to reformat and re-install Windows because most malware nowadays corrupts the registry to the hilt and often overwrites Windows' .dll (dynamic link library) files too. Undoing those things can sometimes be done manually, but results aren't guaranteed.

And like mechbgon says, Acronis True Image is a great idea. He turned me on to it a few years ago and I've had great success with it too. At ~$35-40 it's really cheap insurance.

 

[Ken90630]

Re the probs you're having installing SP3, I've seen the same thing happen on systems where the hard drive has bad sectors on it. If it were me, I'd run CheckDisk before trying to install SP3 again. It only takes about an hour and can't hurt anything.

I've also seen service pack installations fail when the CD was scratched, but that doesn't apply here.

You could also run System File Checker to see if any Windows files are corrupted. There shouldn't be any after a fresh Windows installation, but there could be if something went wrong in the process. I've never had much luck getting SFC to actually fix damaged files (trying often makes things worse), but if it shows there are some, you know you have a problem that probably needs to be fixed before going any further with SP3.

 

[strep3241]

I finally got SP3 installed. I had to download it seperate from Windows updates and install it in safe mode.

Thanks for your help.

 

[Ken90630]

I finally got SP3 installed. I had to download it seperate from Windows updates and install it in safe mode.

That's great, but the fact that you had to use Safe Mode would seem to indicate that something still isn't quite right with the new install. But hey, if everything seems to be working okay, maybe whatever it is isn't that serious (?).

 

[strep3241]

I have a feeling that is was the antivirus causing problems. I am using Bitdefender Total Security.

 

[Ken90630]

I have a feeling that is was the antivirus causing problems. I am using Bitdefender Total Security.

Yeah, that was most likely the culprit. Out of curiosity, you should have been able to temporarily turn off/disable BitDefender via the icon in the System Tray, install SP3 in normal mode, then re-enable BitDefender after a reboot. Did you try that and did it fail, or did you just go straight to Safe Mode to install SP3?

BitDefender performs very well, BTW. In A-V Comparatives' recent rounds of testing, it had high detection rates both with known malware and with its proactive detection. And it did so with few false positives (no easy trick). Kaspersky A-V was also really good for awhile but for some reason had significant issues with false positives in AVC's last round of testing.

 

[strep3241]

Well there was no way of disabling it in the system tray. I did try it with just the antivirus turned off and it didn't help. I should of tried it with the firewall disabled. I was looking for something like resident shield to disable bitdefender all together but did not anything.

 

[Ken90630]

Well there was no way of disabling it in the system tray. I did try it with just the antivirus turned off and it didn't help. I should of tried it with the firewall disabled. I was looking for something like resident shield to disable bitdefender all together but did not anything.

Yeah, maybe the BD firewall blocked it. Who knows ....

You probably could have disabled it from within Services.msc, installed SP3, then re-enabled it in Services.msc. But that's just as much trouble as going into Safe Mode, so not much gain there. Plus it doesn't really matter at this point since all's okay now.

You did turn the Windows Firewall off, right? (Since you're using BitDefender's.) No need to run two concurrently.

Out of curiosity, did File Scavenger find all your files, and did you have to pay the $50? And what was your impression of it, in terms of ease of use, interface, etc.? I tried RescuePro awhile back on a friend's flash drive, with mixed results, and I'd like to find a better app for data recovery.