roommate botched XP, ideas?

[QueBert]

He had something called pcprotect which he tried to remove, here's what he ran and here's what happened.

Spybot, Malwarebytes, SuperantiSpyware, Hijackthis & Roguekiller.

He claims he only removed the stuff the hijackthis.de where you paste the log told him too. And with Rougekiller he said he did something to the DNS because it was showing an error. Well, now it's got no internet. I tried to do a system restore, but all 3 points I've tried it gets to the end and says it was unable to perform it. Trying to repair the net connection doesn't work. I tried netsh int reset in a command prompt but when we reboot it's still showing a ! in the tray icon.

I suspect it's something that Rougekiller did, but I have no idea what to do to reverse it. When I use to have network issues like this in XP the netsh always fixed it.

The PC's still infected, it has no optical drive and when we plug a USB stick into a port it pops up a error and the drive can't be accessed. At this point I'm at a lost what to try next.

Any ideas would be lovely.

 

[MagnusTheBrewer]

At this point, nuke and reinstall.

 

[Smoove910]

Is it possible to do a system restore to a previous time?

can you ping www.google.com?? Can you ping 8.8.8.8??

 

[C1]

How about the 1394 port?

Can you do anything in safe mode?

If it were me, I would do an OS repair.

 

[Fardringle]

At this point, nuke and reinstall.

yep

 

[MagnusTheBrewer]

It sounds like the winsock is fubared. http://support.microsoft.com/kb/299357
Honestly, it's easier to reinstall.

 

[Charlie98]

Honestly, it's easier to reinstall.

Yup. Hope he had his files backed up somewhere else.

 

[silicon]

Nuke the current installation and reinstall.

 

[JManInPhoenix]

Nuke the current installation and reinstall.

X2

 

[Gunbuster]

Nuke the current installation and reinstall.

Pull his hard drive out. Hook it up to a SATA to USB cable or dock. Copy off files they need.

Then... Nuke the current installation and re-install.

 

[corkyg]

As long as you are in ther nuke and reinstal mode, why not put in a more "alive" OS such as Linux or Win 7?

 

[Matt1970]

XP would be IE 8 max. You could try a reset. Malware sometimes borks some settings that the removal programs can't fix.


1.Close any Internet Explorer or Windows Explorer windows that are currently open.

2. Open Internet Explorer by clicking the Start button Picture of the Start button, and then clicking Internet Explorer.

3.Click the Tools button, and then click Internet Options.

4.Click the Advanced tab, and then click Reset.

5.Select the Delete personal settings check box if you would like to remove browsing history, search providers, Accelerators, home pages, and InPrivate Filtering data.

6.In the Reset Internet Explorer Settings dialog box, click Reset.

7.When Internet Explorer finishes applying default settings, click Close, and then click OK.

8.Close Internet Explorer.

Your changes will take effect the next time you open Internet Explorer.

Other than that:

nuke and reinstall.

 

[MagnusTheBrewer]

XP would be IE 8 max. You could try a reset. Malware sometimes borks some settings that the removal programs can't fix.


1.Close any Internet Explorer or Windows Explorer windows that are currently open.

2. Open Internet Explorer by clicking the Start button Picture of the Start button, and then clicking Internet Explorer.

3.Click the Tools button, and then click Internet Options.

4.Click the Advanced tab, and then click Reset.

5.Select the Delete personal settings check box if you would like to remove browsing history, search providers, Accelerators, home pages, and InPrivate Filtering data.

6.In the Reset Internet Explorer Settings dialog box, click Reset.

7.When Internet Explorer finishes applying default settings, click Close, and then click OK.

8.Close Internet Explorer.

Your changes will take effect the next time you open Internet Explorer.

Other than that:

That's good advice for other system files but, won't help a corrupted winsock. Did anyone mention nuke and reinstall?

 

[John Connor]

Back in my XP days I refereed people to this little baby. http://www.snapfiles.com/get/winsockxpfix.html

Now comes the hard part of getting the app on there since you have no USB. Try safe mode. Lack of USB tells me something really got hosed. I would go into device manager in safe mode and uninstall the Chipset and USB drivers and let Windows reinstall.

This is Windows 7 but in XP it's the same. Look under device manager in Control Panel.

 

[babcom]

Assuming you have a CD/DVD player/writer, on another PC with a CD/DVD player/writer, burn the installer for John Connor's Winsock XP app. Temporarily install a CD/DVD player into the affected PC and install. Not too sure about how to fix the malware, maybe try Combofix or a boot rescue disk from Kaspersky or other A/V provider?

 

[Steltek]

Gunbuster has the easiest suggestion -- I'd just pop the hard drive out and install it for access on another system. You can then try to run a disinfection regimen to get rid of what you can. Before you put it back in the original system, also copy the contents of the XP CD i386 folder to the drive so you can use it to run a new install if needed. It probably wouldn't hurt to also copy the winsock repair utility along with some stuff like ComboFix, TDSSkiller, and Malwarebytes (Anti-malware, Chameleon, and Anti-Rootkit) to the drive as well in the event you still wish to try to repair the existing install.

I do agree with Corkyg, though - a new OS would be the better option since you are going to all this trouble. Things are really going to get bad for XP users in the next 6-12 months as the malware authors are likely going to focus on them.