trojan attack - XP - safe mode only - no ping

[GooeyGUI]

Would you trust a system that you think is thoroughly infected even if you think it might be possible to attempt a recovery? As it stands, I'm not out much if I just reinstall XP.

I went through the tech support line (twice) but they weren't able to fully restore the system.
Eventually I could only boot in safe mode and I'm unable to ping anywhere.

I can run the command line still, but I have other PCs on my network which I'd like to keep safe. That's why I am disconnecting it from our net until it's cleaned up. Hopefully, it didn't spread to our other PCs.

All the attack warnings being spit out by McAfee anti-virus seemed too little too late. Even after the tech support cleaned up corrupted files, it still failed to reinstall and scan w/o error. Then the system just went belly up after 5-6 reboots during the whole process.

Any suggestions? The worst loss for me is a longtime game that will be lost, recent bookmarks, and a few images. (most are backed up)

TIA

 

[mechBgon]

As we learned in food-service training... when in doubt, throw it OUT. I'd nuke it and make it basically impossible to run Trojans next time.

 

[RebateMonger]

If you can boot into Safe Mode, you should be able to copy your bookmarks and the rest of your files onto a USB flash or hard drive and copy them onto the new Windows installation later.

When you hook the USB flash or hard drive back to the new PC, be sure that AutoRun for these drives is turned off in Windows, or it's possible you could infect the new system. As long as XP SP3 and the latest Windows Updates are installed, you should be safe. But intall AntiVirus first before connecting the USB drive.

 

[GooeyGUI]

Originally posted by: RebateMonger
If you can boot into Safe Mode, you should be able to copy your bookmarks and the rest of your files onto a USB flash or hard drive and copy them onto the new Windows installation later.

When you hook the USB flash or hard drive back to the new PC, be sure that AutoRun for these drives is turned off in Windows, or it's possible you could infect the new system. As long as XP SP3 and the latest Windows Updates are installed, you should be safe. But intall AntiVirus first before connecting the USB drive.

That sounds like what I was thinking. My problem is that I can't figure out which exact Mozilla files to save. There are none displayed that signify whether the file is the correct one or not. I suppose that is a separate forum and question.

Also, I rarely use flash drives as I'm seldom AFK , or I'm still kicking around the house. I suppose asking about turning autorun off is a separate question as well.

I have to find our USB drive first.

 

[tzdk]

http://kb.mozillazine.org/Prof...ox#Windows_2000_and_XP shows where to get places.sqlite - I assume you use Firefox 3.x

You can most likely remove infection but may be easier to start from scratch.

First thing to do is probably to remove Mcafee using their removal guide and tool http://service.mcafee.com/FAQDocument.aspx?id=TS100507 Repairing AV which let computer get infected and which itself could be infected/damaged wont help much - or not enough.

Think I would try my luck with a rescue-cd from Avira http://www.free-av.com/en/tool...vir_rescue_system.html if no magic happens then start over. After having saved most important files. Even if Avira removes whatever, fix boot and let you go online many things could still be broken. But you could at least run better tools than Mcafee, like Malwarebytes, SuperAntiSpyware - when they know infection they are point&click solutions or as close as you get. Will still have to spend much time scanning/fixing/checking to be 100% sure all is really gone and XP is pure MS.

If you want to restore regardless of time spend may be contact one of those malware removal forums? Like http://www.bleepingcomputer.com/forums/forum22.html there are many of them.

 

[puffywulf]

I would format the whole thing. Better to be safe than to try to recover your files. The infection may have completely corrupted your files that even if you back those files up, once you put it in a clean system, it'll just reinfect it again. If you must have those files, I would burn them on a CD (remember to disable AutoPlay on the clean system), then put an up to date antivirus on the clean system. Then scan the CD for potential viruses/malware/rootkits etc.