[Gordon]

Got two unrelated problems. PC is running on Windows XP.

FIRST PROBLEM
My PC is sending out more packets and it isn't recieving anything. The internet connection is completely jammed. When I run MalwareBytes it finds four errors. These four errors are repetitive and usually when they are fixed and the PC is restarted the problem is temporarily solved.

Quote:

Registry Keys Infected:

• HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servic es\synsend (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:

• HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servic es\BITS\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemRoot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully.
• HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servic es\wuauserv\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemroot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully.

Files Infected:

• C:\WINDOWS\system32\Drivers\str.sys (Rootkit.Agent) -> Delete on reboot.

SECOND PROBLEM
I deleted all 'Search Assistant' occurences in the Registry. Now I realize that its the Search of Windows Explorer. So basically there is no 'search' in my Windows now.

[wildon]

either you update/repair the windows os using online/cd or just use the restore feature if enabled.

Start> All Programs> Accessories> System Tools > System Restore then select a back date and restore.

[Gordon]

Quote:

Start> All Programs> Accessories> System Tools > System Restore then select a back date and restore.

Oh thats the THIRD PROBLEM
My System Restore is blocked. Gives an error: "System Restore is not able to protect your computer. Please restart your computer, and then run System Restore again."

Restart does not help. I've tried numerous other ways to get it working all to no avail.

[hemanthisgreat]

Quote:

Originally Posted by Gordon

Oh thats the THIRD PROBLEM
My System Restore is blocked. Gives an error: "System Restore is not able to protect your computer. Please restart your computer, and then run System Restore again."

Restart does not help. I've tried numerous other ways to get it working all to no avail.

Run system restore in safe mode (press f5 when starting the pc), it will work.

[NetfreakBombay]

Easiest way is to format+reinstall. Since it is very difficult to know which areas (boot/registry) have been affected.

[HappyWheels]

Rootkit is it; I would go with what NetFreakBombay says.

It is more than just about the affected areas, but more on what has been done so far.

Rootkits have a nasty way of stealing your information. Not to scare you, but I would strongly recommend that you change the password of your online transaction portals from another clean machine.

Do not do a system restore, since I am certain that even that might be infected. But then, you are not able to restore, which is good.

[coolfyre]

Quote:

Originally Posted by NetfreakBombay

Easiest way is to format+reinstall. Since it is very difficult to know which areas (boot/registry) have been affected.

+1
This is the best way to get a clean install of Windows XP.

[ksethuram]

This looks like a serious attack of malware/ trojans. Do not do any online transactions through this PC.

If you have any data to be recovered, try copying them to a USB drive and then do a clean format and re-installation. Once you have re-installed, install a good virus scanner suite and then scan the USB for virus, clean it and then copy back all your stuffs.

Please do not use any non original operating system discs which says they are OEM and they do not want any activation (i have come across a few) as they come with malwares put in already. Not all hackers do things for free.

To stay away from virus i suggest moving away from Windows and using ubuntu which is open source. I personally use Ubuntu for banking transactions and photo editing eventhough i have Windows 7 in the other partition.

[wildon]

Another Solution is Log in as Administrator and delete the current user name/profile.
Just give a try. Just make sure that important files are kept in other drives .

[SirAlec]

Do! one thing. Download Hijackthis and post the log! will advice the best possible solutions.

ALso if its not solved please download Teamviewer and tell me when is that you are online. will solve it from my office. Mostly weekdays after 3.30 pm.

This offer stand for all team bhpians.

Thanks

kenden

[wildon]

Also
http://go.trendmicro.com/housecall7/...llLauncher.exe
Its a online free service from Trendmicro and will removes if any virus left.

[HappyWheels]

@SirAlec,

I would have suggested the same and gone with this route, but with a rootkit, best not to take chances.

Would be good to do this only if the computer is a no-way-i-am-formatting category.

And yes, TeamViewer, free for personal use, is a wonderful tool.

@Wildon,

Deleting the user profile is of no use. The rootkit is not stationed there. And yes, TM's house call is good, but not a one-stop-shop. Heck, none of the anti-virus are a one-stop-shop, for that matter.

[Gordon]

Wow. Thanks a lot guys for the help. Seems my only option is format and reinstall. The PC was first attacked by the 'Full House Driver' virus. It blocked task manager, captured internet explorer homepage, wallpaper. I suspect this virus to be the root cause of all problems.

I've used the following already:

• Free AVG
• Lavasoft Ad-Aware SE
• MalwareBytes AntiMalware - only after using this one did the Full House Drive virus became soft. Whateverr was blocked opened up, but the drive is still on the desktop.
• CCleaner
• Microsoft Antispyware
• HiJackThis
• Registry Winner - evaluation, so the cleaning option wasn't available.

Any recommendations on a simple free easy-to-update anti-virus and anti-malware software for the new XP to be installed? CCleaner is good and I will install that.

[wildon]

Quote:

Originally Posted by Gordon

Any recommendations on a simple free easy-to-update anti-virus and anti-malware software for the new XP to be installed?

Try this Avira AntiVir Personal - FREE Antivirus

Its known to be good and comes with every Toshiba Laptops.

also have a look here to find more freewares
MajorGeeks.com - Download Freeware and Shareware Computer Utilities.

[aaggoswami]

1) Reinstall OS. They way you have described the problem, its not worth to try new tricks.

2) Buy Kespersky as its relatively cheaper to buy and is not very heavy on resources. The free versions will not have all the features that we usually get in paid version.

3) Avoid any bank transaction during this period. This is quite risky.