Virus Update

Anywho, I tried or had already many of the suggestions yall posted. The reason it would not AND STILL WILL NOT run in safe mode is the Backdoor Prorat and W32NetSky combined messed up my boot files and each time it tries to booot in Safe Mode it gives the white on blue screen System Error message n shuts down n reloops and never starts. I start it in safe mode but it shuts down due to corrupted files. With Moicrosoft n myslef n all your help, it still can not boot there despite F8 depsite changing the boot.ini in Sys Config despite DOS and alll else Microsft n me n your help threw at it grrrrr rrr

The thing is now its like closing the barn door AFTER the cows out. My boot files n other criticals have been compromised by the virus WHICH ALSO HAS SOME ANTI REMOVAL THINGS GOING ON and Regedit cant fix it till I get in Safe Mode with Sys Restore and other things OFF. As of now I had the latest updated Norton n XP Service Pack 2 all running BUT NORTON MISSED IT N CANT REPAIR IT NOR CAN BULLGUARD OR MCAFEE. The websites have a manual removal system using regedit and I tried them all but they arent gonna work till I can fix safe mode. Microsoft highest level is posed to call but Im afraid the cure now is to FORMAT grrrrr rrrr. WE already re booted off the XP disk and ran repair n rebuild and all that registry stuff and DOS fixes but Backdoor Prorat is still there. Of course, the infected files C:/Windows/System 32/ reginv.dll and winkey.dll cnat be deleetd or renamed or moved with Windows or DOS or regedit nor can Norton or McAfee or Microsoft fix it.

I have decided Norton n McAfee etc are the mass market Ford/Chevy yuppie products but Trend Micro (or Micro Trend??) and Computer Associates (CA) eTrust may be better. I bought CA eTrust but cnat install till tomorrow. Still, every brand of on line scan isnt removing Backdoor Prorat or the infected dll boot files nor deletign or quarantining the problem. Ive worked with Sys Restore off and the Net off and and regedit and Sys Config Utuility and a boot disk and manual or minimal boots and with DOS and with Microsoft and NO CURES OR SAFE MODE YET. Ive tried all the brands web pages for the fix NONE WORK.

Its workign and NOT eating any files but its slowwwww wwwww w

In the future after Microsoft fixes it or I have to re format, I am gonna try Foxfire Browser,,,,, ,,,,run CA Associates eTrust Firewall,,,run eTrust AntiVirus,,, run eTrust and others Spyware (Pest patrol) PLUSSSSS SSS Partition my Hard Drive so the Operating System is in its own Partition and use Drive Copy so my second backup Hard Drive (I have 2 in my puter) can stand alone in case I have to reformat again,,,,, ,,,,, run Ghost like Clooney uses (its better then Sys Restore I bet) if I have to replicate my basic system n boot up files. Most of this I was already doing, but with Norton n Microsoft and Im have my critical files baked up on second HD or DVD Discs, but Im gonna upgrade after all this.

Sooooo ooooo ooooo ooo Im runnign but slow and hope Microsoft or CA eTrust can help more tomorrow. I suspect a format is in my future but Drive Copy n Partition my OS and Ghost adn a better brand of anti virus will, hopefilly, make it a lil easier the next time. I have to use my puter a lot in my law practice n hobby and am on line a lot so I gotta use the ultimate in safety I reckon.

Thanks n God Bless, yall, have a good one

John T

I have never used any type of anti-virus software. I never open anything of unknown origin. Just delete. The very clever things out there now are usually not picked up or stopped by a lot of the software available. To this day, I have never had any virus/worm problem. Just lucky I guess.

Your problem is interesting as I cannot boot in safe mode either. WinXP SP2. I have no symptoms or anything wrong with XP. However I cannot boot in safe mode. Curious.

Most web sites are written for the PC so there is some Mac incompatibility.. The latest Mac operating systems are better & most web sites are more Mac friendly now..

He had a hard time adjusting to my windows PC as the systems operate differently from folder hierarchy to the file movement options..

For sure Mac is more virus secure as hardly anyone writes virus programs against the Mac.. They’re not totally safe though as my brother got a worm from a fellow teacher’s disk transfer & it pretty well trashed his hard drive data..

If you set it up correctly, & keep a good virus protection working in the background, & password any drive partitions you have file sharing turned on for, & keep the security updates updated, you shouldn’t have any problems with a PC…

Personally I never liked the Mac as they aren’t very business friendly & most of my Widows office programs, Cad programs, Photo shop programs, & OCR programs won’t work on a Mac…

You just need to keep your ports secured & watch what you open & a windows PC won’t cause any problems..

Clooney

If you do have a active virus, it may still infect the new Boot REcord, but this may allow you to boot up in Safe Mode first.

If you do have the boot diskette, I beleive the command is:
fdisk /mbr

If you need to boot up from the Win XP CD, I beleive it is on the CD as well, but I am not certain what directory it is in. I belevie it may be in the i386 directory, but will check on that as soon as I can.

Hope this helps and Good Luck
larrypaz

I listen to the Kim Komando show, shes a hot babe but I dont like her referring to herself as the Digital Godess lol

John T

Becareful when you load Norton and eTrust on the same computer. I just purchased a new P4 3G with XP SP2 and eTrust already loaded for my office. I was not familure with eTrust and I had Norton System Works 2002. So I decided to load it and update it as my subscription was about up. Norton 2002 is supposed to be compatable with XP. When it loaded and the computer went to start I got to the final screen on Start up Norton and eTrust got into fight and locked every thing up. I mean everything . The mouse would move and what ever you clicked it would just set ther and look at you. I could restart with the reset button or by turning off the power switch and then the same thin over. This happened WED. morning about 10:45 AM and I finally got The comuter started to where I could operate about 3:00 PM Sat. MY Basic programs are there but the ones that I had loaded are not there. I know they are still on the computer because I saw them in a Dos type window. I had to go in this way and rename Norton Directories to get It Started. As for windows 98 SE being better I have ran it for 4 yrs with no trouble on my old Computer. However this past week I recieved 3 diferent worms. Updated Norton stopped them and was able to get rid of 2 of them but it has the 3rd one in quarentine. and I ran Norton Virus Scan from the internet and it did not find them. I guess I will find out in the morning whether I can run or not. By the way I do have the 2nd hard drive in all of my computers for a backup. However there is only 1 out of three updated. You know how that is! Good luck on getting your straighened out.

John T

Glad you're (at least sort of) back - been following your troubles - too bad they don't happen to those generate these problems.

At least a slow John T is better than no John T!

Regards,
Duane

Turn on “Show Hidden Files”

With the windows default of (don’t) show hidden files,, an E-mail attachment of {My Tractor.jpg.exc} would look like {My Tractor.jpg} to you if the attributes of the .exc are hidden.. You really need to see the entire extension to know what you are getting..

Clooney

Clooney I keep it on show hidden files n folders amd I keep my start up clean of all programs except anti virus and have sys restore off. I had another boot disc and copied a new one off the web sites you posted and she can boot up and boot up (off System Configuration) in the mininal diagnostic load nuttin mode. HOWEVER the problem now is, the web sites have this reg edit procedure to rename n delete the virus added files etc BUT THE ONES THAT USED TO BE THERE ARE NOWHERE IN SIGHT NOW. Remember before they were there n I delected them before in normal mode BUT THEY CAME BACK. Now even the folders they were in (RegEdit) ARE GONEEEEE EEEEE Still, the nasties C/Windows/System32/reginv.dll and winkey.dll are there and can NOT be moved or renamed or deleted in Windows or DOS saying they are in use grrrrr rrrrr rrrr

Right now shes runnin pretty well, the only isue is when you uninstall n reinstall Norton (using it till tomorrow) AND THEN ONLY AFTER IT KICKS IN TO ITS AUTO PROTECT MODE do you get the BackdoorProrat Virsu warning pop up WHICH IT CANT FIX.

Like Clooney said, how much time do I have?? Its workoin decent so Im not worrying till I get CA eTrust running and talk to Microsoft next week and the boot discs will start it and I can start in minimal BUT THE REGEDIT REPAIR dont work as they are goneeeee eeeee e and no search (includign hidden etc) finds nuttin. Heck, for all I know its fixed now, its running good again??? but the only way you even think its bad is Norton PopUp flag which will not clear. if I take Norton out of start up you see no indication of a problem now. I read on the BackdoorProrat16 virus n it talks about anti removal running and how it restores itslef, it may still take a format grrrrr rrrrr.

Thanks again, I dont wanna bug you much more but will keep yall posted on what happens next week. I gotta work on that *&^^%%$$#@ Ford 460 a lil more n practice some law to make money for tractors n puter stuff lol

John T PS Thanks Duane, a slow JT is better than no JT ??? Some may argue that point lol

Then go into your bios & turn on “boot view” (that’s not really what it’s called but I can’t remember the correct name) so you can watch it load line by line on your screen during boot up.. (basically turn off your windows pretty boot screen)

As far a editing your registry,,, you probably won’t be able to modify an entry that is being used but can dump out a (copy) of your registry & modify that in another place then re-copy it back into your registry to replace the corrupt one. CAUTION: if you aren’t familiar with this it can up & bite you so be careful..

Clooney

I let Norton run a full deep scan but it still pops up Found Backdoor.Prorat virus and the infected files are C:\Windows\System32\reginv.dll and winkey.dll and it cant repair or delete or quarantine nor can I with Windows or DOS or nuttin.

One last question n I will let ya REST, you know any way to rename or delete or move or hide those 2 infected files???? I tried all i know including under DOS but access is denied and cnat do nuttin sayin they are in use. AND THATS WHEN I BOOT N LOAD NO SERVICES OR PROGRAMS OR NUTTIN BUT MINIMAL You know that story, Im sure u been there before.

Im still hopin CA eTrust may fix it tomorrow and maybe I will not have to format. HOWEVER I have that new clean boot data from Microsoft where you referred me and it starts right up but still got them (*&^%$# 2 infected files (or so it says) and they are still there.

I will look close at my boot.ini but from what I saw of the downloaded boot and command lines ITS THE SAME I ALREADY HAVE

Take care n thanks again John T

There are also some free programs like Reg Clean that can be used to keep the unused entry’s cleaned out of your registry.. That probably won’t remove infected ones though..

There are some programs out there that will repair your registry problem like “PC rescue” (look on line for it or at your local computer discount place).. Probably safer than playing games with your registry..

As far as that slow access to the internet? Your computer could be sending things out that you don’t know about so taking up some of your band width. That is one of the traits of a Trojan horse type of infection..

Clooney

Did you try to copy a new (non corrupt) boot .ini file into your root folder?? If not try that..

Not sure what you did for a floppy boot disk but you might have to go into your bios & set the boot order to get it to find that & boot to it.. (try that)

Then go to this site --

Link

& down load a GOOD basic XP boot disk & FORCE your system to boot to that.. If it finds your system boot ini first it will probably try to boot to that & you gain nothing..

TURN OFF any system restore you have running (do it)..If you have any type of restore running & it has those corrupt files stored (probably does by now) it will think any proper files you have are incorrect & overwrite them with the corrupt files (again & again & again) ..

Turn on “SHOW HIDDEN FILES”,,, if those (any) corrupt files have hidden attributes you can’t see them so can’t rename or remove them.. “SHOW HIDDEN FILES” is turned off by default in windows..

I haven’t ever had a system that I can’t repair but I usually repair them out of spite more than anything else as it can in most cases take less time to re-format & re-build than to repair a deeply rooted corrupt system..

Its repairable,, now how much time do you have?

Good Luck

Clooney