Virused PC and a fix

SHARE this post!

I was handed a PC a while ago to help fix. It was not a work PC but instead one that a director had at home that was not working and I forgot about it until this week. What a mess. I wanted to write about this problem because the troubleshooting was a little complex and I got to use tools that I had not used before.

A Virus and a computer

First of all the PC was infected by more than one virus. The RPC connector would fail after a few minutes of use and the computer would reboot. I could not install any antispyware software or antivirus software because the installer service was corrupt and every time that I would drop Stinger from McAfee on the machine through a USB drive it would immediately get infected with the virut.b virus. Good thing was that when I plugged the usb thumb drive back into my main PC the virus would be found and removed from all of the files.

Fixing the virused computer

First I started the computer and hit F8 on startup so that i could have the choice to boot into safe mode. The great thing about safe mode is that it stops your computer from loading almost everything including viruses and spyware.

I downloaded combofix and ran it right off the USB drive. You will kill the program if you click in the Window while it is running but it goes on for about 20 or so minutes most of the time with apparently nothing going on and then finally it was done and rebooted the machine. ComboFix got the machine back to a usable state.

Next, I installed and ran AVG antivirus, I was not connected to the network and apparently did not have the latest virus definitions (they kind of hide them on the site for the free product) but I knew the machine had not been on the internet for over a month. As I ran the scan I found that there were a lot of files infected and in this case there is nothing you can do about that as the files are now junk, fortunately it was only executables and not user generated files so I knew that I could just do a reinstall later.

After the AVG scan and delete I rebooted the computer and tried to log in. I would log in and the computer would just log off right away. I rebooted and tried again with a different user and the computer would log in and again the computer logged off by itself right after I logged in. I knew that the AVG would have probably dumped some system files so I knew that this could be part of my problem.

Repair of Windows

I researched and found that the problem also may be caused by junk in a registry key and since I could not access the computer I decided to do my non repair repair of Windows XP. To do this I just to an install and when early in the install process it says install or repair I say install, next it will see that I have a current Windows installation and I can choose to repair this one. Really all that happens is that Windows apparently puts all the files it knows it should have back in. All programs should still work and not documents are overwritten in my experience (boot with a Windows Ultimate Boot CD and back up to USB if you are worried about data loss)

Using the Ultimate Boot CD

After the Windows reinstall I still had the same problem so I knew that I would have to try something else, hack the registry.

I booted up with the Ultimate Boot CD and could not see the current hard drive (how many problems can I face on one machine?) I went into computer management and was that the drive was recognized but did not have a drive letter assigned so I called it the c: drive I then imported the registry of HKEY local machine from c:\windows\system32\config grabbing the software file.

Now that I was in the registry I was able to navigate to:

\microsoft\windowsnt\currentversion\winlogon and the key that was userinit should point to c:\windows\system32\userinit.exe

The problem is that this is exactly what it already said, so I knew that there had to be another problem. I went to the windows\system32 folder and found that userinit.exe did not exist (what was wrong with the reinstall?) and I just dropped the one from the Windows ultimate boot cd and rebooted, this time i was able to successfully logon.

Now that I was logged onto the machine I saw that MS Office was not working but all of the user files seemed to be fine. I ran the System File checker from the run box using sfc.exe /scannow and after putting in my Windows XP disk again it seemed to fix any problems after about an hour.

Why not just reformat the computer?

Now after about three hours the computer seems to be good except for the reloading of office. This is about the normal process that I go through for fixing a PC. As much as it would be nice to just format and install Windows I know that often it is not about getting Windows or even programs back but the most important thing to people is getting files back. In this case it was data in iTunes that I could not access but often it is pictures or music or email.

The first step in any computer resurrection process has to be the goals and reason for it. It is usually very easy to get user files off of a system onto a USB thumbdrive with the Windows Ultimate Boot Disk and then just do a reinstall of Windows. In this case if it was not for the iTunes songs I would have gladly formatted and installed Windows.

13 thoughts on “Virused PC and a fix

  1. Hi there, everything is going well here and ofcourse every
    one is sharing facts, that’s really excellent, keep up writing.

  2. I’m not sure where you’re getting your info, but good topic.
    I needs to spend some time learning more or understanding more.
    Thanks for wonderful information I was looking for this information for my mission.

  3. Hey There. I found your blog the usage of msn. This is a very neatly written article.
    I will be sure to bookmark it and return to learn more of your useful information. Thank you for
    the post. I’ll definitely comeback.

  4. Its like you read my mind! You seem to know a lot about this, like you wrote the book in it or something.
    I think that you could do with some pics to drive the
    message home a little bit, but instead of that,
    this is great blog. A great read. I will definitely be back.

  5. Hello there, I found your web site by the use of Google at the same time as
    looking for a related subject, your website came up, it seems to
    be good. I’ve bookmarked it in my google bookmarks.
    Hello there, simply become alert to your weblog thru Google,
    and found that it’s really informative. I am gonna watch out for brussels.

    I’ll appreciate in case you continue this in future.
    Lots of other folks shall be benefited from your writing.
    Cheers! adreamoftrains webhosting

Leave a Reply

Your email address will not be published.