ok i dont know if i'm putting this in the correct place, but anyway.
Switched on my computer today and about 25 file not found error boxes came up on the screen, i imagine as this was because my computer was trying to put on programs that usually run straight away but im not sure. Anyway i can't access any of the programs on my computer, it keeps saying "file not found" and then "no admin rights". I also noted that there was another box that said something about doom 3 crack, this worried me, can anyone tell me whats wrong and what i can do? Should i do a system restore or something?

Moved to Applications & Security

i cant even do a system restore, apperently i have no admin rights. Have i got a virus here?

Could be this:
http://www.sophos.com/virusinfo/analyses/w32spybotdl.html
A worm that spreads via Kazaa?

that's exactly what it is, thanks man.

right im pretty sure its a worm and im definetly sure it came from that doom 3 keygen i downloaded. Ive been trying to fallow the instructions on the link PrntRhd gave me but it's not working. Whenever i run "regedit" a window comes up thats all black with a little flashing key, like im supposed to type something, only i can't type anything in it.

Please download, install, and update the NEW free version of Ewido trojan scanner (http://www.ewido.net/en/download/):


When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".

When you run Ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.

From the main Ewido screen, click on update in the left menu, then click the Start update button.

After the update finishes (the status bar at the bottom will display "Update successful")


Perform a full system scan and fix all that it finds.

Post the results back here

The REALLY easy way to fix something like this is to restore a backup of your system partition, that was made when all was well.

If you don't have such a backup, and you want to do the fix shown in the link given by PrntRhd, then...

1. [b]How to make a free “Smart Boot Manager” floppy
http://www.pcguide.com/vb/showthread.php?t=41498
This makes it easier to boot a chosen drive [particularly the one holding the EBCD].

2. How to make a free EBCD bootable CD
http://www.pcguide.com/vb/showthread.php?t=41485
This has a number of useful utilities included including "Image" [for DOS, by Terabyte] & "File Manager".

You can use the EBCD from outside of Windows = Windows not booted.
a. Its "Registry Tool" can be used to make a backup of the Registry and edit the registry.
I'm not sure if it will access NTFS partitions [are you running WinXP?] and don't know if WinXP has its registry encrypted, but it's worth a try. [I've never used it with WinXP]
b. Its "File Manager" [or "Volkov Commander"] can browse the file system [even on NTFS partitions], and manipulate [e.g. delete] files.
c. The "Image" program can make [and restore] an image backup of any partition [even NTFS] to any other partition [but the destination must be FAT32]. You could make a backup of the infected partition before you begin working on it.

ok i tried to download that scanner that classic sent but when it had finished downloading that dam "file not found" box came up again, so i wasnt able to install it. I tried to read sylvanders post but infortunatley i have no clue of what he has said and dont know how to do anything he recomends. I am obviously not very good with computer jargon, so is there anymore help for me please.

When you download it, don;t download it to the desktop. Pick a different location.

Boot into safe mode and try to install it from there & let me know what happens.

how do i pick a different location?

When you download, it asks where to put it, navigate to a folder on the c-drive.

Right click Start to get into Windows Explorer, choose New, Folder, then name it ("Ewido") and then install to there.

it doesnt give me a chance to put it anywhere. at the very second the download finishes it goes straight into that window "file cannot be found"

In the mean time, let's try the on-line scanner (http://www.ewido.net/en/onlinescan/run/)

the oline scanner didnt work. Two bars filled up and then nothing happened

Let's try an on-line scan at housecall (http://housecall.trendmicro.com/)

the virus seems to have stopped, but still every time i try to get into any programs like limewire a window came up saying "Windows cannot find" blahblahblah "make sure you typed the name correctly". Also once the housecall on-line scanner had finished cleaning the viruses it said something about not all viruses removed or something, should i re-try the scanner or what now?

i just found my kazaa share folder which was absolutely huge, it was even too big for the recycle bin, i think somehow files were getting into it. But i never even knew i still had it. Anyway ive deleted that but the problem still persists. I still can't get into any of my programs. It just keeps tellin me that it cant find the programs. Could it be that the housecall scanner deleted programs when it was cleaning the virus?

Not likely, just that the worm messed up things really good. SDbot worms are particularly nasty, network-aware worms. You do need to take precautions while removing the worm to prevent any other PCs from harboring it on a LAN.
I am hoping one of our heavy hitters has a unconventional method to get the removal programs loaded. Any chance you can burn a disk on a clean PC with the Ewido program, since it won't download/install?

Now that the housecall worked, try the Ewido on line scan again.

ewido scanner still doesnt work, i wouldnt really know how to go about copying it onto a disk on another computer but maybe someone i know will.
So , ill try and get this copied. The strange thing is that i can get into some programs from my documents. For example i found a shortcut to a guitar track that i had recorded which led me into my recording program which i cant get into from the desktop. Is this normal?

Can you run the program from the start menu? Can you browse to the folder and click on the icon for the program instead of the shortcut

nope i can't get in from the start menu either. I spent a lot of time deleting old crap from my comp, files i thought id deleted. I found more crack files like "Fifa 2005 crack" but they were in my windows folder on that C:\ drive thing. I tried to delete them but it says that another program or person is using them. Could anyone tell me how to delete them and if that will help.

I just read this today and I fear that your system is so corrupted that you may not be able to recover it... When you mess around with P2P, cracks and keygens, you are inviting the scum of the earth into your system and they have set up housekeeping... If you have done ANY financial business on this machine and used passwords or account numbers for anything, it is likely that people you would not like now have that information... If you have used any of those options, you need to contact the companies in question to close accounts, change passwords and otherwise try to protect yourself from losing everything...

I am not clear if you have been able to get into Safe Mode at all... Have you?? If you have, you can use a jump drive (USB plugin drive) to download HijackThis and other programs to run scans and load them from the jumpdrive... If you don't know how to get into Safe Mode - reboot and press F8 just before Windows starts to load... Choose the Safe Mode option from the menu that should come up... If you can't run the programs from Explorer, we can direct you through running them from a command line... Here are the instructions for running HJT, if you install it on a jumpdrive, just create a folder for it on that drive and open it into that folder:

To run HJT, extract it to a permanent folder such as one
you create like C:\HJT. Close all open windows and
browsers and make sure that all programs are enabled if
you use msconfig. Run it and Scan, then Save the log.
When the log window appears, Right click to Copy it, open
your browser and come here to Paste the entire log. Do
not make any changes until it is checked since most items
are either benign or essential to the computer.

http://www.subratam.org/main/index.php?option=com_content&task=view&id=19&Itemid=41

If we can't get some scans to run, the only option may need to be to wipe the drive and start over...

Ok that was a very frightening thought there Budfred, the banks will be contacted.
I got on safe mode but i couldnt get internet access so i couldnt downlaod hijack this.
How about wiping the hard drive and re-installing windows? Would that work?

Try do download the file onto another pc. Once Unzipped, Hijackthis will fit on a floppy.

right i will try on another computer. I was talking to the guy who sold it to me, he said something about the hard drive, i think he said to wipe the hard drive and then get hold of a copy of win xp and re-install, i think that was the gist of it. Would that work?

Starting over would always work. The question is how much time you would spend re-installing all of your programs and their settings vs getting control of this.

im a youngster, still in school, i have plenty of time. Ive already started seperating files that are needed in preparation for transfer to floppy disk, but i might try this HJT first. What i would like to know as a backup plan is wherther totally clearing a hard drive is difficult or not?

As long as you have all of the disks no, but chances of getting all of your files off by floppy is remote.

Post a hjt log

im not taking them all off, just the important word documents, like essays and notes. Its ok anyway, a friend took them off with one of those little potable things that go into USB. I shall see what happens. Thanks for all the replys anyway. If I have any more problems i'll lets yous know.

That portable thing that goes into the USB port is called a jumpdrive and that is what I was saying you could use to transfer programs to your computer...

If you are going to wipe the hard drive, make sure you completely wipe it, don't just reformat... You can use software from the manufacturer of your drive or a program designed to do a secure wipe... Then make sure you use a legal copy of WinXP so that you can update to SP2 immediately and get a suite of security programs installed to protect yourself from getting infected again... Finally, it is a really, REALLY good idea to stay away from cracked software and P2P programs... Even with an armored system, you will get infected if you mess with that stuff....

yeah ive learned my lesson, i'll never touch another keygen file again. Is there any way to manually wipe the hard drive? OR can't it be done with those cd's that you buy that just wipe it for you?

Download the free Eraser program:
http://sourceforge.net/projects/eraser

Killdisk = www.killdisk.com/downloadfree.htm [free, makes a bootable floppy]
...is the best I've found so far, and I have both "Eraser" and the "Darik's Boot & Nuke" zero-fill program on a floppy that it makes.
Killdisk does a particularly good job of displaying your HDD details and the partition arrangement, and allows you to zero-fill [single set of zeros, takes less time] either any number of chosen partitions, or the whole of the HDD.

i tried to download killdisk and save it to Floppy file. it downloaded and then something came that said "copying", so i imagine it was copying it to the floppy. Then i tried to open the floppy disk drive in "my comptuer" and it said that the disk could not be formated. Does this mean that i cant use it to clean the HD? Idont know if i was going about it the right way?

I would download it onto a floppy on your friend's computer... Your computer cannot be trusted to not infect or somehow mess it up... I would also toss the floppy you made rather than risk it infecting anything else...

"Then i tried to open the floppy disk drive in "my comptuer" and it said that the disk could not be formated."
Which method did you use to make it?
You should be able to see files like these.

i cant remember what one i picked, so i chose another one there. I picked the second one down from the top "Download Bootable Disk Creator For free version of killsdisk (USB Flash and Floppy)" It downloaded and then it looked as though it copied it too the floppy. Then i opened the 3 and half floppy folder in "my computer" and there was the killdisk file. I tried to open it but it wouldnt let me do it , just like all the other programs.That "cannot find..." message came up. Am i going about it the right way? Lets just say hypothetically that my computer was working, would you open the killdisk file from the Floppy folder in "my computer" and would it just delete everything there and then?

I am gunna go on a friends computer and download onto floppy a copy killdisk onto a floppy disc, could you guys tell me precisely what option to choose on the download screen in the link that sylvander gave me and then tell me what to do with it on my computer. I basically need a walkthrough.

HAHAHAHA YASSS! finally it's fixed, i got into the registry and changed some things that needed changing and it's fixed, even know there are still some viruses detected i can now get in to every one of my programs. It was all down to the exefile. It had been changed to run the virus every time i went into a program instead of running the program. At least thats what i thought.

oh and thanks guys for all the effort you put in, was much appreciated. :D

Great result! :D

Hey, I just noticed you're living in Glasgow.
Ever come across "Red Bee Society"?

By the way, below is an image of the Killdisk download link you should click on.
Then you save it to any convenient folder on your HDD [not to a floppy].
Then you "Open" the file [with a floppy in the FDD] and it write the files to the floppy to make the bootable disk.
Done using this method there will be slightly fewer files on the disk.

Here's the files on the floppy made using this method.

SpeckledJim,
I would still suggest posting a HJT log as this type of malware comes in bundles, particularly when contracted from the source you encountered. We are happy you are starting to get control of the PC again.
:D

no i havent ever came across the red bee society sylvander, what is it?
I'll get that HJT today and i already got ewido

Red Bee Society are a young Glagow band; my son is in the band.

Here are their gigs in January [6th Woodside Social, 19th The Arches, 22nd The Garage, 27th King Tut's] www.redbeesociety.co.uk/live.php
last night he gave us a couple of tickets for the King Tut's gig.
Do you ever go to band gigs?

Home Page, (www.redbeesociety.co.uk/) Forum, (http://www.redbeesociety.co.uk/forum/) A list of list of links to good free programs that I posted there. (http://www.redbeesociety.co.uk/forum/viewtopic.php?t=20&sid=324aa8d72643a7c548d199e0d73fb8e0)

yeah i play a bit of guitar myself , and i am going to see a band i know at king tuts at the end of january im not sure the date but it might be the same night as red bee society. Occasionally i do go see local bands so maybe i'll see them around if not at king tuts. Also i got a ticket for Clapton in may. yasss

You should boot to the floppy and use a command at the prompt.

Details at: http://www.killdisk.com/commandline.htm

eg: A:\>KILLDISK -eraseallhdds -erasemethod=6 -passes=7 -noconfirmation

If you have any problems and want an equivalent utility that will erase all hard drives in your system you could try Darik's Boot and Nuke (http://dban.sourceforge.net/). Make the floppy (or CD) - boot to it - enter autonuke at the command prompt - sit back till all zeroing is complete.

I think the free version of Killdisk only does one HDD at a time and only writes a single set of zeros. :(

But that's likely to be good enough anyway. :)

I think the free version of Killdisk only does one HDD at a time and only writes a single set of zeros
Well if that's not enough peeps can use DBAN for free and which is part of the National Nuclear Security Administration (http://www.nnsa.doe.gov/)'s suite of security tools.

I started off being quite keen on the idea of writing multiple patterns of 1's & 0's to the HDD using both Eraser & DBAN, but eventually I decided the time taken wasn't worth it.
So I now normally have Eraser set to write only one set of patterns, and I don't use DBAN any more.
The time I tried DBAN it was taking so long I terminated the process.
With Killdisk I wrote zeros to my c: partition and the time taken was acceptable.

It's all a matter of choice of course, and what suits your personal inclinations. :)

MERRY CHRISTMAS :D

I only ever "erase" using zeros with one pass because I'm only interested in "cleaning the code" and not in making all data utterly unretrievable. To be quite honest it is in most instances quite adequate to just zero the first track of the hard drive or even just write zeros to the partition tables or the mbr. Apps like mbrwork can do that from a boot floppy.

For those wanting to use mulitple passes DBAN is a good, quick and effective way of going though there are a multitude of apps that can do this sort of thing as shown at the bottom of the linked "Boot and Nuke" page above.

Eraser 5.3 from http://www.tolvanen.com/eraser/ was the last version released/supported by its designer before being taken over by heidi.ie at http://www.heidi.ie/eraser/download.php for which the latest version is 5.7. From version 5.6 on DBAN was included in the application.

These apps shouldnt be confused with EastTech Eraser 2006 (previously Eraser Pro) from http://www.east-tec.com/products/index.htm which although there is a trialware version is not freeware.

i tried to put boot and nuke on a floppy but it said that my floppy didnt have enough space, although i did buy these floppy's in 1995 shouldnt they still hold out?

Was the floppy already formatted before you tried to write the files using the program?

what do you mean formatted? i dont know what that is or how to do that.

Quote from the Win98 help files:
"To format a disk
If you are formatting a floppy disk, insert the disk into its drive.
In My Computer or in the right pane of Windows Explorer, click the icon for the disk you want to format.
On the File menu, click Format.

Notes
Formatting a disk removes all information from the disk.
You cannot format a disk if it is open in My Computer or Windows Explorer.
You cannot format a disk if files are open on that disk."

Formatting the floppy marks the magnetic coating as shown here:
http://computer.howstuffworks.com/floppy-disk-drive2.htm

Given that the issue is an infected hard drive, I would completely zero fill/wipe the hard drive once... Multiple wipes should not be needed....

What is the capacity of the floppy? Sounds like it might be single sided 0.72MB rather than the double sided 1.44MB which is the norm nowadays. You will definitely need 1.44MB diskettes for both the erasing apps already mentioned or for utility floppies from the various HDD manufacturers. The DBAN executable will write data directly to a disk (of the correct size) and since it copies an image to the floppy it doesnt matter how full or empty of data it was befoe the exe was run.

Notes
Formatting a disk removes all information from the disk. Bringing-in formatting at this time I think only confuses the issue and formatting (although "deleting" everything) only deletes files "from the file system" and doesnt delete the underlying data. That is unless it is a low level factory format that is being referred-to.

The way that the magnetic coating is marked is a complete irrelevance to this thread IMHO. What is important is to get the poster armed with a workable utility to nuke his hard drive; to nuke meaning to write any pattern of bytes at least once to the whole hard drive (or to the mbr as a minimum).

although i did buy these floppy's in 1995 shouldnt they still hold out?10 year old floppies!!! Wouldnt trust them with a barge pole. Get yourself a box of 1.44 MB floppy diskettes or leave floppies to one side and burn an iso to a CD.

"since it copies an image to the floppy"
1. I believed and am still inclined to believe that the "killdiskfloppysetup.exe" file is a "Self-Extracting zip Archive" that writes the contained files to the floppy disk, and not an image that gets written to the floppy. I assume the website failed to be explicit in specifying that the floppy should first be formatted.
2. The method immediately above that method involves downloading a zip archive [of files] that should be unzipped to a bootable floppy [first formatted and then made bootable].
3. The method immediately below the professional version involves downloading a bootable iso image used to burn the image to a CD to make it bootable. It is very explicit in mentioning when an iso image is involved.

The reference to "since it copies an image to the floppy" was with respect to DBAN, which SpeckledJim had had a problem writing to and not to KillDisk.

However, for what its worth, there is a .gzp floppy image file embedded inside the killdiskfloppysetup.exe file, which when executed unpacks the image and writes a FreeDOS boot sector to Sector 0 of the floppy followed by the rest of the image.
If you are using the killdiskfloppysetup.exe app you dont have to format or prepare the floppy in advance.

"there is a .gzp floppy image file embedded inside the killdiskfloppysetup.exe file, which when executed unpacks the image and writes a FreeDOS boot sector to Sector 0 of the floppy followed by the rest of the image.
If you are using the killdiskfloppysetup.exe app you dont have to format or prepare the floppy in advance."
Thank goodness someone like yourself is here; you have just taken my knowledge and understanding another small step forward.
I had been assuming that I had no problem because I was using a formatted floppy; and that SpeckledJim was having problems because his floppy wasn't formatted, which assumption I now know to be wrong.

"The reference to "since it copies an image to the floppy" was with respect to DBAN, which SpeckledJim had had a problem writing to and not to KillDisk."
I MUST try to read replies more carefully; and frame mine more carefully too. :(

ok the floppies i have are 1.44mb so im going to give them a shot despite their age. I noticed Sylvander say something about "first formatted and then made bootable" about the floppies. How would i go about making them "bootable"?

On Win98 [which OS are you running] I could do it a number of ways:
A) Both of the following at an MS-DOS prompt:
1. C:WINDOWS>format a: [It asks me for a "new" disk because mine is already formatted]
then...
C:WINDOWS>sys c: a: [copies the DOS system files from c: to a:]

OR:
2. C:WINDOWS>format a: /s [format a: then copy the system files to it]

B) In Windows Explorer:
1. Put a Floppy Disk in the FDD.
2. Right-click on a: and click Format....
3. When the dialog box appears, click "Copy system files only..." and click "Start".

when i right click on the floppy thing all the options are:

Quick format
enable compression
Create an MS-Dos start up disk

what one?

Create an MS-Dos start up disk
Use this one... That should set it up to boot and then install the program on that disk... Put it in the drive and reboot the computer... It should take you to the program or to an A: prompt where you can start the program...

right it's all fixed now, i cleaned the hard drive (one pass zeros) and i got the guy at the computer shop to reformat it. All is well. thanks for the help