Latest toolkit for virus identification.

Soldato
Joined
3 Aug 2003
Posts
15,921
Location
UK
I've got to go round a mates in an hour to try and fix his PC as he says he has some sort of virus. (again :rolleyes: )

What would be the latest packages / downloads I should be using to detect what's gone wrong.
 
Ta..
Also downloading Avast and Adaware while I'm at it.
Hopefully it's not so serious that I can at least boot into windows and use the memory stick I'm putting it on..
 
TDSKiller
Combofix
Malwarebytes
Delete all restore points
Reset IE settings to default to kill dodgy toolbars
Install MSE and run full scan.
 
Hold the front page, this is worse than I thought.
NTDLR missing was the first thing,
Now asking for passwords on BIOS and recovery console into C:

I maybe some time. :(
 
OK, reset the Admin passwords with Hiren, that was fairly hassle free.

The Bios password reset with a simple Bios config reset on the mainboard. :D

Took the drive out and scanned and deleted the 17 infections found, confirmed on a resacan and a post scan from a different tool.

Stuck it back in his machine

Rebuilt the ntldr and ntdetect.com files

Rebuilt the boot.ini file

Been working on this since the OP...

Still NTLDR Missing :mad:

Could this be anything to do with the fact I have a XP Professional CD where as his O/S is XP Media center edition.

Help I need to go to bed. :(
 
Last edited:
XP Media Centre is built on XP Pro (without domain capability) and has the MCE software.

Is the NTLDR file actually in the root of the boot drive?
 
Hard to tell to be honest.
The bootcfg program went smoothly and confirmed files were rebuilt.
In his machine if I "dir" c: it comes up with pages of stuff I don't recognise. No folders as such.

With it in my machine I have two locked folders I can't access and one documents and settings folder (which contains all his stuff), that's it.
Very odd.
Beginning to think it's wiped itself clean somehow! :-/
 
Get what you can and reinstall. Going to save you hours of heart ache. Tell him you worked really hard for the stuff you could save and get him to buy a backup drive and software.
 
You'll be able to take ownership of those locked files and then add yourself to the permissions, but if you've got his documents and settings folder it's probably all the important stuff anyway.

I'd reinstall, but then I reinstall most of these types of jobs.
 
He seems to think I have all the files he wanted to keep, so that's a start.
Used recuva to scare him into seeing what I could unearth. Lol what has been seen cannot be unseen etc etc.. :D
Spent some time finding an iso of media centre ed on torrents (hopefully not full of viruses, but will be a damn site more workable than what I have now, even if it is.
Currently formatting his drive and it'll have to wait a few days before i can get back to it, as I'm off to supper club on Tuesday night!
Ahh the joys of fixing pc's
 
Back
Top Bottom