Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Virus?

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Virus?

Unread postby tbi1978 » August 29th, 2006, 4:34 pm

Can anyone help. Getting multiple pop ups, have installed Spywarebot, change to Firefox but my system will not allow me to download antivirus (AVG) or Firewall (ZoneAlarm). It closes every time I enter these site. Attached is my HijackThis Log. This used to be my company PC so there is still some stuff relating to Sanmina-SCI on it but I do not need this anymore if that will help? Thanks in advance.

Logfile of HijackThis v1.99.1
Scan saved at 20:06:54, on 29/08/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP1 (5.00.2920.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\ibmpmsvc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINNT\SYSTEM32\DWRCS.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINNT\system32\11.tmp
C:\WINNT\system32\MSTask.exe
C:\Program Files\AccessManager\PMAC\sp_SWIns.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\Explorer.exe
C:\WINNT\SYSTEM32\DWRCST.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINNT\system32\winservnt32.exe
C:\dfndrff_14.exe
C:\WINNT\v1201.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\Program Files\SpywareBot\SpywareBot.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\AccessManager\Client\AccessMgr.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\system32\javanet.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://corperp.sanmina.com:8001/pls/ERP ... ypage.home
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
R3 - URLSearchHook: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Program Files\Deskbar\deskbar.dll
F2 - REG:system.ini: Shell=Explorer.exe winservnt32.exe
F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,winservnt32.exe
O1 - Hosts: 148.164.90.2 P586EUSRV
O1 - Hosts: 148.164.90.4 p586exs00.sanmina-sci.com
O1 - Hosts: 148.164.90.5 p586nt502.sanmina-sci.com
O1 - Hosts: 148.164.90.6 P586NTP01
O1 - Hosts: 148.164.90.7 P586NTP02
O1 - Hosts: 148.164.90.8 P586NTP03
O1 - Hosts: 148.164.90.9 P586NTP04
O1 - Hosts: 148.164.90.10 p586nt401
O1 - Hosts: 148.164.90.11 P586NT306
O1 - Hosts: 148.164.90.21 p586nt301.sanmina-sci.com
O1 - Hosts: 148.164.90.22 p586nt302.sanmina-sci.com
O1 - Hosts: 148.164.90.23 p586nt303.sanmina-sci.com
O1 - Hosts: 148.164.90.24 p586nt304.sanmina-sci.com
O1 - Hosts: 148.164.90.25 p586nt305.sanmina-sci.com
O1 - Hosts: 148.164.90.55 p586nt017.sanmina-sci.com
O1 - Hosts: 148.164.90.56 P586NT007
O1 - Hosts: 148.164.90.57 P586NT017A
O1 - Hosts: 148.164.90.58 P586NT017B
O1 - Hosts: 148.164.90.59 P586NT010
O1 - Hosts: 148.164.90.61 P586NT308
O1 - Hosts: 148.164.90.62 P586NT307
O1 - Hosts: 148.164.90.210 P586lapbkup
O1 - Hosts: 148.164.90.222 p586ux600.sanmina-sci.com
O1 - Hosts: 148.164.90.231 P586NTS01
O1 - Hosts: 148.164.90.233 p586nts03.sanmina-sci.com
O1 - Hosts: 148.164.90.234 p584nts04.sanmina-sci.com
O1 - Hosts: 148.164.90.236 P499NT001
O1 - Hosts: 148.164.90.239 p54as5.sanmina-sci.com
O1 - Hosts: 148.164.90.240 p54as1.sanmina-sci.com
O1 - Hosts: 148.164.90.241 p54as2.sanmina-sci.com
O1 - Hosts: 148.164.90.242 p54as3.sanmina-sci.com
O1 - Hosts: 148.164.90.247 p54as4.sanmina-sci.com
O1 - Hosts: 148.164.90.250 P586CBDC
O1 - Hosts: 172.21.4.120 vcts01
O1 - Hosts: 172.21.4.121 x3l2s000
O1 - Hosts: 172.21.4.114 svl2s000
O1 - Hosts: 172.21.4.110 SERVAUDIT
O1 - Hosts: 148.164.26.247 w3.ibm.com
O1 - Hosts: 148.164.26.242 usiposya.boulder.ibm.com
O1 - Hosts: 148.164.26.243 d25dbw14.mkm.can.ibm.com
O1 - Hosts: 148.164.26.245 w3-1.ibm.com
O1 - Hosts: 148.164.26.246 w3host01.raleigh.ibm.com
O1 - Hosts: 148.164.26.248 w3-3.ibm.com
O1 - Hosts: 148.164.26.249 pmwww.pmrtp.raleigh.ibm.com
O1 - Hosts: 148.164.26.243 w3-9006.ibm.com
O1 - Hosts: 148.164.26.230 d01dbr02 #(LEADS US)
O1 - Hosts: 148.164.26.215 d06dbl69 #(LEADS EMEA)
O1 - Hosts: 148.164.26.235 d01db034.pok.ibm.com
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: (no name) - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file)
O3 - Toolbar: UCmore XP - The Search Accelerator - {44BE0690-5429-47f0-85BB-3FFD8020233E} - C:\Program Files\TheSearchAccelerator\UCMTSAIE.dll (file missing)
O4 - HKLM\..\Run: [Microsoft (R) Windows Vista/NT Runtime Compatibility Service] C:\WINNT\NT\nrcs.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Microsoft (R) Windows Network Security Management Service] C:\WINNT\system32\11.tmp
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RBot v2 with NetAPI exploit traded with billgates I gave my mother Greetz - OG - Bluehell Irc Server] C:\WINNT\system32\glossary.exe
O4 - HKLM\..\Run: [Ms Update WinServices NT/XP] winservnt32.exe
O4 - HKLM\..\Run: [defender] C:\\dfndrff_14.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_14.exe
O4 - HKLM\..\Run: [ACTX1] C:\WINNT\v1201.exe
O4 - HKLM\..\Run: [zesac804] RUNDLL32.EXE w00b4ded.dll,n 003ac8010000000a00b4ded
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [ntdll.dll] winservnt32.exe
O4 - HKLM\..\Run: [newname] C:\\nwnmff_14.exe
O4 - HKLM\..\Run: [spywarebot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
O4 - HKLM\..\RunServices: [Ms Java for Windows 98, NT, XP & ME] 20274_netapi.exe
O4 - HKLM\..\RunServices: [MS Java Service Wrapper for Windows NT & XP] wrapper.exe
O4 - HKLM\..\RunServices: [MS Java Applets for Windows NT, ME & XP] javaapplets.exe
O4 - HKLM\..\RunServices: [Windows Kernel System Service] wkssvr.exe
O4 - HKLM\..\RunServices: [Sun Java Console for Windows NT & XP] jconsole.exe
O4 - HKLM\..\RunServices: [MS Java for Windows XP & NT] javanet.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [Ms Update WinServices NT/XP] winservnt32.exe
O4 - HKCU\..\Run: [ntdll.dll] ctfmon.exe
O4 - Global Startup: Access Manager Client.lnk = C:\Program Files\AccessManager\Client\AccessMgr.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O16 - DPF: {020f6116-407b-11d3-a3bb-00c04fa32518} -
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://download.cdn.winsoftware.com/fil ... nstall.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{455BC115-D5C5-4954-8E0C-67317D56CA47}: Domain = sanmina-sci.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{C816BD0C-BDE2-43EF-9BA3-C860E75D4F0E}: NameServer = 80.225.252.178 80.225.252.186
O17 - HKLM\System\CCS\Services\Tcpip\..\{D844F16B-53CD-4415-8D0D-A7D0BA67DC15}: Domain = sanmina-sci.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{DA77E7B6-A089-4E1A-B55C-956D84EE479E}: Domain = sanmina-sci.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{FFD068E0-7548-43D9-8A8C-3A6853814CE1}: Domain = sanmina-sci.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = sanmina-sci.com,sci.com,sanmina.com,eu.sanm.corp,am.sanm.corp,ap.sanm.corp,sanm.corp
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = sanmina-sci.com,sci.com,sanmina.com,eu.sanm.corp,am.sanm.corp,ap.sanm.corp,sanm.corp
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = sanmina-sci.com,sci.com,sanmina.com,eu.sanm.corp,am.sanm.corp,ap.sanm.corp,sanm.corp
O20 - Winlogon Notify: BITS - C:\WINNT\system32\f0l02a3mgd.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINNT\U2FubWluYS1TQ0k\command.exe (file missing)
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINNT\SYSTEM32\DWRCS.EXE
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINNT\system32\ibmpmsvc.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: Windows Network Security Management Service (nsms) - Unknown owner - C:\WINNT\system32\11.tmp
O23 - Service: SP Software Installer - Smartpipes, Inc. - C:\Program Files\AccessManager\PMAC\sp_SWIns.exe
O23 - Service: Windows Genuine Advantage Registration Service (wgareg) - Unknown owner - C:\WINNT\system32\wgareg.exe
tbi1978
Active Member
 
Posts: 3
Joined: August 29th, 2006, 4:23 pm
Advertisement
Register to Remove

Unread postby Elrond » August 30th, 2006, 12:14 pm

Hi tbi1978
Your computer is heavily infected. Among the infections are what looks like a root kit and some backdoor trojans. :( Please read the following warning.

It appears you have a root kit and some backdoor trojans on your computer. If that is the case your computer is and always will be at risk. I cannot guarantee that we can clean everything and reset all changes that has been done to the computer.
Root kits can be extremely hard to detect, and just as hard to clean out.
You have to think that from this point forward, you can't completely trust your computer. The root kit could be hiding a backdoor trojan.
It could be that it is possible for someone to secretly steal your financial an other sensitive information and do ANYTHING they want with the computer.
The only way to be SURE that the infections and the changes they have done are removed is to reformat and reinstall.
If that is acceptable to you, not only would it be safer, but it would probably be less time consuming to do a reformat than to clean up the computer.
Please read this article that was published by Robin at Castle Cops and you will understand better why this warning and what to do.
http://castlecops.com/a6511-Identity_St ... _what.html

Further to the article you are strongly advised to do the following immediately:

1. Disconnect the infected computer from the internet and from any networked computers until the computer can be cleaned.

2. Call all of your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.

3. From a clean computer, change *all* your online passwords -- for email, for banks, financial accounts, PayPal, eBay, online companies, any online forums or groups you belong to.

Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.

Also do whatever else that seems appropriate.


Before you decide to reformat you should check that you have all the necessary information and software.

If you decide to continue with a cleanup you should not use this computer for financial or other sensitive transaction.

Let me know what you want to do.


If you have decided that you want to do a reformat please tell me so and I will dig up a tutorial for how to do so.

--------------------------------------------------------------------------

If you decide to clean the computer I would like you to open "HijackThis". Click on "Open Misc.Tool Section".
Use the scroll bar on the right and scroll down to "Open Uninstall Manager". Click it.
On the right you will find "Save List". Click it.
The log that you just saved will appear.
Use "Copy" and "Paste" to add it to your next post.

Sorry I could not give you better news. :(
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem

Unread postby tbi1978 » August 30th, 2006, 1:34 pm

Thanks for that, I was worried it was that serious. Anyway I think I will go down the reformating root to increase the chances if it not happeing again. I have changed all my passwords as suggested and I will get anything off my PC that I need tonight.

If you could get me a tutorial that would be great.

Thanks for your help.
tbi1978
Active Member
 
Posts: 3
Joined: August 29th, 2006, 4:23 pm

Unread postby Elrond » August 30th, 2006, 1:45 pm

I am sorry for the bad news but that is what I would have done.

This tutorial is by wng

Acknowledgements: Thanks to DKnoppix, Crow, Corrine, and Dgosling.

How to reformat windows XP (by wng_z3r0)
This guide shows how to reformat your computer in case of a severe corruption or a severe malware infection where helpers cannot guarantee the security of your computer.

. Do not use this guide if you are not reinstalling windows XP. Only use this guide if you are reformatting using the XP cd (not using a 'recovery partition' that some computer manufacturers use)

This guide is 'as is'. There are many circumstances which may change the success of your reformat.

Now then, let's get started:
Before you can reformat, you will need to have the following:

Prerequistes:
1. Your windows XP cd.
2. A means of backing up your most important data. Don't backup everything, the more you backup, the more chance there is that malware will get on your newly formatted computer. You might use another hard drive, some cd roms, or anything that holds data to backup your files.
3. There is a small chance you will need a floppy drive.


First Steps:
1. We need to make sure that your product key is still valid. Otherwise you might not be able to install windows. To do so,

Please go HERE (Microsoft website) using Internet Explorer (NOTE: Do not use Firefox or any other browser as they won't work)
- Click on Windows Validation Assistant
- Click on the Validate Now button.
- Be patient while the ActiveX loads, do not click on any links.
- Read the instructions on this page while it's loading. You will be prompted to install - click YES.
- Enter your product key then click continue

Make sure that your license key is legit. If it is NOT legit, do NOT reformat, contact Microsoft to see if a mistake has been made, and if not, tell your helper.


You can also use this tool to ensure validity.
Click here
Then hit "save"
Save the folder to your desktop. Then right click on the file and select extract all. Extract the folder to the desktop. Then open the folder and double click on xpinfo.exe
If all is well you should get something that looks like this:
Image


Then, backup your important files to another media. Do NOT save them on the same partition. I would personally suggest a cd-rom backup or a flash drive. You may want to make sure that you can open the files on another computer BEFORE reformatting.


Next, download these programs.
Save them on a CD or something, we will need them immediately after reformatting. Do not skip this step!

  • SP2 can be downloaded here. Safe this file to a CD. If you are on dialup and this download is unbearably large, you can get a free copy from Microsoft here. The downside is that it will take awhile for the CD to get there.
  • A firewall. There are many good ones out there, If you don't know of a good one to get, I personally suggest either Zone Alarms or Sygate Firewall
  • The latest drivers for your computer (optional). Drivers allow Windows to use your hardware in the most effective manner. IF you need help finding what drivers you need, go to start->run->msinfo32.exe and that will tell you what hardware you have. Then go to the appropriate hardware vendor's website and download the correct drivers.
  • A imaging software (VERY optional). Reformatting is a pain in the butt, isn't it... If you have a drive imaging software, you can literally take snapshots of your hard drive, and if something screws up, you can roll back the state of your hard drive to an earlier time. Two of the most popular drive imaging sofware utilities are Acronis True Image and Norton Ghost. Neither of these products are free, but they are well worth it in my opinion.
Checking the hard drive
Please go to start->run->diskmgmt.msc
you should see something like this:
Image
Highlight Disk 0 like I have done. Then you will see one or more partitions on the top half. Make a note of the size of the drive. Very important: Look and see if there's a hidden 'recovery' partition on your hard drive. If so, STOP!! because you will need to follow different instructions on how to reformat correctly.


Let's Reformat!

  1. while your computer is still on, put in the XP cd
  2. Turn off your computer
  3. Turn on your computer. Your computer should go through a black and white screen called POST. Then one of 2 things will happen.
    You will either get a message like this:
    "press any key to boot off the CD"

    or your computer will boot windows normally. If you get that first screen, quickly! press a key, and boot off the cd. If you DON'T get that screen, reboot your computer, and continually press the f12 key. You should get an option screen. Use the arrow keys to highlight your CD drive, and then hit ok.
  4. If everything goes well, you should get a blue screen with white letters. Windows will load from the cd. This takes awhile. Once it is loaded, you will see this screen:
    Image
  5. Hit the Enter Button.
  6. You will then be presented with a EULA. Press f8 to agree to the EULA
  7. Unless your previous windows version is really screwed up, you will get a screen like this
    Image

    Press the ESC Key
  8. Next you will get a screen similar to this:
    Image
    You need to make some decisions. I do NOT like having only 1 partition on a computer. You can make your files safer by having them on a separate partition. Personally, I have 5 partitions on my computer for various things, but at minimum I would recommend making 2 partitions. 1 of them should be the normal c:\ drive like you're accustomed to, and 1 should be for your important files/programs. You're free to setup windows however you want though. It's your computer.

    No matter what you choose to do, you need to use the arrow keys and highlight the c:\drive
    Press the d button.
    Then press the enter at the warning prompt.
    Windows will give you a second warning prompt. Hit L to continue.
  9. Your screen will now look like this:
    Image
    Press the C
  10. Then you will be presented with this screen:
    Image
    This is where you need to decide how many paritions you wish to have.
    If you are unsure and just want to go the easy route, press the enter button. Now skip the instructions below in Purple, and continue on.
    If you wish to create multiple partitions, press the backspace key and change the size of your partition. Don't make it too small! I would recommend having at least 4 GB (4096 MB) on the first partition, and more if your hard drive is big enough. Then press the enter button.
    Then use the arrow keys and highlight the "unpartitioned space" Press the [color=green]c
    button, and then type in how big you want the partition to be. Hit the enter key. You can repeat this process until you have as many partitions as you want.[/color]
  11. Your screen should look something like this depending on how many partitions you have:
    Image
    Highlight the drive you want to install windows on. It SHOULD be the 1st one. (c:\)
    Then hit the enter button
  12. Next you will get this screen:
    Image
    Select "Format the partition using the NTFS file system"
    Hit the enter button.
  13. Your computer will format the drive. Wait until that's done.
    Windows will setup. When you see this screen:
    Image
  14. Then you need to take out your CD.
  15. Your computer will reboot.
  16. Windows Setup will continue from the hard drive. Follow the instructions, and voila! Windows will be reinstalled.
DO NOT CONNECT TO THE INTERNET UNTIL THE FOLLOWING STEPS ARE COMPLETE!!!!

  • Put in the cd that contains service pack 2
  • Install service Pack 2 by doubleclicking the setup file and following the instructions on the screen
  • Once SP2 is installed, reboot, then install the drivers that you have found.
  • Next, install the firewall and AV.
NOW CONNECT TO THE INTERNET.
Immediately go here:
http://windowsupdate.microsoft.com/

and get all the critical updates.
Don't forget to restart your computer!
Then update your AV and firewall.
Install all your other programs and documents.
Then (if you have an imaging software) make a snapshot of your computer. If something goes terribly wrong, you can always start from this point again instead of from the beginning.
good luck!

This is my addition to the above:
Important Be sure that you also back up your financial data and your E-mail. They are often not stored together with the rest of your data.
The E-mail files should be scanned by an antivirus and an antispyware application before being imported back into your reinstalled E-mail application. Let me know if you do need help with the backup and import of your financial and E-mail data. If you need this help please let me know what programs you are using for E-mail and for finacial work.
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem

Unread postby wng_z3r0 » August 30th, 2006, 6:39 pm

My website has a slightly more up to date version:

http://spyware-free.us/tutorials/reformat

wng :)
User avatar
wng_z3r0
Admin/Teacher Emeritus
 
Posts: 4282
Joined: March 6th, 2005, 8:22 pm

Unread postby tbi1978 » August 31st, 2006, 5:23 am

Thanks a million guys :) . I'll work on this over the weekend. Need to get some stuff of my PC first.

I'll let you know how I get on.
tbi1978
Active Member
 
Posts: 3
Joined: August 29th, 2006, 4:23 pm

Unread postby agrarianmonk » September 15th, 2006, 1:58 pm

Whilst we appreciate that you may be busy, it has been 14 days or more since we heard from you.

Infections can change and fresh instructions will now need to be given. This topic is now closed, if you still require assistance then please start a new topic in the Malware Removal Forum

If you wish this topic reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid,
working link to the closed topic is required along with the user name used.
If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
agrarianmonk
MRU Teacher Emeritus
 
Posts: 5439
Joined: December 24th, 2005, 3:11 am
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 297 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware