Malware troubles

[mimic]

Somehow one of those malwares that pretends to do scan, "finds" tons of viruses and then asks for money installed on my win xp partition, avast just let it in like it's nothing. Anyway ever since it completly wrecked havoc on xp partition and I've been using Vista parition, but I'd like to go back to xp without reinstalling, so my question is, is there any software that will scan the xp partition without loading xp, because that malware won't let it run any type of antimalware, and will redirect any antimalware/virus web page to the crap of it's choosing. I've got limited access to xp now, it always freezes after ~10 min.

[wp34]

We use Malwarebytes where I work for these types of infections.

They offer a free version here - http://www.malwarebytes.org/

We usually pull the drive and scan using another computer via a SATA/USB cable.  Not sure if you can use it to scan another partition.  Does Vista see your XP partition as another drive-letter?

[Ed_McCarron]

Second Malware bytes.  If you have trouble running it, run RKILL first.

http://www.bleepingcomputer.com/forums/topic308364.html

It'll stop most malware lone enough to get MWB running.  Theres 5 flavors on the assumption the malware won't recognize at least one.

[saint]

Malwarebytes FTW.

[mimic]

I already tried Malwarebytes, but under xp it will not start and then xp will freeze, under vista partition it didn't cleanup . Someone told me that it has to be installed on the systems partition in order to properly clean up.

[J_K_M_A_N]

If you are using the free version of Avast then it wouldn't stop it. The free version is pretty much just virus protection I believe. (I bought the paid version witch does cover malware too.)

Try searching for what software it says it is and follow the directions to clean it. I had one like that and I found directions that worked well. It did involve RKILL like Ed mentioned. Then malwarebytes would install and run. Before that it would install and immediately be disabled before it could even be updated. (The fake virus scanner would run even in safe mode too so that doesn't help.)

Good luck.

J_K_M_A_N

[DaOld Man]

Malwarebytes in safe mode.

Start in safe mode with networking.
Install MBAM from a jump drive. Update malwarebytes (MBAM).
Turn off restore function, do full scan with MBAM, then turn restore back on.

[DaOld Man]

Not to pull off topic here, but since it is related I will post it.
I cleaned a computer, but now Windows XP Pro (SP3) cant read any CDs. Drive is ok cause I can boot from win cd.
I tried deleting the upper and lower filters in registry, but no good.
Anyone have any ideas?

[Xiaou2]

The new Root Kit viruses destroy many parts of windows... so even if you get the
thing somewhat cleaned.. it wont operate fully and correctly.

 You will be best to do an re-install of the OS.  You can try an Over-Install, so as to
keep your data. (repair xp option on install. not recovery / repair console that pops up
first)

[DaOld Man]

That worked great Xiaou2! Thanks a lot!
Mimic, sorry to step on your thread.

I have been searching for an answer to this problem for a week. I shoulda known to ask you guys!

It would be neat if we had a section on this board dedicated to windows problems (Mac too, if there are any problems).
I know we have the software forum, but a forum for just PC problems might be easier to search??

[mimic]

I'm also happy to inform that it seems that everything works fine with my xp, thx to the rkill. Encountered few bumps after the rkill, but after updating malwarebytes, everything seems ok now.
As to xiaou2 suggestion of over-install that thought crossed my mind, but I'm afraid that it overwrites reg file and basicaly everything is there, but not associated, I think you can end up with a partial mess.

[Xiaou2]

I would never advise an over-install on a system that has a Root-Kit on it, because
it will just rebuild itself.

 You have to remove the thing first, and only then can you do an Over-Install.
It will not create a mess.  It will repair broken windows issues, and change the
modifications that the root-kit made back to normal.

 Afterwords, you will want to re-install all your windows updates & patches.

 Be aware, that the 1st thing these root kits do, is to ruin your antivirus programs.
They look like they are running, but they really are not functioning correctly.
You should uninstall them, delete the folder, reboot, then re-install and update the defs asap.

 You wouldnt believe the mess these rkits do.  Its usually better to just format and
install from scratch.
 

 Daoldman, glad to help.  If you have some extra cash, please kindly make a small donation to
"The Dumping Union".   They buy the arcade boards that end up in mame.

 https://www.paypal.com/us/cgi-bin/webscr?cmd=_flow&SESSION=EtLaGm16CWR_-EUR8fS3s8hMNKXNdaVp4wHQOQTNNHyy4fVYNF2k_csiJLy&dispatch=5885d80a13c0db1f22d2300ef60a6759516e590e949da361fd1b680561e9552a