Nasty Virus/TROJAN PROBLEMS

[defcomk]

My Friend's Pc recently started going all wierd. 1st it showed Windows explorer has been closed by, data excution prevention. two days ago it got even wierder like it started slowing down, when i opened task manager there was nothing in it the x was missing. we restarted things went back to nomal yesterday i played a game then watched two movies, using media player classic so i closed it i tried to open it again to preview a movie. it refused to open it sayd mpclassic.exe is not a valid w32 application i closed it open task manager, it did the same thing go wierd like its a blank application. So i did a restart this time the pc did not boot, even safe mode was not working it was getting stuck at a black background with flashing underscore. i repaired the boot records with a win xp sp2 disc as the sp3 disk i have does not have that option, by the way xp sp3 was running on it. After fixing boot record we fired up the pc, it booted up as nomal we were happy but that was short lived. when we clicked the username by log on screen it took extra long to show the desktop the icons loaded but the taskbar was missing most of the services in auto are not running, system restore does not work direct x also when i try starting services manualy i get Error Code 5:Access Denied. This Pc has been formated alot but im looking for a non formating solution, sfc.exe does not work as it requires rpc service which is not running

 

[bex.cpt]

The past month I have had hundreds of support calls from users in the UK with simular problems. My solution was running SPYBOT in some case this has worked but if you cannot get into safe mode you are out of options. Doing a recovery to factory defaults and installing Kaspersky Internet Security Suite 2009 is the only way I have prevented it from happening again.

Good luck mate

 

[defcomk]

Thanx but Spybot didn't help kaspersky av 2010 was installed but it did help. i think its viruses in a flash frg89pi.bat sys32.exe recycler.exe. they have disabled RPC and System restore services and MSI service when i go to services.msc when it open by extended it blank, it shows by standard but it wount let me start them when i click properties nothing happens. i can not copy or paste anything there some sort of memory leak that cause starts up to be extra slow, everything in gpedit says not configured but when i click properties nothing comes up this also happens in safemode. isnt there a registry cleaner that checks that rests to system defaults using windows cd or something. the xp sp3 disk i have doesnt have repair option im all outa options looks like ima have to format.

 

[Asha'man X]

Most likely you will have to. Sounds like one of those lovely flash drive trojans has infected the system, and this time it's gone deep by disabling services. You'll spend so much time trying to fix it, only to be left with a fairly unstable Windows system afterwards.

Do a full format, re-install and then update Windows as quickly as possible. Updates patch holes. Get your security tools on and update them. Clone the drive so it's if anything ever happens you have a base to restore from.

 

[LoneGunman]

once you're up and running again with windows installed/updated/firewall in place, get your hands on a backup tool like acronis true image, and immediately make a backup of that partition (where your c: is ) and then stash that compressed image of a 'good' install of everything, either on another drive if you have, or on its own partition within your HD.
Then regardless of what goes wrong - you can replace the entire fresh windows/c: within about 20 minutes, and the virus/trojans are gone...
(true image gives the option of hitting F11 on booting, so you can go straight to the setup of replacing the current partition, with your perfect copy)

For now, it sounds like you might need a boot-time disk with toolz, to try disinfect the pc - if there's stuff you need to recover. Thereafter - format, reinstall - and MAKE A BACKUP,
so you can always go straight back to a perfect version of windows.