Infected Windows XP

  tundra 10:30 12 Nov 2008

I have a PC running Windows XP Media that is infected by a very persistent virus. It managed to bypass the Norton antivirus system (or hides from it) and prevents the download/update and installation of any other anivirus tools. It has also disabled System Restore despite the settings indicating otherwise. I need a solution that does not involve opening Windows. This is beyond my experience and any help and advice would be much appreciated.

  hiwatt 10:32 12 Nov 2008

Try an online scan click here

  tundra 10:48 12 Nov 2008

Thanks hiwatt for the advice. I don't have access to the PC at the moment but the problem with the virus is that it blocks all online attempts to access/download/install ANY programme that could detect it. I just get the 'connection could not be made' error message. There is no problem with my connection as I can still surf the net and access emails etc but the virus appears to modify the URL and misdirect to bogus/infected sites or denies access.

  birdface 11:07 12 Nov 2008

Have you another user account on your computer.Normally in cases like this you would be able to download programs that way but it would have to have administration rights.Or maybe download to disk from another computer and then install it on yours.Anything on msconfig.Add Remove or Task Manager that should not be there.Or maybe go into safe mode and run your security programs on there.

  birdface 11:14 12 Nov 2008

Try System restore in safe mode.You will probably find that it is Norton that is not letting you into safe mode.Have you no Anti-Spyware programs downloaded.The best two for removing problems are Superantispyware or MalwareBytes make sure that you get the free version that of course is if you can download them from one computer and install them in yours.update and run them in safe mode if possible.

  hiwatt 11:23 12 Nov 2008

Yes do what buteman says.IF you can't install programs even in safe mode(although I doubt it)choose safe mode with networking and try running the online scan from there.

  tundra 11:50 12 Nov 2008

Thanks hiwatt and buteman for the advice. The virus initially stopped allowing windows to load normally so I immediately went to safe mode with networking which is when I discovered that system restore had been wiped and won't allow me to create a new one despite the fact that the settings say it is switched on and I had created (by coincidence) a specific restore point last week. I cannot use any of the PCA DVD's to load programes as they require online access which is being blocked. Also I'm loathed to swich off the Norton security stuff (however useless it's proved to be) for fear of further attacks when online. I won't be able to try your solutions until this evening.

  birdface 12:43 12 Nov 2008

Try safe mode without networking for system restore + run your security programs on there as well.

  virushelpplease! 16:03 12 Nov 2008

hi Tundra, try my post, I had a virus yesterday and got loads of good advice.

I managed to download Malwarebytes from
once it had finished intalling, it froze at the last minute, but once that happens, if you close it and rename 'Mbam.exe' in the Malwarebytes folder to something else, e.g. 'Dave.exe' you should be able to run it and it got rid of a load of viruses from my PC which AVG hadn't spotted.

i'm not expert but think i managed to get there eventually

link to my post:
click here

  tundra 10:29 13 Nov 2008

I was able to run the Microsoft Malicious Software Removal Tool (downloaded from an uninfected PC and transferred by USB stick) which identified a worm Win32/[email protected] (partially removed) and Trojan Downloader:Win32/Zlob. I have not been able to run any other antivirus / removal programmes because access to the administrator settings is blocked - and this prevents any new programes from being installed (or appears to be).
The PC (running XP Media edition SP3) will NOT run windows normally - only safe mode.
Any further advice would be appreciated.

  tullie 10:35 13 Nov 2008

Dont understand how any anti virus can let through loads of viruses,unless its months out of date.

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

WPA2 hack: How secure is your Wi-Fi?

HP’s new Surface Pro rival is designed specifically for Adobe-using designers and artists

Best kids apps for iPhone & iPad

Que faire si son iPhone ou iPad est tombé dans de l'eau ?