Virus in email problem

  bovthedog 17:20 14 Jan 2012

I received an email purporting to come from American Airlines confirming purchase of a ticket that I hadn't ordered. Stupidly I opened the ticket download attachment to find out more. I've now lost my PC desktop icons and Windows XP doesn't boot. Clicking on Programs tells me there are none. I have a Windows XP CD so tried to load but I get a message 'setup cannot continue because the version of Windows on your PC is newer than the version on CD' which is true because I added SP3 after the original install. Interesting in view of the empty programs message that my PC could compare the loaded XP with the CD version. Also on the CD was a Microsoft link that opened IE and connected so it seems that my HDD might be intact but I can't access it. Is there a solution to this or should I fit another HDD and start from scratch?

  robin_x 18:00 14 Jan 2012

Everything is almost certainly still there, just hidden.

Can you boot to Safe mode? (tap F8 repeatedly while booting)

Download and run Malwarebytes


All the major AntiVirus vendors now have boot/rescue discs.

If you can't boot to Safe Mode, can you burn one on another computer and try?

You don't need to fit a new HDD unless you have one knocking around. Re-installing everything is a pain and should only be done if you think cleaning the old HDD is impossible/too time consuming.

If you come across the exact name of the infection, let us know. Specific removal guides are available.

Post back before doing anything drastic. Do you have lots of stuff you don't want to lose or is it backed up?

  onthelimit1 18:28 14 Jan 2012

After running MBAM, try using 'unhide' introduction here. I've has success with this a couple of times. You may also need to run combofix here. I had a particularly difficult virus a few weeks ago which needed all three to shift it!

  bovthedog 19:49 14 Jan 2012

Thanks for your replies. Managed to get into my Windows XP CD by F8 but at the end of the set up rotine I get 'A problem has been detected and Windows was shut down. There is some STOP info which doesn't mean anything to me but I'll post if it helps to sort the problem. But as I said earlier I can't access the HDD. Can't start Windows in Safe Mode.

  lotvic 20:13 14 Jan 2012

According to

"The messages claim to be from American Airlines and aim to convince the recipients that their credit card has been used to purchase a ticket. Each message has a .zip file attached that alleges to contain the ticket. As you may have guessed, the attachment is in fact a fresh piece of malware. The malicious file in question is identified as [Trojan.Anamkia] which has been associated with infections by the “Incognito” toolkit. In the past these infections have resulted in the installation of rogue AV. Once infected the malware will attempt to reach connect to [FALSHOP2011.RU] This is a newly registered domain located in Ukraine."

  rdave13 20:28 14 Jan 2012

In this thread there is an iso link for the recovery console for XP. You'll need a burner that burns iso files to a CD or DVD. You can try booting from this disc and go to the recovery console. link

In this link it shows a list of commands and how to use. Be careful as you can format the drive from here. Suggest you use the Fixboot command and see if that will enable you to at least boot to Windows.

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

OnePlus 5T review: Hands-on

Illustrator Andrés Lozano on his improv line work, brazen use of colours & hand sketching

iPhone X review

Comment envoyer gratuitement des gros fichiers ?