Currently with virus: New Poly Win32 - Do I format?
Desktop loaded blank. [Init failed message.] Went into safe mode and saw the **** shortcut icons and knew i was messed up. "i'm fine though" - i'll system restore because i had JUST made a restore point after cleaning my computer. no. the .exe is missing. so are other vital windows components. winlogon.exe i noticed was quarantined so it's missing now....and others....
so as mcafee is quarantining faster than i can type - New Poly Win32 it keeps saying - , i tried going onto the internet to find a solution but when i click on links FROM a search engine, they are corrupted and i go somewhere else...either to a "this link appears broken" or to some seemingly random site.
i can get to where i need to go by typing or copying/pasting into address bar.
meantime i am seeing mcafee now quarantining files on D: [where the Dell people called my 'RECOVERY' drive [partition?]...so nice. My C: *and* D: is getting eaten up.
I ended up powering down last night because it seemed the longer i was on the more files were being corrupted and destroyed.
I need assistance.
I have all manufacturer CD's ... I just don't know - at this point - if or what anything is salvageable and/or what order to do anything.
PS. It's Virut. Great. New Poly Win32 is Virut. I have no chance, now?
Report abuse
Thank you.
Reported content has been submitted
http://www.bleepingcomputer.com/forums/topic63402.html
Read the info at the above link re removing it.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
If that fails for your scenario:
Download, install, update and scan with each of the two programs below to check for/remove Malware/spyware.
Do all the above work in Safe Mode with Networking.
To get into Safe Mode with Networking, tap F8 right at Power On / Startup, and use UP arrow key to get to Safe Mode with Networking from list of options, then hit ENTER.
Read all info below before starting:
http://www.malwarebytes.org/mbam.php
Malwarebytes is as the name says, a Malware Remover!
Download the Free Version from the link above.
Download, install, update and scan once a fortnight.
How to use Malwarebytes after it is installed:
1. Open Malwarebytes > Click on the Update Tab across the top> get the latest updates.
2. On the Scanner tab, make sure the the
Perform quick scan option is selected and then click on the
Scan button to start scanning your computer
3. MBAM will now start scanning your computer for malware. This process can take quite a while.
4. When the scan is finished a message box will appear
5. You should click on the OK button to close the message box and continue with the Malware
removal process.
6. You will now be back at the main Scanner screen. At this point you should click on the
Show Results button.
7. A screen displaying all the malware that the program found will be shown
8. You should now click on the Remove Selected button to remove all the listed malware. MBAM will now delete all of the files and registry keys and add them to the programs quarantine. When removing
the files, MBAM may require a reboot in order to remove some of them. If it displays a message stating that it needs to reboot, please allow it to do so. Once your computer has rebooted, and you are logged in, please continue with the rest of the steps.
9. When MBAM has finished removing the malware, it will open the scan log and display it in Notepad. Review the log as desired, and then close the Notepad window.
10. You can now exit the MBAM program.
http://www.spybot.info/en/index.html
Spybot Search & Destroy 1.6.2 is a very good, FREE Anti-Spyware Program.
Download, install and update it.
Then SCAN with it.
Update it, and scan your System once a fortnight.
Important re: Safe Mode
If you happen to find a problem that you can’t uninstall / delete, reboot the computer, and go into Safe Mode.
To get into Safe Mode, tap F8 right at Power On / Startup, and use UP arrow key to get to Safe Mode from list of options, then hit ENTER.
RESCAN your computer with your Anti-Virus, Malwarebytes and Spybot S & D while in Safe Mode.
If unable to install above Programs in Normal Mode:
Sometimes Trojans, Viruses, Malware, etc stop you installing and/or updating Programs to remove them.
If that happens, reboot into Safe Mode with Networking (from F8 list of Startup Options), and install, update and scan from there.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
If nothing works, save your Data(Read info at Dell's link below on how to do that), reinstall.
And if you reinstall, scan your saved Data to make sure it is clean of Malware.
How to use Dell's recovery DVD:
http://supportapj.dell.com/support/topics/global.aspx/support/dsn/en/document?journalid=67E9C215C4BABD6CE040AE0AB5E14F05&docid=339949
Above is Dell's way to reinstall Vista from the DVD to your computer.
Dell has all the info on saving Data at the above link, and info re the Drivers and Utilities CD.
And how to use their Recovery Partition, if possible:
http://supportapj.dell.com/support/topics/global.aspx/support/dsn/en/document?journalid=67E9C215C4BABD6CE040AE0AB5E14F05&docid=336966
And this way if you have a Recovery partition on your Hard drive.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
And when you are up and running again, some general info on what to do with that Recovery partition that Files are being saved to:
Recovery Drive:
Contact your Computer Manufacturer on how to remove anything you have saved to the Recovery Drive, as it is their Recovery Partition, not Microsoft’s.
Your D: Drive normally is the Recovery Partition, that the Manufacturer put there, for your computer to put it back to factory settings in case of System Crash.
It is not for you to save anything to; and it is not to compress and/or Index,, Disk Cleanup, use for Backup, Defrag or have System Restore turned on for it.
You are supposed to have made Recovery disks from D:, in case of Hard Drive failure.
Ask the Manufacturer how to make them, and how to delete/fix what has been done there.
Cheers.
Mick Murphy - Microsoft Partner
Report abuse
Thank you.
Reported content has been submitted
Was this reply helpful?
Sorry this didn't help.
Great! Thanks for your feedback.
How satisfied are you with this reply?
Thanks for your feedback, it helps us improve the site.
How satisfied are you with this reply?
Thanks for your feedback.
If these scans and cleans resolve the problem (if it shows it's been stopped), then let's check some of your system files:
Go to Start / Alll Programs / Accessories / Command Prompt and right click on command prompt and click run as Administrator.
Type sfc /scannow and enter and let it run. It will scan and try to fix some of your system files. Hopefully it will complete with no corruption it could not repair (if such corruption occurs, post back here). Chances are good there will be some corruption given the quarantined files.
While we're there, let's check your hard drive by typing chkdsk /f /r and enter and let it run. It will scan and try to fix any bad sectors.
If it still doesn't work (if the virus is no longer active but some damage remains -you can't do some things on your PC) then the next logical step is a system repair/upgrade using a genuine Windows Vista Installation Disk (one you own or one you can borrow from ANYONE). Here are the procedures: http://www.vistax64.com/tutorials/88236-repair-install-vista.html along with the upgrade from an earlier version of Windows section from http://support.microsoft.com/kb/918884. If the other procedures don't work, THIS one is almost certain to work (though the worry of still being infected depite the many scans will remain). You may have a lot of updates to re-install (including any service packs you had to remove). If the version on the system cane with SP1 or SP2 pre-installed and the disk is an earlier version, then you'll need to make a slipstream disk as follows: http://www.vistax64.com/tutorials/151606-vista-sp1-slipstream-installation-dvd.html. Although this does not affect your data, settings, or programs, you should still first make a backup to be on the safe side. If you can't get your hands on a genuine Windows Vista Installation Disk then we have no choice left but a clean install to factory settings. You should backup your important data before doing this even though it is technically saved (just to be on the safe side).
If the scans don't stop the infection or if they do and there's too much damage and you can't do a system repair/upgrade, then the only solution is to format the drive from the recovery disk and do a clean install (after backing up all your important data since this virus seems to target mostly .exe and .dll files). Let's hope the virus didn't do much damage to D: drive since that seems to be your recovery partition for reinstalling the system from a clean boot if you don't have a genuine Windows Vista Installation Disk or the Recovery disk isn't an installation disk too. Here're instructions on a clean boot: http://www.winsupersite.com/showcase/winvista_install_03.asp - but you may need to follow those provided by your computer vendor/manufacturer for use with your recovery disk and recovery partition instead.
If the recovery partition is damaged (or infected and re-infects your machine again) and you're unable to do a clean install contact the manufacturer and see what they can do to help you. If they will do nothing, then your only choice is to purchase a copy of Windows Vista or another operating system (like Windows7) to install from scratch.
Good luck and I hope this helps.
Lorien - One - MCSE/MCSA/Network+/A+
Report abuse
Thank you.
Reported content has been submitted
Was this reply helpful?
Sorry this didn't help.
Great! Thanks for your feedback.
How satisfied are you with this reply?
Thanks for your feedback, it helps us improve the site.
How satisfied are you with this reply?
Thanks for your feedback.