PDA

View Full Version : Computer VIRUS!?!?!?!



Miss Janet
10-07-2007, 14:38
Does anyone know how to get rid of a downloads called

http://www.antivirgear.com/?aff=1012 and http://www.antispyshield.com/?advid=177

I don't know where it came from and none of virus software seems to be able to remove it and I can't remove them manually... the don't show up as downloaded software in my control panel/software list.

BUT they are driving me crazy!! Pop ups that I can't get rid of. Constant fake warnings that want me to buy some other program...

HELP!!!

Appalachian Tater
10-07-2007, 14:50
Miss Janet, try this for viruses:

http://housecall.trendmicro.com/

I used it to remove over 200 instances of viruses from a friend's computer and it's not a program you have to install.

Also, consider an Apple computer when it comes time to replace your old one as they are significantly less plagued by malware, etc.



Sorry, I didn't read your post carefully. You seem to have software installed on your computer and the anti-viral software wouldn't be designed to find that. Find the directory with the program in it by searching your computer and then delete it.

faarside
10-07-2007, 14:51
There is a good (and free) "spyware" removal tool called Ad-Aware that should remove this and any other spyware that may have found its way onto your computer. The download is free from CNET. Go to:

http://www.lavasoftusa.com/

Click on the "Download Ad-Aware Free" button. The link will take you to the download site.

Save it (for convenience) to your desktop (or where ever you normally save your download files). When the download is complete, double-click on the saved (downloaded) file and follow the instructions for installation and operation.

Hope this helps...

Happy Trails!

Alligator
10-07-2007, 15:08
Miss Janet, if you can't figure out how to get them uninstalled, and end up stuck with them, try this:
Go to Run on the Start menu.
Type Msconfig then OK.
Under the Startup tab, see if the programs are there.
Uncheck them if they are.
This is one way to turn off pesky programs that load at startup.

This is a just a workaround. It may not work on all Windows versions.

Alligator
10-07-2007, 15:14
Or they might be loaded into the startup folder, under programs on the start menu. You could probably delete them there too.

They look like AV software though, should be some way to get them uninstalled:confused: . There's no listing for them under programs in the start menu?

You might be able to find the folder they are in by cntrl-alt-del and looking under running processes. I'd look at the .exe files first and see if you can find the folder the programs are in. There might be an uninstall utility in the folder.

Manach
10-07-2007, 15:20
Spybot Search & Destroy is also an excellant program and similar to AdAware (though superior in my experience).

http://www.safer-networking.org/en/index.html

chief
10-07-2007, 15:50
Janet, try faarside's advice and use ad-aware. If that doesn't work, I suggest you get someone who knows what they're doing to help you out. These syware are not easy to get rid of. If you're really brave see:

http://www.bleepingcomputer.com/forums/topic108399.html

Lyle
10-07-2007, 15:52
Actually, I've found that a combination of both Spybot and AdAware is good. It seems they each catch some programs that the other misses. Several years ago you needed to run AdAware first, but they have been modified so that they play nicely together. Both are quality, trustworthy programs.

Fiddler
10-07-2007, 16:15
Go to www.answersthatwork.com (http://www.answersthatwork.com) and click on the Task List button. Find the file name. It's all clickable and alphabetical. This don't remove anything, just lets you see what it does and recommends what to do. You don't want to remove the wrong thing.

Miss Janet
10-07-2007, 19:32
I always use Adaware and Spybot but this seems to be beyond them.

I ran the Housecall scan and got a bunch of stuff... but then a new one started and I can't find it so I may run Housecall again before I go to bed.

Thank you all for your advice!

UGGG there is is again!!!!

Appalachian Tater
10-07-2007, 19:46
Miss Janet, after more research, it seems that antivirgear and spyshield are malware, not just obnoxious programs.

Here are specific instructions for the first:
http://www.bleepingcomputer.com/forums/topic108399.html#automated

For the second, you could follow the manual instructions:
http://www.spywareremove.com/removeSpyShield.html
but DON'T download the program they are trying to sell. All you have to do is delete the files, they try to make it sound dangerous.

Read the instructions and print them out before following them!

Roland
10-07-2007, 19:49
You could try this, MJ:

1. Install updates for Spybot and AdAware
2. Turn-off System Restore
3. Boot-up in Safe Mode (F8)
4. Scan with AdAware, then Spybot
5. Log off
6. Boot-up in Normal Mode
7. Launch your browser. If everything is back to normal, turn System Restore back on.

Miss Janet
10-07-2007, 19:54
Wow... this looks a little scary!

Appalachian Tater
10-07-2007, 20:17
Then do what Roland said. Spybot should take care of both of them according to the Spybot website, but you MUST update the Spybot software because Antivirgear is relatively new and was only added to Spybot in September.

Either way, all you're doing is deleting files.

Oh, yeah, and write down or print out Roland's instructions first!

capehiker
10-07-2007, 20:21
Third Rolands suggestion. If you don't turn off system restore, it'll very well show right back up upon start up.

Update everything before you reboot in safe mode (won't be able to access internet in that mode) and dump your temp files and history before booting in safe mode.

Monkeyboy
10-07-2007, 21:39
You are infected with a peice of spyware that is called Smitfraud....

It's a pain in the behind to get rid of, and Ad Aware and Spybot do not do the trick.

The program runs in the background, and as soon as you remove it, the running program puts it right back in. And actually, it's like five programs running simultaneously, and as soon as you remove one, the other four put it back into place.

You need to download SmitRem (for SmitFraud Removal tool). Its free and you can get it here...

http://noahdfear.geekstogo.com/

Boot your computer into Safe Mode by pressing F8 when booting and select Safe Mode.

You will still see the SmitFraud program running in the background, but as soon as you run SmitRem, it closes windows like it's logging you out, runs the program to remove all five or six programs and then reboots to clean the recycle bin.

Not very hard to do, but you must be in Safe Mode......

PM me if you are still having problems with it...I know it can be a pain.
I do this for a living, and this has got to be one of the worst variants of spyware out there.

Monkeyboy
10-07-2007, 21:41
The link to download SmitRem.exe is at the bottom of the page, BTW.....

Monkeyboy
10-07-2007, 21:45
Also, if the SmitRem tool doesn't work, download the other program mentioned by Appalachian Tater on the bleepingcomputer.com site.

Between the two, you should be able to get it.

namehere
10-10-2007, 12:17
what monkeyboy said.. if he's busy and you still need help removing it, PM me and i'll help out. HEY Miss Janet!!! mello

Appalachian Tater
10-10-2007, 12:30
Well, we never heard from her again. I guess her computer is toasted. Can't one of you guys with Windows do a remote assistance type thing?

Miss Janet
10-10-2007, 13:03
Well, the puter is running fine but the last and final totally aggravating problem is still here with me. Kind of like a reminder of my stupidity. It manifests itself with regular pop ups proclaiming that my computer will soon die of any of a long list of trojans, spyware, viruses, worms, etc UNLESS I download their cure...

I am hoping for a visit from a friend that can save me... Phatt Chap has certainly kept me in computerland for years and I have heard he is in the area:)

I must confess my stupidity so that you will understand the embarrassed part.

I always dress up for Halloween. A few years ago I won $750 at a local contest with my Mona Lisa costume. So, being broke and it being October, I decided to plan a WINNING costume for this years contest. I had in mind a more adult and humorous get up for this year. Well, to make a long story short... the research for some of my ideas took me into realms of the internet that I was not so familiar with... I am sure some of you GUYS knew that you DO NOT CLICK THAT BUTTON on certain websites but I didn't know!!!! So, to remind me of my sins... some of these pop ups are, well, a little .... FLESHY!

max patch
10-10-2007, 13:05
I had this virus about 3 months ago.

There is a company which fixes this specific virus for 39 bucks if I remember correctly. There is speculation on the web that the company that "fixes" this problem is also the company that "gives" you the virus. Obviously you don't want to use them.

I got rid of the virus by using several free downloads on the web. I don't recall which ones worked; I do recall it two different downloads to totally fix the problem.

Here is what I used:

I already had Norton anti-virus on my pc before I was infected.
Ad-aware 2007.
Spybot-Search and Destroy.
Super Anti-Spyware
AVG 7.5
Ewido. Ewido is no longer available. It has been replaced by AVG Anti-Spyware 7.5. It is supposed to be the same program with enhancements.

Again, I got rid of this virus in 2 stages. It took 2 of the above programs which individually fiixed half the problem. I don't remember which of the programs solved my problem.

Alligator
10-10-2007, 13:08
Can you tell us where you might have picked up the virus Max;)?

SGT Rock
10-10-2007, 13:09
I had this virus about 3 months ago.

There is a company which fixes this specific virus for 39 bucks if I remember correctly. There is speculation on the web that the company that "fixes" this problem is also the company that "gives" you the virus. Obviously you don't want to use them.

I got rid of the virus by using several free downloads on the web. I don't recall which ones worked; I do recall it two different downloads to totally fix the problem.

Here is what I used:

I already had Norton anti-virus on my pc before I was infected.
Ad-aware 2007.
Spybot-Search and Destroy.
Super Anti-Spyware
AVG 7.5
Ewido. Ewido is no longer available. It has been replaced by AVG Anti-Spyware 7.5. It is supposed to be the same program with enhancements.

Again, I got rid of this virus in 2 stages. It took 2 of the above programs which individually fiixed half the problem. I don't remember which of the programs solved my problem.Yes, I wrote them a real nasty e-mail once when I got some of that stuff on my PC. They sent me a free trial version of their removal software to get rid of the problem which I used and then promptly deleted from my PC and then ran a spyware removal tool to make sure that the anti-spyware stuff they sent me didn't back door me with something else.

max patch
10-10-2007, 13:40
Can you tell us where you might have picked up the virus Max;)?

It appeared right after one of my boys downloaded a game.

Monkeyboy
10-10-2007, 22:35
I'm telling you.....use the two programs suggested by running in Safe Mode....it will work.

I've dealt with this before, and I know it's a pain, but the two tools suggested (mine and Tater's) will work. One or the other will do the trick.

If you PM me, I will download the programs for you and email them to you with a step by step instruction list......

Monkeyboy
10-10-2007, 22:37
....and whatever you do, don't buy the software they are trying to sell you in the pop ups.....it's a scam to get your credit card info.....

Tennessee Viking
10-10-2007, 23:31
Try AVG Free Edition
http://free.grisoft.com/doc/downloads-products/us/frt/0

They also have some free spyware detection. Also look at Lavasoft's free Ad Aware

I have been hearing a lot of complaints about the big name anti-virus software this year. They seem to demand a lot of processing speed but detect very little.

Monkeyboy
10-11-2007, 07:53
AVG Antispyware, Ad Aware and Spybot will detect it, but not remove it.

You need the two tools suggested. That is the only thing I've found that works.

And yeah, Norton isn't called "BloatBot" for nothing.....

longshank
10-11-2007, 09:24
MIss Janet...I think I had the same problem rcently...Does it warn you that you have the "Trojan.w32.looksky"? If so, this could be a particularly stubborn one that I and many others have dealt with recently...Did it hijack your wallpaper? Does it constanly hijack your browser to a fake website? Try this link...This is the only program that worked, I battled this thing for @ days straight. http://siri.urz.free.fr/Fix/SmitfraudFix.exe You'll have to copy and paste this link in your browser. Also, google "Trojan.w32.looksky" Until you find a site that describes how to use the program. If this is the same virus, conventional programs will NOT remove it. I tried maybe 10 different ones. This program is a homemade one, so it might look a little suspect, but never fear. It completely saved my ass, as well as the asses of many others. Good luck! PM me if I can help you.

Sly
10-11-2007, 12:21
I stopped over MJ's to try and help and ran SmithRem as directed. Now Widows won't reboot. :(

Message displayed:

Windows could not start because the following file is missing or corrupt.
<Windows root>\system32\hal.dll.
Please re-install a copy of the above file.



You are infected with a peice of spyware that is called Smitfraud....

It's a pain in the behind to get rid of, and Ad Aware and Spybot do not do the trick.

The program runs in the background, and as soon as you remove it, the running program puts it right back in. And actually, it's like five programs running simultaneously, and as soon as you remove one, the other four put it back into place.

You need to download SmitRem (for SmitFraud Removal tool). Its free and you can get it here...

http://noahdfear.geekstogo.com/

Boot your computer into Safe Mode by pressing F8 when booting and select Safe Mode.

You will still see the SmitFraud program running in the background, but as soon as you run SmitRem, it closes windows like it's logging you out, runs the program to remove all five or six programs and then reboots to clean the recycle bin.

Not very hard to do, but you must be in Safe Mode......

PM me if you are still having problems with it...I know it can be a pain.
I do this for a living, and this has got to be one of the worst variants of spyware out there.

longshank
10-11-2007, 17:05
The virus hides in windows system 32 folder, but moves when you try to peel it out with fancy programs. It can also prevent you from installing AV's like Kazpersky. You should've tried the program I posted. I duked it out with this thing for 30 solid hours, no sleep. If you get Windows up again, try it. Or, download Smitfraudfix onto disk on another computer, reboot in safe mode (to do this, simply restart the computer and hit the F8 key repeatedly and follow prompts...) and either try the program, OR, you can try a system restore, which can be found in "system tools" under accessories in the start menu. Just restore to a date before the trojan struck the system.

longshank
10-11-2007, 17:08
There are many Smitfraud variations, this is one of the newest called "trojan.w32.looksky". None of the brand-name wares have been able to remove it. A couple of wares I tried were able to identify it and temporarily isolate it, but none could get it out. It keep hiding, replicating, and re-installing on startup.

saimyoji
10-11-2007, 17:44
I stopped over MJ's to try and help and ran SmithRem as directed. Now Widows won't reboot. :(

Message displayed:

Windows could not start because the following file is missing or corrupt.
<Windows root>\system32\hal.dll.
Please re-install a copy of the above file.


boot to dos (boot disk). fdisk the hard drive. reinstall everything

max patch
10-11-2007, 20:01
OR, you can try a system restore, which can be found in "system tools" under accessories in the start menu. Just restore to a date before the trojan struck the system.

I've tried system restore 3 times. It never works. I googled to see what I was doing wrong, and it appears that system restore doesn't work for anyone. Odd.

Sly
10-11-2007, 20:01
You should've tried the program I posted.

Yeah, maybe I should have, but Monkeyboy was so emphatic with his statement "I do this for a living". Anyway, right now Miss J's computer is toast. I tried several fixes including booting from her Windows XP Pro Upgrade cd, her Windows 98 cd, both of which did zippo and booting from every configuration from safe mode including a dos based restore, all of which led back to the original error message. She says Fat Chappy will be over Sunday. Hopefully, he'll be able to straighten it out.

Sorry Miss Janet! :o

Appalachian Tater
10-11-2007, 20:04
Yeah, if I had all the discs and no valuable info on the hard drive to lose I would just reformat. KILL the $%#%^!!!!!

And make sure any back-ups, flashs, discs, etc. were clean, too.

Appalachian Tater
10-11-2007, 20:07
Yeah, maybe I should have, but Monkeyboy was so emphatic with his statement "I do this for a living".

I'm sure our simian friend is highly competent, but there are all sort of incompetent people doing all sorts of things crappily and getting paid for it, sometimes very well-paid, too. "I do this for a living" means nothing.

Sly
10-11-2007, 20:17
I'm not sure how she'll be able to reformat, nothing seemed to work beyond getting the error message from safe mode, nor did the cd's she had. She wasn't at all upset when I told her the bad news but she probably has tons of important info and photos on there.

Midway Sam
10-11-2007, 20:17
Yeah, maybe I should have, but Monkeyboy was so emphatic with his statement "I do this for a living". Anyway, right now Miss J's computer is toast. I tried several fixes including booting from her Windows XP Pro Upgrade cd, her Windows 98 cd, both of which did zippo and booting from every configuration from safe mode including a dos based restore, all of which led back to the original error message. She says Fat Chappy will be over Sunday. Hopefully, he'll be able to straighten it out.

Sorry Miss Janet! :o

It may not be toast. Try this before doing anything desperate:

Reboot the computer, but as it begins to boot, press shift + F5. THis has to be done right as it's booting.

You will then get to a command prompt (i.e. C:>)

Type "CD /windows" and press the Enter key.

Next, type "DIR" and press the Enter key.

If it lists a bunch of files, then there is still data on the drive and still a real good chance you can get this puppy back up on it's feet.

Try that and then report back...

Midway Sam
10-11-2007, 20:18
I'm not sure how she'll be able to reformat, nothing seemed to work beyond getting the error message from safe mode, nor did the cd's she had. She wasn't at all upset when I told her the bad news but she probably has tons of important info and photos on there.

TELL HER NOT TO REFORMAT YET!! just because it won't boot does not mean she can't get her photos and documents off.

rafe
10-11-2007, 20:19
TELL HER NOT TO REFORMAT YET!! just because it won't boot does not mean she can't get her photos and documents off.

Quite true. The data should be there even if the OS is trashed.

Sly
10-11-2007, 20:19
Try that and then report back...

I would but I'm 300 miles away now! :(

Appalachian Tater
10-11-2007, 20:21
I doubt that she herself is going to reformat it. On purpose, anyway.

Tin Man
10-11-2007, 20:29
One thing that I don't recall seeing mentioned here, and it may be too late for this case, is that some viruses "hide" in the restore point. When you have a nasty, it is usually a good idea to turn off system restore, which wipes out the restore point file and a copy of the virus, BEFORE running spybot, ad-aware, and any other anti-spyware and anti-virus software. Once the system is clean, don't forget to turn on system restore again, which mainly comes in handy after a software install goes bad.

Actually, I see now that Roland did mention it on page one, but it bears repeating.

napster
10-11-2007, 20:36
Same thing happen one time. The company that the puter was bought from was contacted and they sent em a wipe out disk "free" and afterwards the puter needed a total restore to put back da programs.Hope you did that. It worked fine. . . . .If a (free) program or paid for, CAN idenifly a virus and not do something about it , well then I got me doubts . . . .Win 32 is a bitch and I would like to catch the punk thaT THOUGHT OF IT.MASSAGE THEIR HEAD I WOULD
N....

Monkeyboy
10-11-2007, 22:28
Boot the computer from the original operating system disk (I'm assuming XP).

When it boots, it will ask you if you want to repair or install XP.

Select Repair.

It will give you a DOS command prompt.

Type in :
expand d:\i386\hal.dl_ c:\windows\system32\hal.dll

c:\windows is assuming that the windows directory is named windows.
It may be c:\winnt, so change windows to winnt to read :

expand d:\i386\hal.dl_ c:\winnt\system32\hal.dll

Reboot and it should boot up.

Sounds like the spyware corrupted hal.dll and by removing it made the modified hal.dll not work, so that should work, if it didn't corrupt anything else.

Also, as stated before, make sure you run the utilities in Safe Mode, not regular mode.

If you are still getting the pop ups, run the other utility.

Midway Sam
10-11-2007, 22:34
Boot the computer from the original operating system disk (I'm assuming XP).

When it boots, it will ask you if you want to repair or install XP.

Select Repair.

It will give you a DOS command prompt.

Type in :
expand d:\i386\hal.dl_ c:\windows\system32\hal.dll

c:\windows is assuming that the windows directory is named windows.
It may be c:\winnt, so change windows to winnt to read :

expand d:\i386\hal.dl_ c:\winnt\system32\hal.dll

Reboot and it should boot up.

Sounds like the spyware corrupted hal.dll and by removing it made the modified hal.dll not work, so that should work, if it didn't corrupt anything else.

Also, as stated before, make sure you run the utilities in Safe Mode, not regular mode.

If you are still getting the pop ups, run the other utility.

Monkeyboy,

Please be careful telling people "here do this, it will fix your problem" without truly knowing what the problems is. In this case, the hal.dll can be fine and where it should be but the boot.ini could be corrupt or missing.

It's dangerous to give support advice to someone without laying eyes on the affected system. It is equally dangerous to follow the advice of someone who has not physically laid eyes on your system.

Monkeyboy
10-11-2007, 22:37
Or try this :

Boot the XP cd again and select repair again. When the DOS prompt comes up type :

bootcfg /rebuild

You will see this:
"Total Identified Windows Installs: 1
[1] C:\Windows
Add installation to boot list? (Yes/No/All)"
Type Yes (or all) and press Enter

When asked to " Enter Load Identifier," type Microsoft Windows XP Home Edition or Microsoft Windows XP Professional Edition depending on which edition you have and press Enter

When asked "Enter OS Load options," type /fastdetect and press Enter

When it is done, type exit

It will reboot the system.

That will fix it if it is a boot.ini error.

Monkeyboy
10-11-2007, 22:39
Monkeyboy,

Please be careful telling people "here do this, it will fix your problem" without truly knowing what the problems is. In this case, the hal.dll can be fine and where it should be but the boot.ini could be corrupt or missing.

It's dangerous to give support advice to someone without laying eyes on the affected system. It is equally dangerous to follow the advice of someone who has not physically laid eyes on your system.

Problem is, I do know what the problem is.

The first will replace the corrupted hal.dll and the second will replace the boot.ini.

As far as not seeing the system, when you offer computer tech support over the telephone for the past 15 years, you kinda know what to do.

Not to mention, free tech support is just that....

But thanks for the concern.

longshank
10-11-2007, 22:39
Guys, I'm telling you, none of those programs work on this variation. I tried spybot, AVG, Kaspersky AV, SuperAntiSpyware PE, Antivir, Spyware Detector, McAffe, Norton.....I cleared my restore points, ran sccans in safe mode....nada. The only thing I didn't try was a system restore, because I had recieved advice to clear the restore points and scan in safe mode. Some people have said that Kaspersky would work, but the trojan would not let the program access the system 32 file, so it would not install. Trust me, if any of you get this troj., follow the link I posted.

Midway Sam
10-11-2007, 22:40
Or try this :

Boot the XP cd again and select repair again. When the DOS prompt comes up type :

bootcfg /rebuild

You will see this:
"Total Identified Windows Installs: 1
[1] C:\Windows
Add installation to boot list? (Yes/No/All)"
Type Yes (or all) and press Enter

When asked to " Enter Load Identifier," type Microsoft Windows XP Home Edition or Microsoft Windows XP Professional Edition depending on which edition you have and press Enter

When asked "Enter OS Load options," type /fastdetect and press Enter

When it is done, type exit

It will reboot the system.

That will fix it if it is a boot.ini error.

Miss Janet,

Please do not do anything Monkey Boy says until you have made an attempt to recover your personal data (pictures, documents, etc.) It may not be too late to get your stuff back but it might be too late after taking Monkeyboy's advice.

Monkeyboy
10-11-2007, 22:42
http://siri.geekstogo.com/SmitfraudFix.exe

And the second utility suggested does take care of Looksky, if that is what you have.....

Either way, it's definately the SmitFraud/Zlob virus, and this will take it out, if the other didn't.

Monkeyboy
10-11-2007, 22:42
Miss Janet,

Please do not do anything Monkey Boy says until you have made an attempt to recover your personal data (pictures, documents, etc.) It may not be too late to get your stuff back but it might be too late after taking Monkeyboy's advice.


Whatever dude.....

Sly
10-11-2007, 22:42
If I stuck around I would have tried it but I'm 300 miles away now. I don't think Miss Janet is up to the task. I thought I was but should have known better with the warning on the SmithRem page. I hope Fat Chappy is when he shows up on Sunday (atleast he told MJ he'd be there before today's problem), or that he has a laptop or something to view this thread.

longshank
10-11-2007, 22:43
Sounds like Monkey is giving sound advice. I would listen to him, then follow my link...Monkey, if you have the inclination, check my link and tell them what you think. The trojan that Janet is having trouble with is "trojan.w32.looksky"....I'm sure of it.

longshank
10-11-2007, 22:45
http://siri.geekstogo.com/SmitfraudFix.exe

And the second utility suggested does take care of Looksky, if that is what you have.....

Either way, it's definately the SmitFraud/Zlob virus, and this will take it out, if the other didn't.

I've been trying to tell them...

Sly
10-11-2007, 22:45
Miss Janet,

Please do not do anything Monkey Boy says until you have made an attempt to recover your personal data (pictures, documents, etc.) It may not be too late to get your stuff back but it might be too late after taking Monkeyboy's advice.

I don't think it's likely Miss Janet will be viewing this thread unless she goes to the library or something. Maybe if I take a valium I'll feel better... :(

Midway Sam
10-11-2007, 22:46
Problem is, I do know what the problem is.

The first will replace the corrupted hal.dll and the second will replace the boot.ini.

As far as not seeing the system, when you offer computer tech support over the telephone for the past 15 years, you kinda know what to do.

Not to mention, free tech support is just that....

But thanks for the concern.

Yeah, and having a doctor amputate your sore foot will aleviate the pain from the ingrown toenail.

As far as tech support, after you have offered tech support via telephone, e-mail, and in person for the past 15 years, your learn to take into consideration the technical skill level of the person you are guiding and know when to have them stop pressing button. This is in no way a criticism of Miss Janet or Sly, it's just the facts. Sly himself will no doubt admit he wishes he could take back the keystrokes he made based on previous advice in this thread.

As far as the quality of free tech support... I suppose we just have different opinions. I give the same quality of advice regardless of whether or not the person receiving the advice is paying me.

Monkeyboy
10-11-2007, 22:48
Smitfraud is known to corrupt the hal.dll.

Expanding the original from the CD should restore it.

Monkeyboy
10-11-2007, 22:51
Yeah, and having a doctor amputate your sore foot will aleviate the pain from the ingrown toenail.

As far as tech support, after you have offered tech support via telephone, e-mail, and in person for the past 15 years, your learn to take into consideration the technical skill level of the person you are guiding and know when to have them stop pressing button. This is in no way a criticism of Miss Janet or Sly, it's just the facts. Sly himself will no doubt admit he wishes he could take back the keystrokes he made based on previous advice in this thread.

As far as the quality of free tech support... I suppose we just have different opinions. I give the same quality of advice regardless of whether or not the person receiving the advice is paying me.


Well, at least you know what you are worth.....

Sly
10-11-2007, 22:53
Smitfraud is known to corrupt the hal.dll.

Expanding the original from the CD should restore it.

Which CD and how? She had a burnt Win 98 and a XP Pro Upgrade CD. I tried to boot with both but always got return to the same error page.

Monkeyboy
10-11-2007, 22:53
....not to mention, if the hal.dll is corrupted, how is replacing it with the original hal.dll going to make it any worse, if you are so smart?

Either expanding the .dll or reconfiguring the boot.ini, both of which I suggested, WILL correct the problem.

Monkeyboy
10-11-2007, 22:54
Which CD and how? She had a burnt Win 98 and a XP Pro Upgrade CD. I tried to boot with both but always got return to the same error page.

Boot the XP disk, if she is running XP on the system, which from what you've said, she is.

Frolicking Dinosaurs
10-11-2007, 22:57
Miss Janet, I have no suggestion for your dilemma, but do hope your problems is fixed soon.

Monkeyboy
10-11-2007, 22:57
Do you have the guy's email address? If so, PM it to me....I will type the instructions down and send them to him to print out.

I will also give you my personal cell number, if necessary, just in case of emergency when he is at the machine.

Sly
10-11-2007, 23:00
Boot the XP disk, if she is running XP on the system, which from what you've said, she is.

Yeah, it's an Win XP Pro upgrade CD. Although I've only used a restore disk a couple times years ago with Win ME, it always booted when inserted in the CD player. It didn't do it with her computer. After pressing any key it would return to the error message after several splash screens. The CD never spun.

Midway Sam
10-11-2007, 23:01
....not to mention, if the hal.dll is corrupted, how is replacing it with the original hal.dll going to make it any worse, if you are so smart?

Either expanding the .dll or reconfiguring the boot.ini, both of which I suggested, WILL correct the problem.

Tech support 101: Before doing anything, backup important data.

That is all I am trying to get across here. I never said your advice wouldn't work, I was just saying not to follow it until the important data is backed up. Perhaps my comments about giving advice was "dangerous" was too harsh, but I've witnessed WAY too many people lose irreplaceable data needlessly.

Bottom line, PLEASE backup the important data before proceeding with anymore "fixes".

Monkeyboy
10-11-2007, 23:08
Replacing the hal.dll and boot.ini are harmless and do not effect any data, which she is not able to back up unless she has another machine in which to remove the hard drive and place into another machine as a slave.

I think I'd go for the thirty second fix, myself....

...and BTW, I only suggest things that I would do myself in said situation.

Midway Sam
10-11-2007, 23:10
Replacing the hal.dll and boot.ini are harmless and do not effect any data, which she is not able to back up unless she has another machine in which to remove the hard drive and place into another machine as a slave.

I think I'd go for the thirty second fix, myself....

...and BTW, I only suggest things that I would do myself in said situation.

Fine, you win. I suck and have no idea what I'm talking about. If I ever meet you in person I will bow to your technical greatness.

Monkeyboy
10-11-2007, 23:12
Yeah, it's an Win XP Pro upgrade CD. Although I've only used a restore disk a couple times years ago with Win ME, it always booted when inserted in the CD player. It didn't do it with her computer. After pressing any key it would return to the error message after several splash screens. The CD never spun.


Would it ask you to boot from CD and to press any key?

If so, the upgrade disk isn't bootable.

If not, the BIOS may be set to boot from the hard drive before booting from CD.

You can acheive the same thing by copying the hal.dll from another machine to a floppy and moving it to overwrite the corrupted one. The file is only about 100Kb in size.

But Windows 98 will not recognize the hard drive if it is formatted NTFS. It will if she left it formatted FAT32, but not NTFS.

Monkeyboy
10-11-2007, 23:13
Fine, you win. I suck and have no idea what I'm talking about. If I ever meet you in person I will bow to your technical greatness.


Well, at least we have that out of the way...

Monkeyboy
10-11-2007, 23:17
XP upgrade disks should be bootable, however....

Check to make sure the BIOS is set to boot from CD before the hard drive.

Monkeyboy
10-11-2007, 23:19
Here's a link to a downloadable program to create XP boot floppies for CD-ROMS that don't boot the CD....

http://www.microsoft.com/downloads/details.aspx?FamilyID=55820edb-5039-4955-bcb7-4fed408ea73f&displaylang=en

Frosty
10-12-2007, 13:42
Replacing the hal.dll and boot.ini are harmless and do not effect any data, which she is not able to back up unless she has another machine in which to remove the hard drive and place into another machine as a slave.

I think I'd go for the thirty second fix, myself....

...and BTW, I only suggest things that I would do myself in said situation.I am curious as to why you are so opposed to backing up data before making a repair.

That is the standard advice I've ALWAYS received.

Tin Man
10-12-2007, 15:21
I am curious as to why you are so opposed to backing up data before making a repair.

That is the standard advice I've ALWAYS received.

Always backing up data is good advice. Playing a shoot from the hip cowboy is asking for trouble.

Appalachian Tater
10-12-2007, 20:23
The reason you hear that you should back up data is because it is so easy and inexpensive to do compared to the pain and/or expense of losing all of your data. Drives fail, get overwritten, data gets corrupted all the time. If you have ever lost a hard drive, you know what a pain in the boohonkus it is, even if you DO have it backed up. The reason you hear to back it up before making a repair is that the fact that you are having to make a repair means something is already wrong (i.e., you should have already backed it up) and you're getting a second chance, and because things do go wrong when making repairs that cause data loss.

Every single hard drive in the world will eventually fail. Period. Yes, even yours. So back up your data unless you don't care about losing it.

Monkeyboy
10-12-2007, 22:12
I'm not against backing it up....but as stated earlier, if she can't boot, she can't backup, unless she has either :

1. Another computer to remove her drive and put it in as a slave unit.
2. A program such as ghost to burn an image to CD or DVD.

But, the hal.dll being corrupted is not that big of a deal. And restoring the hal.dll will do absolutely nothing to the data on the drive, so even if she restores the hal.dll and it still doesn't boot, no harm done to data.

Sly
10-12-2007, 22:22
Hey, while we on the topic of back-up. I have a WD Passport external hard drive that will apparently "sync" my entire laptop with the files and programs I choose. I can also drag and drop between HD's, but from what I read, it's not really a back-up or the sync program a back-up utilitiy such as Norton Ghost. What's the difference?

PS I also heard the Acronis (http://www.acronis.com/) program is better than Ghost

PSS I left a message with MJ that if Fat Chappy has any problem getting her machine going to access this thread again.

Appalachian Tater
10-12-2007, 22:37
Dragging and dropping backs up what you drag & drop. Norton Ghost, Carbon Copy Cloner, and similar programs can create an exact, bootable replica of your hard drive, including your operating system, hidden files, etc. I use an external drive as my boot drive and my laptop drive as a backup because it's faster. I partitioned the external drive and use one partition as the boot drive, replicate it on the internal drive, and use the other partition on the external drive for stuff that I don't care about losing.

Monkeyboy
10-12-2007, 22:39
The backup programs that come with said hard drives backup the computer while the computer is running. It becomes difficult to get a true copy of the drive when it is working.

Ghost boots up off of a CD, so the hard drive is not active at the time, and copies the drive by sectors, not by files, so it is quicker and more accurate, because it is a static image.

Never had any problems with Ghost, so I don't know about Acronis....but I will tell you that Ghost is amazingly quick when run off of the CD. Copies a drive in no time.

Monkeyboy
10-12-2007, 22:40
But again, you won't be able to use an external drive to back it up if it doesn't boot unless you boot Ghost from CD and copy it that way.

Sly
10-12-2007, 22:51
Thanks, got it.

gaga
10-13-2007, 08:30
free AD-spy cookies cleaner i use it for the last 3 years : http://www.lavasoftusa.com/products/ad_aware_free.php you my need a registry cleaner -- registry mechanic for 30 $ - set up your pop up blocker and the firewall from control panel-security , i have stop sign from E acceleration life time full version whit many extras for 99$ free upgrades for life

Summit
10-13-2007, 08:47
Man, you guys should avoid planning a group hike, but IF you do, avoid the subject of computers! :D :p

gaga
10-13-2007, 09:08
Man, you guys should avoid planning a group hike, but IF you do, avoid the subject of computers! :D :p
If hiking in group : --me no speak good english-- ;):D

Summit
10-13-2007, 09:24
If hiking in group : --me no speak good english-- ;):DLOL, reminds me of the new Bud Lite commercial . . . hilarious! :D

Midway Sam
10-15-2007, 00:22
I'm sittin' here at Miss Janet's with Phatt Chap and we're givin' it all we got. This one has been a bear but I think we're on the downhill side now. Thanks to everyone for their help.

Sly
10-15-2007, 00:43
I'm sittin' here at Miss Janet's with Phatt Chap and we're givin' it all we got. This one has been a bear but I think we're on the downhill side now. Thanks to everyone for their help.

Thanks! Good luck and please tell MJ I'm sorry. :o

Monkeyboy
10-15-2007, 08:50
So what's the verdict?

Miss Janet
10-15-2007, 20:43
Verdict? Well, there is good news... Phat Chap and Midway Sam worked for hours and I have a clean well functioning puter... Unfortunately the emphasis is on CLEAN. There is NOTHING on my hard drive. Thousands of photos... hours of irreplaceable video of hikers and family and special events... ALL of my documents are gone. All of my new business plans, spreadsheets, tax documents and business records... are just not there.

I am not mad at anyone besides myself. I have a stack of shiny new blank dvds and a nice new dvd burner. I was going to back everything up when I got around to it... But I wanted to clean up a lot of my photo files... throw away a lot of bad photos... then I was going to make a back up master of everything. I waited too long. I have lost it all. Midway Sam and Phat Chap couldn't find ANYTHING. BUT no one knows when or during what process to stop my pop up problem that they disappeared. Sly, don't take any more valium... This is not anyones fault but my own. I am just so depressed...

So, the moral of this story is get the disks out and make copies of the things that matter to you NOW!!!!!! Always being too busy to do these little tasks will break your heart without any notice!

But the real question is this. Is there any chance that a computer service might be able to recover some of the files? I know I will be looking at hundreds of $$ to try but is it worth the effort? I have heard that the files are still there just not readily accessible.

Appalachian Tater
10-15-2007, 20:51
Verdict? Well, there is good news... Phat Chap and Midway Sam worked for hours and I have a clean well functioning puter... Unfortunately the emphasis is on CLEAN. There is NOTHING on my hard drive. Thousands of photos... hours of irreplaceable video of hikers and family and special events... ALL of my documents are gone. All of my new business plans, spreadsheets, tax documents and business records... are just not there.

I am not mad at anyone besides myself. I have a stack of shiny new blank dvds and a nice new dvd burner. I was going to back everything up when I got around to it... But I wanted to clean up a lot of my photo files... throw away a lot of bad photos... then I was going to make a back up master of everything. I waited too long. I have lost it all. Midway Sam and Phat Chap couldn't find ANYTHING. BUT no one knows when or during what process to stop my pop up problem that they disappeared. Sly, don't take any more valium... This is not anyones fault but my own. I am just so depressed...

So, the moral of this story is get the disks out and make copies of the things that matter to you NOW!!!!!! Always being too busy to do these little tasks will break your heart without any notice!

But the real question is this. Is there any chance that a computer service might be able to recover some of the files? I know I will be looking at hundreds of $$ to try but is it worth the effort? I have heard that the files are still there just not readily accessible.

Ouch. It may be more expensive than a couple of hundred but I don't think they charge you if there's nothing recoverable I would probably take the advice of Midway Sam and Phat Chap on this.

SGT Rock
10-15-2007, 20:52
For the basics of this: you are right, it is still there, PROBABLY...

It will likely cost you hundreds, if not thousands unless you know a guy that can do it for you. Also, the more you do with your computer now, the more of that data is getting written over by new things you do.

Tin Man
10-15-2007, 21:03
Pricing for a clean room service typically starts around $1,000+. You are the only one who can say if your data is worth that kind of money. I hear that www.datarecoverygroup.com (http://www.datarecoverygroup.com) is very good. Give them a call and see what they say. If you agree to send your disk to them, they can give you an evaluation and cost to recover. Recovery takes about a week and they can return your data on CD's or DVD's or even another hard drive if you have that much data. Good luck.

Sly
10-15-2007, 21:07
Ouch...

I Google "data recovery software"and got quite a few hits. I have no idea on how well the work. Perhaps someone else can chime in. here's one of them

http://www.nucleusdatarecovery.org/hard-drive-recovery.html

Tin Man
10-15-2007, 21:18
It is usually not a good idea to experiment with disk drive recovery on your own without a net, meaning unless you know how to image the drive first and then try to recover data from the image, it is not a good idea to try this and try that if you really want to see your data again.

Monkeyboy
10-15-2007, 21:29
Couldn't just restore the .dll file?

Hard to recover data from a reformat....

Tin Man
10-15-2007, 21:57
Perhaps I got lost in the sequence of what was done when. Without being there to see for myself, I will not second guess anyone. My recent suggestions are only regarding approaches to data recovery. If that is still an option, a local professional service, or a remote "clean room" are the best ways to avoid further damage to any recoverable files.

I am sure we cannot recover the files through debates on this forum. ;)

namehere
10-15-2007, 22:25
has the drive on the computer been reformatted? if so, then it will be costly to recover data. if the old drive is still functioning (meaning it can still read), it is possible to recover for a reasonable fee.

Appalachian Tater
10-15-2007, 22:40
There are programs like File Scavenger that could do the same thing the "experts" would do for less than $100. But like SGT Rock said, once data has been overwritten, it's history.

Frosty
10-15-2007, 22:44
I am sure we cannot recover the files through debates on this forum. ;)Doesn't mean we can't try :D

namehere
10-15-2007, 22:57
There are programs like File Scavenger that could do the same thing the "experts" would do for less than $100. But like SGT Rock said, once data has been overwritten, it's history.

not all 'experts' do it this way. some employ clean rooms and do have low-level readers that will attempt to pull data from even formatted and otherwise trashed drives. information IS still there even when a format is done, just harder to get to. that is why the DOD and NSA have minimum standards for what is considered a wiped drive ( 3-7 wipe passes).

this probably won't help ms. janet, but for those of you out there who do have sensitive information that you don't want to fall into the wrong hands, please find out how to wipe up after yourselves the correct way. :)

Appalachian Tater
10-15-2007, 23:34
Probably Miss Janet doesn't want to spend that kind of money.

Sly
10-16-2007, 00:42
I asked on a techie board here's another data recovery software program...

http://www.recovermyfiles.com/

Here's his answer...

If you reformatted and the data was on the same partition, you are most likely screwed as the re installation would have written over the data.

If you really want to try though, download RecoverMyFiles. Without a license it will at least scan the drive and tell you what it could recover, but you have to buy the license to actually recover what it says it can. That being said, that utility has NEVER failed me.

But please, do keep that computer usage to a minimum until you try to recover. Do not defrag, install new stuff, etc...keep the HDD usage to a minimum because every write to that partition lessens your chances of getting the data back.

Heater
10-16-2007, 01:08
Would it ask you to boot from CD and to press any key?


Where's the "Any Key." :D

I think the mistake some have made in the past in not turning System Restore OFF at the beginning of the process at not turning it back on again until after the virus has been eradicated.

Heater
10-16-2007, 01:15
Couldn't just restore the .dll file?

Hard to recover data from a reformat....

<SIGH> :rolleyes:

Midway Sam
10-17-2007, 18:17
I just got off the trail. In a nutshell..

The drive was never formatted. We replaced the HAL.DLL and then it reported the NTOSKRNL.DLL was corrupt or missing. I hooked the HD up to an IDE to USB convertor, hooked it to my laptop, and the WINDOWS directory was empty. In addition, there were several directories named something like ERADICATED that were all empty. I was able to retrieve the contents of her DESKTOP folder and her MY DOCUMENTS folder but apparently they were not complete. The My Documents folder had several of the odd named directories in it.

My guess is that the virus was destructive and took her data with it when it went. Once we retrieved everything we could, Phatt Chap installed Windows XP without reformatting.

Sorry I couldn't do more Miss Janet!

Miss Janet
10-18-2007, 14:24
I hope you had a good hike with your son Sam. Sorry, I didn't get up to tell you good bye.
I was upset about losing so much from my computer but certainly not mad at anyone for trying to help. I really appreciate you and Phat Chap and Sly taking the time to help but it is really my own fault for not backing stuff up on a regular basis.
I have been able to find everything older than from 2006. I am looking at a download that Sly suggested to SEE if there are recoverable files still on the drive. Keep your fingers crossed!!

Midway Sam
10-18-2007, 14:27
I hope you had a good hike with your son Sam. Sorry, I didn't get up to tell you good bye.
I was upset about losing so much from my computer but certainly not mad at anyone for trying to help. I really appreciate you and Phat Chap and Sly taking the time to help but it is really my own fault for not backing stuff up on a regular basis.
I have been able to find everything older than from 2006. I am looking at a download that Sly suggested to SEE if there are recoverable files still on the drive. Keep your fingers crossed!!

I'm sorry too. Thanks for your hospitality while we were there. David and I had a great hike, but things wen't downhill from there. Long story short, the engine in my van blew just north of Knoxville on our way home. Oh well, that van had a good life and served me well for 194,000 miles.

Sly
10-18-2007, 14:30
I have been able to find everything older than from 2006.

Well, that's good. I feel a bit better now. :o


I am looking at a download that Sly suggested to SEE if there are recoverable files still on the drive. Keep your fingers crossed!!

Hopefully, it will work. Try not to mess up! ;)

Sly
10-18-2007, 14:36
Long story short, the engine in my van blew just north of Knoxville on our way home. Oh well, that van had a good life and served me well for 194,000 miles.

I hate when that happens! My car has 100,000 miles and I'm looking to get a complete tune-up, valve cover gasket, serpentine belt and a timing belt replaced. I can only imagine what all that's going to cost. Less than a rebuilt engine I imagine, but not much less.

Sam, thanks for the help with MJ's computer.