How to Get Rid of Virut without Reformatting

[ad name=”Google Adsense”]

Ms. Ducktoes did it! I beat the dreaded Virut without reformatting. This is how I did it.

  1. The Dr. Web Cureit Live CD I spoke of in the last post didn’t work. At the beginning of the scan, it stopped everytime. So instead:
  2. I created an Ultimate Boot CD for Windows. I downloaded the image from the UBCD website and burned it to cd. There are detailed instructions on the site on how to do this.
  3. I booted off the cd and went on the Internet through the UBCD interface. I downloaded Dr. Web Cureit to the Ram drive.
  4. Then from the “Run” option off the start menu I browsed to the B: Ram drive and opened cureit.exe.
  5. Dr. Web Cureit started. I had to stop the Express scan and run the Custom scan and select the C drive or the C and D drives since I had more than one hard drive. Otherwise Dr. Web Cureit just scanned the CD.
  6. I cured the files instead of deleting them. The Virut virus changes the system files and your computer system needs them.
  7. I scanned a three times this way.
  8. I rebooted but the computer wouldn’t start. So I did a “repair install” with my Windows Xp cd.
  9. After the Repair Install, it booted, but after the logon, the logon kept returning. I couldn’t get past it.
  10. So I booted off the UBCD and replaced the Userinit.exe file in the System32/dllcache folder. I found another copy of it in the 1386 folder and copied and pasted. You can search using the Windows Explorer on the UBCD disk.
  11. Then I ran regedit (still off UBCD) and searched for userinit. I found the registry keys related to userinit. One of them was set for the logon to repeat over and over, so I changed it from “1” to “0”.
  12. Then I rebooted and the computer started and the logon didn’t repeat!!
  13. Immediately I went into Safe Mode and started running virus scans like crazy. I ran Malwarebytes, AVG, SuperAntiSpyware and Dr. Web Cureit again. And found more trojans and viruses.
  14. After all the scans ran clean. I rebooted.
  15. The Virut was removed!!! And I didn’t reformat.

[ad name=”Google Adsense”]

FacebooktwitterredditpinterestlinkedinmailFacebooktwitterredditpinterestlinkedinmailby feather

Welcome to Ducktoes Computer Repair and Services Blog

[ad name=”new”]

Repair your computer with Ducktoes Computer Repair of Calgary

If you have viruses, spyware, or malware or just want to manage and repair your computer better, this is the blog for you. Ducktoes Calgary Computer Repair is in Calgary, Alberta Canada. We also offer other Calgary Computer Services such as web design, seo, and onsite it support for businesses and residences and will occasionally post on those subjects as well.

For a start you might try this post. Or read this tutorial about how to speed up your computer. And don’t forget to say hi or leave a comment.



FacebooktwitterredditpinterestlinkedinmailFacebooktwitterredditpinterestlinkedinmailby feather

Are you feeling like a Zombie? Then remove that Botnet!

[ad name=”new”]

A botnet uses spyware and malware to lure you into being one of its zombie computers. And then uses your computer for spamming, storing credit card numbers and other personal data such as passwords and account numbers, distributing illegal types of porn, and creating a its own captive and huge search and advertising network. If you are part of that type of botnet, you can’t search on Google or Yahoo or other legitimate search site, you are captive to that botnet’s search engine and their dedicated services and ads.

Also as a zombie your computer will be strange and slow. You’ll be forced to use a bogus search engine and ads you don’t want. It will seem as if something has taken over your computer. It has. A botnet!

Here’s a free tool RuBotted from Trend Micro that will remove your computer from the botnet, and the botnet from your computer.

Ms. Ducktoes used it on a computer that was so slow it took 20 minutes to boot. And found and removed a botnet from Russia caused by Windows XP Antivirus 2008!

So try it out and let me know if you discover a botnet on your computer. Click here to leave a comment. Ms. Ducktoes wants to hear from you.


FacebooktwitterredditpinterestlinkedinmailFacebooktwitterredditpinterestlinkedinmailby feather

When Spyware gets Bad: What to do when you can’t do anything

[ad name=”new”]

Sometimes spyware gets so bad, it’s hard to do anything. You can’t go online and download Malwarebytes or Spybot or any anti-spyware (see this post), because your browser–that is, your Internet Explorer or Firefox–is hijacked and redirected and won’t let you go anywhere of use and certainly won’t let you download anything. So you take the next step, and reboot your computer into Safe Mode with Networking by tapping F8 as the computer restarts. But sometimes even in Safe Mode, the malware keeps you from downloading anti-spyware or, if you manage to download it, running it. So now you face reformatting your hard drive and losing all your data and the programs, at least the programs you’ve lost your disks to, or never had disks for in the first place.

What do you do now? You take the computer to a tech who nine times out of ten will recommend reformatting. Or you find a tech like Ms. Ducktoes who will fight the malware without reformatting. Ask your tech if he or she will do this. Ask if he will use Malwarebytes or SuperAntispyware.

Or…you can do this.
1. Go to the computer store and buy a device that lets your hard drive to another computer by USB. It’s called a USB to IDE/Sata Adapter and costs from $25 to $35 dollars.

This is what you need an IDE to USB converter. There are also ones that work with Sata and laptop drives.

2. Find another Windows computer either your own or a friend’s or relative’s. Download and update Malwarebytes and AVG and SuperAntispyware and Spybot to that second computer. (You have many choices, just make sure you use Malwarebytes and AVG among them.)

3. Turn off the power to badly infected computer and unattach the cables. Open up the case of the and remove the hard drive. Some cases will have large buttons to push–like Dell– others will have screws. Remove the case.

Open the case by unscrewing the screws or pushing a button or lever.

Open the case by unscrewing the screws or pushing a button or lever.

Make sure your computer is turned off and unplugged before you do this.

4. The hard drive will have a wide-band white/gray cable attached to it and a four-prong power cable.

Here is the power cable.  You can see a bit of the ribbon cable in back of it.

5. Remove the cables. (Take a digital photo with your camera or cell phone if you think you may forget how they are attached.

What a ribbon cable looks like

What a ribbon cable looks like

5. You’ll probably have to unscrew the hard drive from the where it is attached to the case.

Use a screwdriver to unscrew hard drive screws.
Use a screwdriver to unscrew hard drive screws.

6. After removed, attach the hard drive to the right (same size) IDE/SATA adapter and plug in the power.

Here the hard drive is attached to the adapter.

Here the hard drive is attached to the adapter.

7. Connect USB cable to the USB port of the second computer.

Plug the USB cable into the USB port of the second computer.

Plug the USB cable into the USB port of the second computer.

The computer should recognize that new hardware has been attached. If you go into My Computer, you’ll see it as a USB mass storage device and listed as a letter such as E, F, G, or H, depending on how many cd/dvd and hard drives are on that computer.

You'll see this in the right-hand corner of your monitor screen.

You’ll see this alert “Found New Hardware” in the right-hand corner of your computer screen.

This window will appear on your desktop.  Choose the "Open folder to view files" option.

This window will appear on your desktop. Choose the “Open folder to view files” option.

Your hard drive is attached!

7. Now run the anti-spyware and anti-virus programs one at a time. If you can, do a custom scan and single out the attached hard drive. Let each anti-spyware run and then remove or quarantine the viruses.

This is the AVG interface.  It allows you to pick the hard drive you want to scan.  Here E and F are selected.

This is the AVG interface. It allows you to pick the hard drive you want to scan. Here E and F are selected.

8. If you have enough skill, go into the desktop of that drive (the one that is connected by USB) and copy and paste the Malwarebytes installer to the desktop of your user. Find the All Users desktop folder and drag the MBAM installer icon into the window.

Drag Mbam icon into the "All Users" desktop.

Drag Mbam icon into the “All Users” desktop folder.

Then you can run it later when you reattach the hard drive in its own computer.

9. Unattach the hard drive from the USB and put it back into its own case. Reattach the cables all the way so they fit snuggly. Start up the computer. You should now be able to go into Safe Mode with Networking and download the anti-spyware and run it. You still will have a lot of spyware to contend with but now you have more of an edge. If you put the Malwarebytes icon (Mbam) on the desktop you can click on it and run it. Make sure that you update it.

Good luck and let Ms. Ducktoes know how it goes. Please feel free to comment and make suggestions.

See this post for more detailed information on how to download and run the anti-spyware.

[ad name=”new”]

FacebooktwitterredditpinterestlinkedinmailFacebooktwitterredditpinterestlinkedinmailby feather

Free Anti-Spyware Programs and Tools

[ad name=”new”]

People often think that if they have an antivirus software such as Norton they are safe against malware. This is a dangerous misconception that creates a lot of work (and $!!!) for techies like Ms. Ducktoes.

Most anti-virus programs fight only viruses and provide very poor protection for the increasingly dangerous and sophisticated malware and spyware on the web.

It never hurts to have more than one antispyware. Thousands of malware and spyware are developed for the first time or re-versioned everyday (to elude detection) and no one antispyware can catch it all.

If you want real time, effective protection that just runs automatically on your computer without effort or knowledge on your part, then buy Spyware Doctor. Otherwise you need to run many antispyware and learn how to use them.

Below are the best ones for you to try:

  • MalwarebytesAntiMalware – Malwarebytes removes most malware quite effectively. Many techs now use it as their first defence against difficult spyware.

My son at university called and asked how he could remove some bad malware that his antivirus and anti-spyware couldn’t catch or remove. His computer was so bad he was thinking of reformating his drive. I told him to try Malwarebytes, and it fixed the problem.

I’ve used it against a bad case of Windows XP AntiVirus 2008. I had to use it in combination with other anti-spyware applications, but it did most of the work.

This is a feisty little program that got rid of some potent meanies on clients’ machines. I encountered it in my search to find effective anti-spyware solutions for some of the BAD malware out there. It seemed quite useful against Windows XP Antivirus 2008/2009. Dr. Web Cureit is created by a Russian company and is endorsed by the Ministry of the Defence of the Russian Federation. Now there’s an endorsement most antispywares can’t claim.

Whoa. This one really caught a lot on the spyware tests I put it through.

Antivirus Tools

AVG 8 Free for Personal Use

[ad name=”new”]

FacebooktwitterredditpinterestlinkedinmailFacebooktwitterredditpinterestlinkedinmailby feather