View Full Version : virus problem

11-10-2009, 12:29 AM
My Pc has Windows XP and Office 2003.
Every thing was working fine upto yesterday. Today while I am trying to open my Word and Excel files there is appearing garbage in all files and i cannot see any data. I afraid i have lost everything. There is an icon with the figure of ENVELOPE with the text README under that icon and it is shown on my desktop and when i try to open some window explorer it also appears there. I think it is a virus that has infected my computer. Unfortunately no antivirus was installed in my computer.
So whether i will have to lose all my data? Please help me to sort out this issue.

11-10-2009, 07:46 AM
The first thing to do is install one. Download the trial of NOD32 and run it, it will clean it even in trial mode.

Also download and run both Spybot and Malware Bytes antispyware programs.

Download and run Hijackthis and post the log here for checking.

Once you have done all that then check your documents. It doesn't necessarily mean malware though, you can get that same problem if the documnets have been corrupted - which could also be from things like a faulty hard drive.

But if you have no protection, start with that.

11-10-2009, 12:48 PM
You may want to the do the above in Safe Mode with Networking(Tap F8 when booting)

16-10-2009, 12:06 AM
Thanks for your reply.
I tried to download the antivirus but it is not downloading on computer.
I tried to copy and install AVG antivirus 8.5 from another computer but i could not find the license key for that. I tried to copy the free trial version of AVG virus downloaded on another computer and then tried to install to this computer but it could not download. Most probably due to virus.
I tried to uninstall MsOffice 2003 from this computer but it is not being uninstalled. I tried to copy new MsOffice 2007 on this computer but it is not allowing it to install.
infact i tried to uninstall other softwares like Visual Studio and it is not being uninstalled too.
I have so much fear now that i will lose the entire data and i will have to format and reinstall windows.
Please guide me.

16-10-2009, 05:39 AM
Do you have another computer to use? If so remove the hard rive from the infected computer attach it to the other one and scan it that way for viruses

16-10-2009, 07:46 AM
Can you run HijackThis?

You may want to consider taking this to a real tech.

16-10-2009, 06:22 PM
I think, u have to pull your hard disk from your computer and attach it to another computer then run the anti virus and scan your defected hard disk. this will solve your problem only.

16-10-2009, 06:53 PM
I think, u have to pull your hard disk from your computer and attach it to another computer then run the anti virus and scan your defected hard disk. this will solve your problem only.

Alternatively-the user could plug in an external HD, then boot from a boot CD such as a linux live CD or UBCD4Win then copy the data over.

Speedy Gonzales
16-10-2009, 06:55 PM
You can do that as well James. You can also disable system restore. Boot into safe mode / networking. Then get a virus scanner like Avast / program like trojan remover. Then install both then scan.

16-10-2009, 06:58 PM
I think, u have to pull your hard disk from your computer and attach it to another computer then run the anti virus and scan your defected hard disk. this will solve your problem only.

That's what I said in post 5

16-10-2009, 07:50 PM
Your problems might be from a bad hard disc, but you'd most likely be getting messages to alert you that data is corrupted.

I believe it is FAR MORE LIKELY that you have one of those viruses that encrypts your files, and then essentially holds your data for ransom - demanding money in exchange for the key that will unlock your files.

Problem being - would you trust these bast*rds with a credit card number? Would they really care if your files are dead? They just want your ccard or money.

You need to stop booting up from this drive immediately.

Ideally, get another computer. Make sure the assisting machine is loaded with up to date antivirus, and has the likes of MalwareBytes installed and up to date BEFORE you go any further.

Once you start this process you need to be prepared to continue it without taking that computer online or onto any other network (keep your woes to your own drive!)

I'll assume the infected drive is an IDE drive (has a very wide ribbon cable attached to it). You need to remove this drive from the infected machine.

You must also set this drive to SLAVE (or risk infecting your disinfecting computer). There are 'jumpers' - little plastic connectors at the rear of the drive that connect two pins together. Determine from the label on the top of the drive where the jumper needs to be (one of 4 positions) in order to make the drive a SLAVE. Also take note of the original jumper position, which is most probably MASTER or CS (Cable Select).
Slide the jumper into the new position for SLAVE. Tweezers may help.

In the disinfecting computer (which is fully shut down and turned OFF), remove the IDE ribbon cable from the DVD/CD drive. Connect it to your infected drive. Do the same with the 4-wire power cable attached to the CD/DVD.

Take care that your infeceted drives circuitry is not against any other metal, electrical or magnetic parts. Boot up the disinfecting machine into Windows.
Your infected drive should show up as a drive letter other than C: (probably D: or E: unless the disinfecting drive has numerous partitions)

Run the antivirus and anti malware apps on your disinfecting machine. You can save time by having them check your infected drive only, rather than their own C: drive in addition to your trouble drive..
Don't be tempted to open a single file on your old drive until the anti vir / anti malware have done their job.

Say your prayers.
Once the apps have rendered the drive as clean as they can get them

1) Copy the antivirus programms installers to the infected drive.
2) Copy the malwareBytes installer to the infected drive
3) shut down the disinfecting machine. Remove your troubled drive, and set it back to MASTER. Replace it in your trouble machine, reconnect the cables, and fire it up, but stay offline and off any networks.

Use the pre-existing antivir / antimalware apps (if they still work) to do further checks.
Run the installers for the Antivir / anitmalware that you added from the clean machine, and let them run - and risk an update online (then promptly go offline again)

Let them do their thing, then try opening your files.
You also have a duty to check that the disinfecting machine is still ok. Reconnect it's optical drive, boot it up and scan it with everything you can find (from reputable sources only - beware, coz there's so much crud posing as a solution to your problems, that only adds further to your infections).