Hello PFF'ers,

Some details. I have Windows XP Pro (I think) with AVAST antivirus software. I have very little computer/operating system/booting/ etc knowledge so please brace yourself for some questions that may seem idiotic.

Would appreciate some advice with the following problem:

The other day AVAST (I think) flashed up some message (way too quick to be able to read) and then 30seconds or so later the PC died and rebooted. This seemed suspicious so I ran a virus scan (quick scan) on both of my hard drives and it said it found a virus. I had imagined that it ran these scans by itself automatically but maybe I was wrong.

It highlighted a file that I think had a ".sys" file extension. Thought that was odd and considered writing down the name of the file......but instead followed the AVAST advice to "move and rename" the file. I think it gives the moved file a ".vir" extension. The PC ran fine for the rest of the evening. The next morning however I was unable to boot in either "normal", "safe" or any other mode!

I have tried to boot from a Windows XP CD but I get an error (think I have traced this to a "slipstreaming" error....something to do with SP2") so I can probably get that fixed.

Would appreciate any advice on how/if I can get back into Windows. Please and Thank You.

Cheers
PK

if you have access to a 2nd computer:
remove the hard drive from the infected computer
attach the infected hard drive to the 2nd computer, either using a USB adapter - or directly installing as a slave or secondary drive
use the 2nd computer to fully scan the drive

this makes sure the drive is clean

now, find your win XP cd, and re-install the hard drive back in, and try to boot. probably wont - but worth a try
boot from Win XP CD
go thru th install steps, and along the way, near the part where you select which drive to install on, you will get a "Repair" option, which will copy back all of the Win XP system files.
that option should get you back up

Thanks Pyrthian,

As an update, I tried booting off the CD and running the "repair" option but it did not like my admin password (I didnt even set one!).

In the list of different boots modes I finally noticed below them was an option "use previously known working version" ...or something to that effect. This got me back on to windows....woohoo.

I was then able to check the AVAST virus log and it found:

js dfka and win32:alureon-FZ which sound particularly terrible as it scans and collects data! Gulp.

AVAST is unable to remove the problem and having looked up solutions on the interweb they make little to no sense to me.

Could anyone give me SIMPLE step by step destructions on how to remove this virus please?

I dont have the step-by-step for that particular problem--but IMHO get rid of Avast and switch to M-S security essentials.

I used to run avast and had no end to minor annoyances with it, but once I switched I havent had a single problem with the m-s software, and it is good enough it will even catch and clean hidden add-ons such as crapware toolbars ect on the fly and clean them as a program is installing.

http://www.microsoft.com/security_essentials/

Odds are pretty good that it will clean the infection you currently have.

well, both problems can be solved with a 2nd computer:
1st: the admin password - google "ophcrack" - download the ISO file (a image for burning a CD), and burn it to a disc using software that can burn "ISO's" - if you need one, download "StarBurn" by Rocket Software, then boot from that disk - it will "crack" all user passwords on the XP computer. this is my handiest tool for working on other peoples XP computers for that very reason - they dont know the admin password

2nd: the virus - as mentioned in the above post - remove the hard drive, install it as a secondary drive on another computer, and then scan the drive on that computer. it will work so much better, because the infected drive has no files loaded, or swap files, or running the operating system. a universal USB adapter for hard drives are pretty inexpensive these days, and found at any decent computer store, and endlessly handy.

The password thing is sorted. I knew there was no password but for some reason that wasn't an acceptable answer to the question! I left it blank (as there was no password) and pressed enter. That problem is no longer a problem as I gained access to windows using the method I mentioned.

I don't have a second PC and really don't like the idea of sticking my infected HD in another PC.