No screen after "Disk Antivirus Professional" virus

Discussion in 'Windows XP Help and Support' started by drgerry, Mar 1, 2013.

  1. drgerry

    drgerry

    Joined:
    Mar 1, 2013
    Messages:
    5
    Likes Received:
    0
    I'm not sure where to post this, it applies to many forums:

    Windows XP/SP3 (fully updated)

    was working on windows phone problem
    got the "Disk Antivirus Professional" virus
    I immediately disconnected my ethernet cable
    and went to TASK MANAGER and started deleting all suspicious services
    I errantly deleted a svhost file and it went into shutdown mode
    upon reboot I got a black screen with only the mouse cursor, which moves fine.
    I tried to reinstall windows XP from OEM disk, went through entire procedure
    Still boots to black screen w/cursor
    tried safe mode = black screen w/ cursos & safe mode in corners
    finally got to safe mode with command prompt (but still no screen)
    From cmd; regedit - I cannot find any of the files that are associated with "Disk Antivirus Professional" - ie "random.exe", etc.

    I've searched all I can about this and cannot find a fix.
    Someone please point me in the right direction.

    I still have cmd up on the computer, I'm afraid to close it again.

    HELP?!
     
    drgerry, Mar 1, 2013
    #1
    1. Advertisements

  2. drgerry

    Elizabeth23

    Joined:
    Dec 10, 2012
    Messages:
    5,105
    Likes Received:
    419
    Location:
    Florida
    How exactly did you reinstall?

    what steps and what is the make, model and model number of pc?

    If you have no screen, how are you able to see command prompt?

    http://pcsupport.about.com/od/fixtheproblem/ss/rconsole.htm

    use above to boot into recovery console, for fixmbr and fix boot.

    How can you be fully updated to sp3 if the reinstall did not work?

    unless your oem disk is at sp3 you should burn a copy of Hiren's boot disk to run the recovery console.

    Courtesy of Jose Ibarra:
    Anywho, to make a Hiren's boot CD, do this:

    I am going to recommend you use Hiren's boot CD (it will also go on a USB drive).

    This is good for you because it has many more tools on it that on the XP Recovery Console CD, does not care about your Administrator passwords and you will not have to futz around in your BIOS if any afflicted system has SATA drives - Hiren's can deal with that.

    You will have a whole bunch of cool tools that you don't have in the XP Recovery Console... a registry editor, password resetter, and a desktop that looks like Windows XP so you will feel comfortable maneuvering.

    You can also easily copy your personal data (documents, images, music.) to an external drive.

    From a working system, first download Hiren's Boot CD from here (it is a substantial download but worth it):

    http://www.hirensbootcd.org/download/ (look near the bottom of the page, do not click on any ads).
    http://www.hirensbootcd.org/burning/
    Instructions

    Unzip the Hiren's to some folder where you can find it. There is a Hiren's.BootCD..iso in there that you are going to need next.

    Hiren's has instructions to make a bootable USB that you can use, but it requires you to first burn the .iso to a CD and some other steps, so I suggest another way...

    Download RUFUS 1.20 from here (read some stuff on the page so you can know more about it):

    http://rufus.akeo.ie/

    I will caution you to be careful that you don't accidentally format any of your hard drives - be sure your USB stick is in and know what the drive letter is! This part always makes me a little nervous, so be careful.

    Launch RUFUS and all the defaults should be okay, for the Device, choose your USB drive letter, Quick format, FAT32, label it if you want to and in the Format options box, click the little icon that looks like a CD and a window will open. Navigate that dialogue to point to the folder that contains the Hiren's.BootCD.15.iso that you unzipped earlier and the box should change to say ISO image (RUFUS understands the Hiren's ISO file).

    Double check you have the right Device selected in the top (NOT you HDD) Click Start, acknowledge the warning and let it finish (it will take a little while) as it copies the files. The Hiren's ISO is also good size.

    When RUFUS is done, it will say 'DONE' in the bottom.

    Put the USB stick in the afflicted machine and reset/reboot and press whatever key you need to press to get to a boot menu where you can select the USB as the first boot device (that is F11 for me). If you don't see a boot menu choice, you will have to adjust your BIOS to boot from the USB first instead of the HDD.

    When the Hiren's menu comes up, choose the Mini XP Mode and it will start loading (slowly from a USB drive) and eventually you should see a Windowsy looking desktop. You should recognize that part and feel comfortable, but it is not your desktop - it is the Hiren's desktop!

    Remember: You did not boot on your hard disk - you booted into the Hiren's desktop


    http://www.hiren.info/pages/bootcd-on-usb-disk
    Hiren’s for flash drive
     
    Elizabeth23, Mar 1, 2013
    #2
    1. Advertisements

  3. drgerry

    drgerry

    Joined:
    Mar 1, 2013
    Messages:
    5
    Likes Received:
    0
    Dell Precision M90; Windos XP Pro; all updates were up to date
    MS Security Essentials - up to date (at least I thought)

    When it happened I just stuck in the OEM cd and did the "start from cd" option

    Found how to remove "Disk Antivirus Pro" manualy but I never found any of the files they said to delete.

    Here's where I'm at now:
    -Finally, was able to boot to SAFE MODE W/CMD (still no screen)
    -in CMD typed in a windows command I found on the internet to bring the screen up (sorry, I can't remember what it was)
    -on the "Disk Antivirus Pro" icon, clicked properties and found the target
    -E906\F4AC120EC26DE4C20000F4AB1D67E906.exe
    -deleted that file and associated directory
    -used regedit to find that file and folders and deleted them, too
    -deleted the icon
    -rebooted and screen came up

    NEW ISSUES:
    -Microsoft Security Essentials won't work
    -Can't update it either
    -Can't uninstall it either
    -Can't update Windows either
    -can't access some website
    -My Computer/Services/Extended view is blank (tried the jscript.dll command, but it still is empty: standard view is OK)
    -will not find my WD Passport USB drive (backups on it)

    Apparently, when I reinstalled XP it over writes the Restore folder. I now have NO restore points.

    Looks like all my info is there, but seems to still be something screwed up.

    I use RegClean

    Currenty:
    -disabled MSE and security services
    -tried to boot to SAFE MODE again, but still got the black screen with cursor
    -hard powered off then on back to windows desktop
    -this time I put in the Windows Install disk while in windows, and got an option to do Dynamic Update - which is what it's going through now (and taking a LOOOOONG time)

    I guess I will wait to see what happens next . . . . .
     
    drgerry, Mar 1, 2013
    #3
  4. drgerry

    Elizabeth23

    Joined:
    Dec 10, 2012
    Messages:
    5,105
    Likes Received:
    419
    Location:
    Florida
    If you had used the hiren's you had a chance to get your files, not you may not be able to if any formatting has been accomplished.

    It appears that you are reinstalling windows if it is at the dynamic update.

    but if you are installing on a different partition, other than c, you may end up with parallel installations.

    did you go into bios and change boot sequence to "cd drive" first?

    did a black screen come up with "press any key to start from cd" ?
     
    Elizabeth23, Mar 1, 2013
    #4
  5. drgerry

    Elizabeth23

    Joined:
    Dec 10, 2012
    Messages:
    5,105
    Likes Received:
    419
    Location:
    Florida
    Elizabeth23, Mar 1, 2013
    #5
  6. drgerry

    drgerry

    Joined:
    Mar 1, 2013
    Messages:
    5
    Likes Received:
    0
    Maybe, a lot of the problem was that I installed XP/SP2 when I already had SP3 on the computer. IE8 was for SP3.

    I used Google Chrome to download SP3 and am in the process of installing it.

    Let's see what comes of it . . . .

    Thank you for responding. I thought I was doing good by quickly ending all suspicious tasks when I first saw the virus, but I guess I just screwed things up more.

    Still don't understand why "Disk Antivirus Professional" was showing on my computer, but I couldn't find any of the files that was supposed to delete.

    No where did it mention the E906 file I found
     
    drgerry, Mar 1, 2013
    #6
  7. drgerry

    drgerry

    Joined:
    Mar 1, 2013
    Messages:
    5
    Likes Received:
    0
    Oh, looks like all my files are still there
     
    drgerry, Mar 1, 2013
    #7
  8. drgerry

    Elizabeth23

    Joined:
    Dec 10, 2012
    Messages:
    5,105
    Likes Received:
    419
    Location:
    Florida
    when you think you are infected let your antivirus, malware, and spyware scans detect it for you. That is their job.

    once you have updated to sp3, go to Microsoft updates and do a high priority scan, install all, then do a custom scan and install any rootkits available.

    reboot and do scans mentioned above run until scans are clean.
     
    Elizabeth23, Mar 1, 2013
    #8
  9. drgerry

    drgerry

    Joined:
    Mar 1, 2013
    Messages:
    5
    Likes Received:
    0
    that just it! MS Security Essentials didn't stop it, didn't find it; Malware didn't find it either.

    Used Repair install from OEM XP CD; Got it up at one time, did the SP3 update and it booted up to a blue screen w/cursor, UGGH!

    Up and running now:
    Repair install from OEM XP disk didn't work
    Had to fresh install
     
    drgerry, Mar 3, 2013
    #9
  10. drgerry

    flashh4

    Joined:
    Nov 2, 2012
    Messages:
    6
    Likes Received:
    0
    drgerry, Did you get rid of the Disk Antivirus Professional ?? If not i can help !
     
    flashh4, Mar 3, 2013
    #10
  11. drgerry

    Elizabeth23

    Joined:
    Dec 10, 2012
    Messages:
    5,105
    Likes Received:
    419
    Location:
    Florida
    a repair install is not the way to go, as most pcs are at sp3, a repair install will take you to sp2 and/or sp1 depending on the service pack of your installation cd.

    Point, no antivirus can catch everything 100 percent, somethings do get through.

    however, did you read the instructions for installing MSE before you installed?

    if not installed properly, then it will not work properly, especially on a dell which normally come preloaded with McAfee, or Norton

    here are the installation checklist and mse download, I would run the Norton and Mcafee cleanup tools and then reinstall MSE.
    1. download to desktop MSE
    2. download to desktop the latest definitions
    3. disconnect from internet
    4. run clean up tools that you also downloaded to desktop
    5. install mse and install definitions, then connect back to the internet after running a quick scan.

    http://www.microsoft.com/en-us/download/details.aspx?id=5201
    MSE Download

    http://experts.windows.com/w/experts_wiki/89.aspx
    MSE installation checklist

    http://www.microsoft.com/security/portal/Definitions/ADL.aspx
    The latest MSE definitions
     
    Elizabeth23, Mar 4, 2013
    #11
  12. drgerry

    Elizabeth23

    Joined:
    Dec 10, 2012
    Messages:
    5,105
    Likes Received:
    419
    Location:
    Florida
    Elizabeth23, Feb 17, 2016
    #12
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.