Virus help please.

[Jason Danger Keyes]

A few months ago my computer got a virus that infected explorer.exe and system32/wininit.exe

I was finally (finally) able to get it running again, but the files are still infected and my antivirus won't fix them while they're in use.

My question is how to turn them off and still be able to run the antivirus to fix them, and if that's not possible how can I get new, uncorrupted files to replace them?

I'm running Windows Vista 32-bit.

This is my screen:

http://oi54.tinypic.com/hsj51f.jpg


It would really be helping me out because as a recording musician, my recording software and therefore my livelihood are on this computer and I need to get them back.

 

[Knife]

I'm no expert, but from my experience you can get another hard drive - plug it in as master and your current one as slave. Install an operating system on the new disk, then use the antivirus on the old disk.
Or you could install another operating system on the same disk and run the antivirus from there (if your computer works long enough for the installation and won't be corrupted by the virus as well).
You can also shut down explorer from the task manager (not sure if it would work on wininit), just ctrl+alt+del, pick task manager, go to processes tab and use "end process" on explorer.
And then there is the option of copying the stuff you need elsewhere (usb drives, CDs, hard drives...), then formating your drives and reinstalling windows along with all the programs, then copying your stuff back.
In any case I would advise backing up your stuff before doing any serious changes that affect your operating system.

 

[TheAmazingHobo]

Get a live-installation of linux that includes an anti-virus program and copy it on an usb stick (or burn it to a dvd I suppose, if you want to roll old-school).
Go into your bios-config and set it to boot from usb (or dvd-drive).
Next time your pc boots up, it should start the live-installation and leave windows alone.
Backup all the data you really don´t want to lose in any case to an external hard-drive or usb-stick.
Run anti-virus from the live-installation.

Always worked for me and people who managed to nag me enough so I would do it for them.

 

[Jason Danger Keyes]

Snippety snip

All important info is backed up, and I have a second hard drive with Vista 64-bit on it (but my recording software won't run on 64, which is why i need 32 back so badly.)

If I shut off explorer.exe will that not turn off the windows giu? If so, how should I navigate after I've done it?

How would I go about setting up my hard drives as master/slave? Both have operating systems, but they're 64 and 32, so I don't know if that's compatible or not.

Finally, Windows came pre-installed on this drive so I don't have a hard copy to reinstall with. I don't have a lot of spare cash floating around so buying a new copy of windows isn't an option at this point.

I really do appreciate the help, if you could bear with me until i get his sorted out I'll be eternally grateful.

 

[Jason Danger Keyes]

Get a live-installation of linux that includes an anti-virus program and copy it on an usb stick (or burn it to a dvd I suppose, if you want to roll old-school).
Go into your bios-config and set it to boot from usb (or dvd-drive).
Backup all the data you really don´t want to lose in any case to an external hard-drive or usb-stick.
Run anti-virus from the live-installation.

Always worked for me and people who managed to nag me enough so I would do it for them.

I know literally nothing whatsoever about linux, so would this be easier or a preferable method to that which was offered by Knife?

 

[Worgen]

well if you got a manufactured comp then you should be able to call them to get a physical disk of your OS, I would recommend reformatting the crap out of that drive as soon as you have a way of reinstalling the os, unless your proficient enough to install linux/unix (I can never remember which one is free, think its linux) and running an antivirus scan tho that so that it can clean you up while the windows files arnt in use

 

[vacerious]

Have you tried going into safe mode first? If not, reboot your computer and hit the F8 key. You should have the option to boot Windows in Safe Mode, and from there your antivirus might be able to take care of it from there.

 

[Arctarus'sCookie]

Insert brick file to computer and bash until satisfied.

OT: You should look up the virus because others may have made sites dedicated to killing it. Thats how I saved my computer.

 

[TheAmazingHobo]

I know literally nothing whatsoever about linux, so would this be easier or a preferable method to that which was offered by Knife?

It´s actually basically the same method. You somehow get your pc to boot another operating system from the "outside" and use it to fix your installation. The only difference is delivering said operating system via another hard-drive or a usb stick.

Personally, I would prefer using a usb-stick, as it is less of a hassle, but that´s just me.
Any chance of getting a "computer person" you know to do it for you ? If you know what you are doing it´s a matter of minutes, couple of hours at most.

 

[Gxas]

snip

Oh how I wish you were running XP... Combofix makes everything run smoothly again.

Have you tried other antivirus software other than avast? Such as Malwarebytes? If you haven't, I highly recommend you do. Get the installer off another computer, put it on a flash drive, boot in safe mode, install and run. It should find what you need to kill. Provided that it is fully upgraded, of course.

 

[Wes1180]

Make a live usb with linux on and run the anti-virus software [http://lifehacker.com/5504531/the-complete-guide-to-saving-your-windows-system-with-a-thumb-drive] except use this instead of the step to make the live usb. [http://www.ubuntu.com/download/ubuntu/download]

Also housecall has always been usefull for me when I really need a good anti-virus, in case you don't want to use the live usb method [http://housecall.trendmicro.com/uk/]

 

[KeyMaster45]

*snip*

So many complicated solutions for a simple problem.

You're running Avast so that's a good step in the right direction already. What you need to do is schedule a boot scan of your system;(this can be done through the Avast interface) that will let you find and quarantine/repair the infected files before your OS boots up. Before you do that though you'll want to unhook it from the internet as a precaution. Afterwords you'll want to pick up a registry cleaner (I recommend the Eusing Free Registry cleaner) to get rid of any possible lingering registry values that may reinstall the virus post removal.

That should take care of things for you.

 

[Krantos]

If it wasn't a couple months later, I'd say Restore your system.

That's the first thing you should do whenever you get a virus. 90% of the time it will fix any problems you have.

 

[Knife]

All important info is backed up, and I have a second hard drive with Vista 64-bit on it (but my recording software won't run on 64, which is why i need 32 back so badly.)

If I shut off explorer.exe will that not turn off the windows giu? If so, how should I navigate after I've done it?

How would I go about setting up my hard drives as master/slave? Both have operating systems, but they're 64 and 32, so I don't know if that's compatible or not.

Finally, Windows came pre-installed on this drive so I don't have a hard copy to reinstall with. I don't have a lot of spare cash floating around so buying a new copy of windows isn't an option at this point.

I really do appreciate the help, if you could bear with me until i get his sorted out I'll be eternally grateful.

Shuting down explorer will definitely NOT shut down windows and other processes will continue to run properly including the anivirus (whether or not the same can be said for wininit - I don't know). Just open your antivirus software before you shut down explorer. You can always bring explorer back by using File->New Task(Run...) -> typing "explorer" and pressing OK. Same way you can run any other program from task manager.

"Setting" a hard drive as master/slave is done via a hardware connection to the motherboard - the are several wires that connect the hard drives to the motherboard, one should be master and one should be slave (depends on your hardware, there can be 2 masters and 2 slaves or just the 1 master). The hard drive that is connected to the "master" wires is the one from which the operating system is run, if you take the wires connected to your hard drive right now and connect them to a new hard drive, the new hard drive would be master. If you have similar wires (they are also used to connect the motherboard to CD-Roms and whatnots) you can then connect them to the old drive and when the OS loads up from the new drive navigate on the old drive per usual and run antivirus as well.

Since you do not have a windows installation disk, it might prove difficult to get replacements for the corrupted files, antiviruses usually treat such files either by isolation or deletion, and do not "fix" them. You might be able to download them from microsoft, but I'm really not sure about that.

 

[subtlefuge]

For future reference, you should post this in the advice forum, or another site.

As far as I know there aren't any viruses that can survive a recovery from the partition that you hopefully have.

 

[Wintermoot]

system restore it will remove all of the viruses
PS
if that doesn't work re-install the OS.

 

[Jason Danger Keyes]

Just a quick update:

DO NOT force-quit wininit.exe

it will BSOD your ass so hard you'll limp for a week.

I'm going to try the USB boot now.

 

[Knife]

As others have pointed out, system restore might be able to help, just make sure you use a version from before your computer got infected.

Also here's a site you may find useful:
http://www.help2go.com
Saved my but on several occasions.