Cleaned up +++ virus/malware, now services won't start

[candyman200]

Windows XP Home. This PC was jammed full of viruses - pop-up and IE windows running crazy. I ran SpyBot there were +700 detected. I also ran SuperAntiSpyware and came up with at least 40 more hits. After I cleaned up everything the PC starts OK but at more than half the services set to Automatic are not starting. When I try to manually start them I get either Error 1068 or Error 1053. Most of the common services (Computer Browser, DHCP Client, DNS Client, etc).

Some other noticed problems (might tie back to services) are no Network Places, Thumbdrive will not map, McAfee (Comcast) starts on bootup but shuts off quickly.

I'm able to run HiJackThis but without my thumbdrive I can't cut/paste to a txt file.

Any ideas would be helpful. Thanks


*** Fix what's broken, whether it's a machine or a process. People don't need to be burdened by problems that could be corrected.

 

[Lemon13]

do a data backup and then a fresh install

 

[Lemon13]

or a sfc /scannow (replaces damaged systemfiles with working ones from the cd)

 

[G0AOZ]

Or run an XP repair using the CD.

ROGER - G0AOZ.

 

[BadBigBen]

I ran SpyBot there were +700 detected. I also ran SuperAntiSpyware and came up with at least 40 more hits.

with that many, I tend towards Lemon13's suggestion about a clean install... also just running those two AntiMalwares does not guarantee that it is totally clean...



Ben

"If it works don't fix it! If it doesn't use a sledgehammer..."

How to ask a question, when posting them to a professional forum.

 

[linney]

Did you try your scans from Safe Mode, or even pre boot if your virus scanner allows it? See if you can check the thumb drive for infections too.

At the very least save your valuable data while you can as the format option is a real possibility.

Was there one particular nasty infection or was the 700+ made up of varied and assorted malware?

 

[candyman200]

I started with running sfc. It just finished running - took a long time but there was nothing that came up after it finished so it looked like it completed. I rebooted and still the same thing. The following AUTOMATIC services are not starting (error 1053 or 1068):
Computer Browser
Crypographic Services
DCOM Server Proceess Launcher
DHCP Client
Distributed Lnk Tracking Client
DNS Client
Error Reporting Service
Help and Support
HID Input Support
IPSEC Services
LVCOMSer
LVSrvLauncher
McAfee Network Agent
Messanger
Print Spooler
Protected Storage
RPC
Secondary Logon
Secuirty Accounts Manager
Security Center
Server
Shell Hardware Detection
System Event Notification
System Restore Services
Task Scheduler
TCP/IP Net BIOS Helper
Themes
WebClient
Windows Audio
Windows Firewall/Internet Connection Sharing
Windows Image Acquisition
Windows Management Instrumentation
Windows Time
Wireless Zero Configuration
Workstation

In all only 13 Automatic Services have been started.

This is my bro-in-law's PC, XP Home SP2, only 256M RAM, Dell Dimension 8200.

This issue first came up after clean a variety of nasties and I couldn't get Windows Updater to run. Now, without the services running I can't get to the internet.

Most of the time I would do a clean install and be done with it, just hoping to get the services running again to see what's left and to use the network to xfer music & pix.

I don't have his XP Home CDs (working to get them), all I've got is my XP Pro CD. Is there anything I can run from it to get the DLLs to load up and services to start?

Thanks for all the suggestions ...

*** Fix what's broken, whether it's a machine or a process. People don't need to be burdened by problems that could be corrected.

 

[candyman200]

UPDATE:
I found another posting - something similar
Problems with RPC services not starting

http://www.hardwareanalysis.com/content/topic/22343/

ran the following commands:
expand svchost.ex_ svchost.exe
copy svchost.exe %systemroot%\system32 /y
net start rpcss
svchost -k rcpss

After running above I opened services.msc and the Expanded service were running and RPC was OK.

I rebooted and it looks like everything is/should be working. I'm running a full system scan with McAffee (Comcast free) and see what it comes up with.

More to follow.

*** Fix what's broken, whether it's a machine or a process. People don't need to be burdened by problems that could be corrected.

 

[candyman200]

The results from McAfee were promising - cleared off a few issues it identified. I've also cleaned up a few threats found with HiJackThis and the PC has been running for +4 hours without a popup. I've been able to run MS Update and get the OS up-to-speed (still not sure about SP3). I'm running TrendMicro House Calls and see what it shows. I'm feeling good about this now. If I can get the RAM up'd to 1Gb it should run much better.

If anyone has any additional suggestions on cleanup, please post it.

Thanks for all the help.

*** Fix what's broken, whether it's a machine or a process. People don't need to be burdened by problems that could be corrected.

 

[linney]

It sounds like that you are over the worst of it now, I just want to thank you for the feedback you have provided.

One bit of advice which might be relevant is that it is a lot harder to end up with a machine full of malware if you surf the Internet as a Limited User, and not as an Administrator. That way anything you snare might not have permissions to access vital system files.