Moved provisionally to Malware Discussion > Home User Assistance.
GetSusp is a good tool to try but any discussion on that is in a separate area that you have to join here: https://community.mcafee.com/groups/getsusp30-beta-feedback
Meanwhile there is something you can try in "Safe Mode with Networking" which is reached by tapping F8 repeatedly while booting up and selecting the second item on the ensuing menu.
All of the following can be done in that mode.
Download, install, update (important) and run a full scan using the FREE version of THIS software.
Let it remove anything it finds and reboot if asked to, to remove all traces of what it finds (if anything).
It's hard to say if a 6 year old hard drive is failing. If you know the brand go the manufacturer's website and look to a utility that tests the hard drive. They all have them freely available.
That said, I've had hard drives fail on me after only a few months and others after 5 or more years of heavy use. I've found that paying for a good brand is wise, preferring Western Digital 'Caviar' myself.
The usual signs are slowness, drop-outs etc., and often loud noises.
Thank you Peter - - I have already done those things, also ran GetSusp after running Stinger.
Also ran trial version of Malwarebytes - - it found errors, etc.
Stinger provided the following printed report:
C:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe Found the FakeAleert!fakealert-REP trojan!!!
C:|WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe is infected with the FakeAlert!fakealert-REP virus!!!
C:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe has been deleted.
C:\WINDOWS\system32\sethc.exe found the FakeAlert!fakealert-REP trojan !!!
C:\WINDOWS\system32\sethc.exe is infected with the FakeAlert!fakealert-REP virus !!!
C:\WINDOWS\system32\sethc.exe has been deleted.
Number of infected files: 2
Number of files cleaned: 2
Apparently Stinger found and cleaned the virus from the system.
My question now is, are the Windows files mentioned above deleted and will XP need to be re-installed, or are the files that were deleted just a part of normal activity that occurs when surfing the web?
I also started receiving a "Hard Drive Failure" notification when this virus was detected.
All this may be strictly coincidental - - my only experience with hard drive failure occurred before I
Thanks for you help.
1 of 1 people found this helpful
You shouldn't be running the trial version of Malwarebytes as that version (the paid one) may clash with regular A/V. The FREE version is what I recommended and can be kept for future use, as long as you update it periodically.
sethc is a Windows process - have you downloaded anything to do with high contrast lately? Mind you it could be genuinely an infection and in any case, those files are deleted so no longer should be of concern.
I think you should be OK now.
Thank you Peter - -
Yes I ran the Malwarebytes free software last night and it found somewhere in the neighborhood of 4,500+ errors on the drive.
After you mentioned doing a diagnostics check with the Western Digital Diagnostics software, I rembered that I used it years ago when installing the 160 GB drive.
Following the instructions, it was run in the extended scan mode and finally stopped with a statement that there are too man bad sectors for it to continue.
My main concern is that I want to recover as much data as possible from this old unit and install it on the new 64 bit machine we purchased last week.
I don't want to pull a "bug" across and go through this again.
Back up whatever you can or check with a professional about getting information off a damaged hard drive. It can be rather expensive.
You could simply ask Windows to check the disk for errors. It may take a while but it may be worth the delay.
What operating system/service pack is this?
If XP go to Start/Run and type in cmd.exe
If Vista/Windows 7 go to Start and type cmd in the Search box just above the button
Cmd.exe should appear in a list above. Right-click and select 'Run as Administrator and OK any prompts.
In the Command Prompt type chkdsk C: /r with the spaces and alter C: to whatever disk drive letter it is if different.
Hit the Enter key and OK any prompts.
it may say that it cannot run because the volume is in use, run at next boot Y/N? Enter Y and hit the Enter key.
Reboot and let it run. It will take a long time but may fix the disk errors but I can't obviously guarantee it.
Although the Trojan was caught & deleted, it seems that things were already changed that didn't get backtracked with the deletion, so these annoying "warning type" FAKE popups still continued to appear regarding HDD, & memory.
A RESTORE to a previous date that was "clean" got rid of the black screen & the popups, after that !!
System Restore is always a good choice if there is a restore point available that's guaranteed to be clean. If successful it's a good idea to temporarily disable System Restore to clean the infected restore point(s).
All the best.