Comp won't fully boot

[Trotter]

Well, not exactly, but close.

I've got a system I have been helping a guy with. His daughter downloaded something that had a trojan. He deleted the program before he enlisted my help... he deleted, not uninstalled.

Anyway, he uses Panda as his AV. Panda did not catch it until after the fact. I had advised him to download and run Spybot and Ad Aware up front, and to scan at housecall.trendmicro.com. he downloaded Spybot and tried, but said it wouldn't let him fix the problems (I think he didn't know what to click). TrendMicro found the trojan, but wasn't able to delete it then.

I went over there and spent an evening working on it. I got Spybot to work, and it found a few things and killed them. I scanned with TrendMicro and found a few instances of the trojan, and cleaned all but one (the computer hung up during that one). I also scanned with Panda, and it found the trojan, but couldn't do anything with it. When I left, he was running trendMicro's Housecall again. he said it got the trojan.

While doing this, I updated His XP with all of the updates he was missing, including the optional ones. he had automatic updates turned on, so it was mainly .Net stuff. After the updates, the computer didn't want to completely boot...

It would boot to desktop, bring up the icons, and then sit there. I had a pointer, and it moved fine, but if I tried to launch anything it would take forever to come up. I made the mistake of trying to launch Task Manager, and repeated the three-finger salute thinking it didn't take, and spent the next 30 minutes killing all the copies of it as they finally started to open. I used System Restore to go back to before the updates (finally) and it worked fine.

Now, this morning he tells me his computer has died. he said it worked fine for his daughter Wednesday, and for him Wednesday evening. Then yesterday he tried to use it and it was back to never finishing coming up. he hasn't tried to go back into safe mode yet, or to try going back to an earlier time in system restore.

I am at a loss as what the problem is, and am open to suggestions. And, No, formatting it and reinstalling is not an option.

 

[KSoD]

Well first i would say go thru Osiris guide. As it seems there is some residual effects from the Trojan being deleted and not uninstalled.

 

[Trotter]

I'll pull it up later when I get home to look through it.

I get the feeling that something in the updates is not jiving with the rest of the system, but I don't see anything hogging the CPU in Task Manager. Well, I don't remember anything while I was there, but I don't have it with me to check it.

It is also entirely possible his daughter downloaded another bug or dozen... he really doesn't know yet. I am going to give him a short list of stuff to do tonight. The first thing is to boot into safe mode and scan with Panda as I am unsure he could use Housecall in safe made. He could try, though...

 

[superdave1984]

Don't ya hate when stuff like that happens? Try looking in the registry for remnants of the trojan and delete the keys. And disable all the startup items in msconfig. Something has to be running hidden that eats up resources. Either that or the drive is so badly fragmented that it's chasing it's own tail.

 

[Trotter]

I didn't think about it being fragmented. I'll add that to his list.

He has already ran CCleaner's registry cleaner, though. i would have thought that that would have nixed any registry remnants...

 

[EricB]

how come formatting is not an option? that seem to be what you need to do.

you can use a bartpe cd and a usb hdd or another partition to back up his application data files and his documents so you can restore them later

you can also use erd commander to do another system restore

 

[nu2duo]

how come formatting is not an option? that seem to be what you need to do.

you can use a bartpe cd and a usb hdd or another partition to back up his application data files and his documents so you can restore them later

you can also use erd commander to do another system restore

That is what I would have done instead of wasting time. 1. Back up all data. 2. Proceed with formatting.

Just don't understand why people waste precious time figuring trojans on little girls pc. format, install os and call it a day.

 

[KSoD]

Formatting is not a option cause they do not have the install media for some of the stuff they have installed and can not obtain it or just don't know how to do such things. Not everyone who uses a PC is a power user.

Some people would rather spend the time to fix it and say they have accomplished something themsleves that format and take the easy way out.

Sometimes they just cant cause they have no knowledge of such things. They would rather not pay the Geek Squad $500 to try and fix it than just try to remove it with help from a Geek Friend.

 

[Trotter]

Right on the money, Mak. He doesn't have/can't find his installation media, and has a lot of stuff on the drive he doesn't want to lose right now.

Formatting, while a quick and easy solution, is usually not an option for the average user. Most people don't back up their data and files and don't want to lose them.

The irritating aspect of this is that it is mostly likely something simple.

 

[nu2duo]

Right on the money, Mak. He doesn't have/can't find his installation media, and has a lot of stuff on the drive he doesn't want to lose right now.

Formatting, while a quick and easy solution, is usually not an option for the average user. Most people don't back up their data and files and don't want to lose them.

The irritating aspect of this is that it is mostly likely something simple.

True but after spending more evenings trying to solve such a 'simple' problem, formatting will be your next and only solution. I don't believe the issue on that pc is so simple, otherwise you would have fixed it by now.
Just doesn't make sense to spend sooo much time on a pc.
If the user didn't backup, well, it happens. Contact the pc maker and get a recovery disc...or check ebay.
Don't get me wrong, I would do what you do but I just wouldn't spend sooo much time on it.
BTW, you should upgrade their pc to Vista. I hear it is thee OS to have. Especially 'cus of the higher security level.
Anyway, format and call it a day.