Sorry your browser is not supported!

As some of you might remember, I had a nasty fight with a virus a few months ago. It was a rootkit, and I thought I'd killed it using a cocktail of Gmer, Super Anti-Spyware, Nod32, Killbox, and a few other apps. There was no sign of it on my computer, and everything seemed to be running normal once again. That is, until now. This is officially the most obnoxious problem I've ever had with a computer... why? I'll get to that shortly. Seriously, this problem comes in three acts, like some tragic nerd play

ACT I
A while back I tried to get online, but it wouldn't let me. I thought it was my ethernet card, but the light was on and everything seemed fine. In device manager however, that was another story... Under Network Adapters, my Intel PRO/100 network connection was flagged yellow, saying my drivers were bad, as were my WAN Miniport (IP), (IPX), and (PPTP), and there were two of each. I removed and re-installed the Pro/100, but the WAN stuff all told me it couldn't be removed because it was allegedly vital to my computer. Not taking no for an answer, I went into my registry (backing it up of course) and removed every local machine item that had a driverdesc related to a WAN miniport that was flagged. Presto, I uninstalled them, then re-installed them, end of problem. I got back on the internet fine, and foolishly chalked it up as a driver problem. I installed the newest drivers for my ethernet card and mobo, and everything was going great for a few days... and then all heck broke loose.

ACT II
Out of nowhere, I lost my internet connection again (all of the WAN miniports went yellow this time), but that was the LEAST of my problems... Tea Timer and Nod32 went absolutely ballistic, with about a dozen or so virus detections and registry change attempts per second for about five minutes... yes, I mean that literally. My task manager filled up with something called "cmd.exe," over and over again, and if I didn't have Tea Timer running I'd probably have maxed out my page flip. Nod32, which I'm officially crowning as THE BEST AV program in the world (part of my Presidential perks baby), neutralized the problem without even knowing what it was. thanks to Spybot Tea Timer and Nod32, I kept my computer semi-stable, though I still didn't have internet access. Enough was enough... I needed to restore. I backed everything up onto DVD-R and CD-R, cleaned out my hard drive entirely, and went into my Sony recovery utility. and this brings down the curtain on act II.

ACT III
Before I begin, let me say this. I've been an avid fan of Sony products since the early 1990s. TV's, cameras, home theater equipment, personal media devices before the iPod, cell phones, gaming consoles, land line phones... and my Sony Vaio desktop PC has been my pride and joy since getting it in 2004, and even today with a P4 3.0 GHz processer and 2 gigs of RAM, she keeps up with some modern computers, and flat out burns most lower-grade PC's. If I had a PCI-E port, I'd keep this computer for another 2-3 years easy. Well friends, my unwavering allegiance to Sony is about to change. Maybe not removed entirely, but change, definitely.

So my PCV-RS620G Vaio Desktop (and I assume the laptops as well) have this utility called the "Vaio Recovery Wizard." Instead of giving you proper OEM Recovery disks, they have a pre-installed tool that lets you burn your own OEM disks, eating up one DVD-R and one CD-R. I fired up the app and ran it, and I created the two discs for recovery, then I started the restore process. But on system startup, the program halts in the middle of running, saying it can't format my drive because the partition is too small. And for a full day I wasn't able to exit out of the recovery wizard tool and access my desktop again, until I worked out that I had to reset my BIOS. Using my girlfriend's computer (where I am now), I Googled this mess and found out that you're supposed to make these recovery discs the SECOND you get your computer out of the box, BEFORE you update your OS or any of the Vaio software. Of course, they don't tell you this, because they want you to pay them $20 down the road to buy recovery discs from them .

And so now I'm sitting here unsure of what to do. Can I format my C Drive the old fashioned way, like you could on Win98? I've never formatted an XP machine before... what do I need to know, and what do I need to do? Is it as simple as right-clicking my C drive and hitting "Format?" How do I change the size of my partition (and I'm assuming there's a hidden Sony partition as well)? Are my recovery discs useless, or can I get away with restoring my PC without paying Sony one red cent for discs they should have given me in the first place? Or should I buy a new copy of XP and do it that way? I'm absolutely lost here... any advice would be tremendously appreciated guys!

My wife has a Sony Vaio laptop, so I share your pain re: OS CDs. What I would recommend is install XP from scratch (boot from BIOS to the setup on the CD, don't install it from within your already compromised Windows installation).

When you install you're given the option to delete all partitions (and thus all data on the drive) and rebuild them how you want. At this point you'll get a clean fresh copy of XP, with no lingering virus. If you don't delete and rebuild the drive then XP will just install a second copy of itself and try to migrate your files from the old version, putting you firmly back to square one.

If you don't have the OS install discs of course then you're a bit stuffed, so either get them from Sony or buy a copy of XP, whichever is cheapest.

Legally Sony has to give you either recovery discs or a recovery partition on your hard drive, which basically has a fresh copy of XP (plus junk apps that you should promptly remove as soon as you're done recovering). I wouldn't recommend purchasing a new copy of XP unless you absolutely have to.

I gave the custom restore option a try, but now I'm getting "error 4," a problem with the partition. I'm thinking the recovery discs I made might be faulty. I'm going to burn up another DVD and CD and try to make new copies, though at this point I'm starting to think that making these discs post-virus might be making it impossible. I don't want to pay Sony $17.95 for discs they should have given me in the first place... ugh . But I'll try to make a new restore disc set just in case and try again.

I want to try making my partitions larger by a few megs each. On drive C I have one partition that's 6.04 GB in size. I'm thinking I should bump that up to 10 GB, but I don't know how to do that. And if Sony has a hidden partition, I'm not sure how I'd find it. Is there some killer freeware partitioning tool out there that someone knows about?

Sorry to double post, but I'm still working on this problem and thought I'd keep this post updated for those people using "the google" to find a solution to this problem. Here's what has happened recently:

I downloaded a program called "Cute Partition Manager," created a boot CD, and switched my primary drive to my restore partition. This worked for approximately five seconds. It formatted my main partition fine, and it looked like it had all worked smoothly, but the virus bounced back within about ten minutes, and now it's imbedded even worse than it was before. I can't load XP normally, because everything is running rediculously slow, even with my commit charge at 345 and processor usage at 1%. Granted, my commit charge is usually only 239, but that extra bump is from all that useless junk Sony packages on a new PC. At any rate, 345 doesn't constitute a slow PC, not to that degree. I should still be able to throw in a resource hog game like Sims 2 or Battlefield 2 and still play it fine. Could the virus be falsely reporting my system resources? I've never seen anything like it if that's the case.

I went and looked through my registry to see if anything looked suspicious. If someone has five minutes of free time to look at their regedit and tell me if they find any of this stuff, I'd appreciate it. Not that I'm going to delete this stuff yet though, because I don't know if it belongs to Sony or something. All that I've installed on the PC after the faulty restore has been SuperAntiSpyware, Nod32, CCleaner, and Spybot S&D. If you don't know what you're doing in regedit, don't try to help! One wrong keystroke and you can literally destroy XP... so don't go looking around in regedit if you don't know how to do it safely. If I break my machine I won't be losing anything. Anyway, here are the suspicious keys. I put the really suspicious ones in bold, and the other ones are keys where I'm not sure what the purpose is:

HKLM/Software/c07ft5y
HKLM/Software/lameme

HKEY_CLASSES_ROOT/Acroiehelper.acroiehelperobj
HKEY_CLASSES_ROOT/adcctl.adcctl
HKEY_CLASSES_ROOT/atpfringe.omgatpformatchecker
HKEY_CLASSES_ROOT/d2yfile
HKEY_CLASSES_ROOT/eaptlscfg.eaptlscfg
HKEY_CLASSES_ROOT/frank.lcmfrank
HKEY_CLASSES_ROOT/gargledmo.gargdmoprop
HKEY_CLASSES_ROOT/itltlwrdbrk.itltlwordbrk
HKEY_CLASSES_ROOT/niscffwizdll.niscfgwizmgr
HKEY_CLASSES_ROOT/omgpdlockfactory
HKEY_CLASSES_ROOT/sgphal_pv_kikyou.sgphalpreview
HKEY_CLASSES_ROOT/spinmdrwrdbrk.spinmdrwrdbrk

I want to make a HJT log, but I can't do anything on my PC in normal mode, and my CD burner doesn't work in safe mode. Maybe I can temporarily get online in safe networking mode and post a log that way? I'll find out. Again, sorry for the double post... this is the first time I've ever had a virus that's forced me to restore my XP. I wish I could update Nod32 in safe networking mode .

I'd just break down and buy the discs. If you have a sticker on your laptop with your xp license number (or if you can get it from the registry), you could just borrow a friends copy of xp and reinstall that way. During reinstall, you'll have the option to reformat your partitions.

First off, that partition should hold the same image of your computer whether or not you've used it and changed things. The recovery partition, assuming it's D or E and you only installed stuff on C, should never have changed unless said virus got on it.

Cmd.exe? Nimda used to access that, so much so that I made a fake program on my website so anyone with Nimda would launch a program on their own computer instead of mine.

I'd FDisk it out. You've probably lost the partition due to repartitioning already. So basically make the partitions the sizes you want and run the recovery CD. If it works, do this:

start->Run and type msconfig.exe and start it. Go into Startup tab and disable all suspicious programs, find their locations and delete them after rebooting. Also use ctrl alt del to stop them from running before and after doing that, so they can't start themselves up again. Also Go to the services tab, hide all microsoft services, and uncheck weird names. Hit stop otherwise. When you reboot, it'll say "You are in selective startup mode..." and just hit the checkbox and then OK.

This stops them from running, then you can delete them and all suspicious programs yourself.

Open IE and under tools-> Internet Options click on the programs tab and then the Manage Add-ons button. Stop all services with strange names and other malware, then search and delete them manually too.

Run a virus scan (I use FreeAVG which now has anti rootkit as well) and ad-aware along with spybot SnD.

This is admittedly what you should have done first, probably in safe mode to prevent the virus from restarting itself. But now, if you can get the screen back, go into windows and do the above.

This works no matter what problem I have, and is much easier than those 20-page descriptions on how to solve the thing with annoyances.org's "techs" that tell people to jump through hoops to make a sandwich. If everything fails, hook up your hard drive to your sister's computer as the slave, and use her computer to to a full virus/rootkit scan on it. (Drive T? G? C? lol). After scanning it, it should be relatively clean.

The registy is not the "meat" of the computer btw. It is the pointer. It points to what should be and how it should be. So if a registry key indicates spyware, you'll be safe so long as you deleted the spyware. Got it? Don't worry about what the registry says, but you can stop things from appearing in your startup folder by deleting it, but it will not fix the problem. You have to delete the program itself, as described earlier.

If your recovery disks are infected, use them and then immediately use safe mode (with networking) and take the steps above. FreeAVG, Adaware, Yahoo antispy, and S&D have always helped me, and I do the rest if anything comes up. Tea Timer isn't used 'cause the things are always in the Manage Add-Ons section.

Hope you have enough knowledge to fix the problem now. If not, that's everything I got... Good luck!

And yes, I did see your other post telling me to look hehe

Matt, I feel sorry for you, I had a bad one too a couple years ago, and if it helps (which it might not...) I couldn't find any of those things in my registry. I hope you get it sorted out. HKEY_CLASSES_ROOT/sgphal_pv_kikyou.sgphalpreview kinda sounds suspicious... just my opinion though...

@ Jerico: Yeah... sadly, I'm forced to do that. Cute Partition Manager isn't even seeing the other partition now, so I'm thinking the restore nuked it. It's either buy the discs or a new copy of XP, which would just be silly for a computer I most likely won't keep beyond the two year mark now.

@ Feiting Shadow: I appreciate the help, but those are all things I tried already. AVG Free wasn't able to find the virus, nor was Avast or Avira Antivir. Nod32 was the only AV program that recognized the virus (and thanks to Jeku for showing me Nod32 a few months ago!). Sadly, it only acknowledges that the virus is there, but it's unable to identify it, and thus it can't kill it.

SuperAntiSpyware, Spybot, and Adaware are all finding a number of trojans on my computer, but none of them are able to neutralize them. There's a trojan, a rootkit.dropper, and an unknown trojan, and after running any of these programs I'm asked to restart... but then it loads back up again once I do. And if I restart in safe mode, these programs can't do whatever it is they need to do upon the restart. Ack.

Once again, I find myself wishing I could meet the creators of these viruses face to face. Seriously. Who do they think they're impressing by making this stuff? Here's a message to the virus-creating nerd whose googlebating the internet in an effort to find people whose lives they've disrupted. Sorry for posting this here folks, but I wanted to let the virus-creator know precisely what I think of them :

Great, you've made a virus... other nerds equal to your caliber of loserdome will applaud you. You lack any degree of creativity, class, or dignity, and so you make viruses to lash out against a system that wouldn't embrace you. Sadly, you fail to recognize that the system doesn't embrace you because you have nothing whatsoever to contribute. No one likes spending time around you because your character is flawed in such a way that we all find you repulsive. Is this the world's fault? Or is it your own fault? You're too weak physically to do me any degree of actual physical harm, and you're not intelligent enough to cause me any sort of mental anguish. You know this, and so you resort to putting a virus on my computer... the electrical equivalent of letting the air out of my car's tires. Way to stick it to the man.

Congratulations. You made a virus that allowed you to disturb the lives of innocent people. Outstanding. Do you know the truly tragic part in all this? If you'd focused the energy it took to make this virus on making yourself a better person, you'd quickly learn that you don't need to make viruses to be cool. Actually, you'd learn that making viruses has the exact opposite effect. If you walk up to a girl and tell her about your nerd exploits, do you know what she'd do? Laugh in your face. The exact same thing girls did to you BEFORE you went and made a virus.

And so the choice is yours, friend. You can make viruses, and appeal to other chubby nerds like yourself, people with the social accumen of a soda can (but less adept at interaction), or you can focus your energy toward making yourself a better person, one who aspires for truly great things. A person who turns their understanding of computer science into a truly applaudable talent (mind you, this forum is for game development, and is filled with people far more talented than you). But hey, who am I, right? Just some guy with a hot girlfriend and loads of "real life friends." Sure, I have internet friends too, who doesn't in the modern age, but if I lost my internet connection, I wouldn't be completely cut off from social interaction. How would you do in that situation? Answer that before you go back to working on your lame little viruses.

Just think, if the people who spent all this time writing malware spent time instead writing positive software or improving the software of others, how much better open source software would be.

Amen to that!