G
GoldHawk
I don’t know if this is strictly a hardware problem, but if I am in the wrong
newsgroup, perhaps someone will re-direct me.
I am running a desktop machine with Win XP Pro SP3. I have dual, but
separate and fitted hard drives, C:\ which contains the OP, and D:\ for “My
Documentsâ€. I also have an external hard drive partitioned into 3, E:\, F:\ &
G:\. Removable storage includes an MMC Card (I:\) in a card reader, and
memory stick (J:\).
Recently when clicking on any of these drives (except C:\) from My Computer,
produced the message “resycled/boot.com is not a valid Win 32 applicationâ€.
None of the affected drives was accessible except through Explorer.
I discovered this was a virus – boot.com. I have run (updated) AVG
Anti-Virus, Malwarebytes, Ad-Aware, Spybot Search & Destroy &
SuperAntiSpyware. All failed to detect the virus, let alone eliminate it.
I therefore resorted to a manual removal, following the instructions below:
"Here’s the REAL way to clean this off your system. You should do these
steps after a fresh reboot or in safe mode.
1) Navigate to the problem drive(s) via the Explore option.
2) Click on TOOLS -> FOLDER OPTIONS
3) Click the button which says ‘Show hidden files and folders.
4) UNCHECK the following boxes:
Hide extensions for known file types
Hide protected operating system files
5) Find and delete the autorun.ini file and the resycled folder on the root
directory of all affected drives.
6) Check “c:\windows\system32\dllcache†for boot.com file and delete it if
present.
7) Check “c:\windows\prefetch†for boot.com file and delete if present.
8) Delete all files from c:\windows\temp
(Some files may not delete, that’s ok, they’re in use by the system and not
virus files.)
9) Delete all files from c:\Documents and Settings\[USER PROFILE]\Local
Settings\Temp
(Again, a couple files may not delete, don’t worry.)
10) Run Regedit
11) Make sure you are at the very first entry of the registry hive. (y
Computer should be highlighted) then click EDIT -> FIND
12) Search for “boot.comâ€. If it finds an entry, delete it. Keep hitting F3
until you’ve deleted all instances of boot.com in the entire registry.
13) Scroll the left column back up to the top and highlight the My Computer
again at the top of the registry hive.
14) Click Edit -> Find again and search for ‘resycled’ and repeat as in step
13, deleting the entries as it finds them. (I found 2 of each)
15) Close registry editor and try opening the infected drives. They should
work now.
Worked for me at least. I ran NAV2008 2 times on it and it was able to find
the files but unable to remove them for some reason. Doing this, seems to
have completely resolved the issue for me."
I found a number of infections on the various drives (including C:\) and in
the registry, which I deleted (not the registry – just the virus files !).
Following this, I re-formatted C:\ drive and reinstalled the OP, which I was
planning to do in any event. I also re-formatted D:\ drive, again which I was
planning anyway.
I had assumed that the problem virus had been successfully removed - which
it probably has - after making a further check for the offending files.
However, I now find on trying again to open the partitioned external HHDs,
E:\, F:\ & G:\, I get the message “Windows cannot find ‘resycled\boot.com’.
Make sure you have typed the name correctly and then try again. To search for
the file click the start button and then click searchâ€. I still can’t access
these drives except through Explorer.
Strangely, I am able to access the re-formatted D:\ drive and the removable
storage, the MMC card and flash drive.
Is the only way to resolve this, to move all data from the affected drives
and then delete, re-partition and reformat ?
Any assistance would be much appreciated.
Mike
newsgroup, perhaps someone will re-direct me.
I am running a desktop machine with Win XP Pro SP3. I have dual, but
separate and fitted hard drives, C:\ which contains the OP, and D:\ for “My
Documentsâ€. I also have an external hard drive partitioned into 3, E:\, F:\ &
G:\. Removable storage includes an MMC Card (I:\) in a card reader, and
memory stick (J:\).
Recently when clicking on any of these drives (except C:\) from My Computer,
produced the message “resycled/boot.com is not a valid Win 32 applicationâ€.
None of the affected drives was accessible except through Explorer.
I discovered this was a virus – boot.com. I have run (updated) AVG
Anti-Virus, Malwarebytes, Ad-Aware, Spybot Search & Destroy &
SuperAntiSpyware. All failed to detect the virus, let alone eliminate it.
I therefore resorted to a manual removal, following the instructions below:
"Here’s the REAL way to clean this off your system. You should do these
steps after a fresh reboot or in safe mode.
1) Navigate to the problem drive(s) via the Explore option.
2) Click on TOOLS -> FOLDER OPTIONS
3) Click the button which says ‘Show hidden files and folders.
4) UNCHECK the following boxes:
Hide extensions for known file types
Hide protected operating system files
5) Find and delete the autorun.ini file and the resycled folder on the root
directory of all affected drives.
6) Check “c:\windows\system32\dllcache†for boot.com file and delete it if
present.
7) Check “c:\windows\prefetch†for boot.com file and delete if present.
8) Delete all files from c:\windows\temp
(Some files may not delete, that’s ok, they’re in use by the system and not
virus files.)
9) Delete all files from c:\Documents and Settings\[USER PROFILE]\Local
Settings\Temp
(Again, a couple files may not delete, don’t worry.)
10) Run Regedit
11) Make sure you are at the very first entry of the registry hive. (y
Computer should be highlighted) then click EDIT -> FIND
12) Search for “boot.comâ€. If it finds an entry, delete it. Keep hitting F3
until you’ve deleted all instances of boot.com in the entire registry.
13) Scroll the left column back up to the top and highlight the My Computer
again at the top of the registry hive.
14) Click Edit -> Find again and search for ‘resycled’ and repeat as in step
13, deleting the entries as it finds them. (I found 2 of each)
15) Close registry editor and try opening the infected drives. They should
work now.
Worked for me at least. I ran NAV2008 2 times on it and it was able to find
the files but unable to remove them for some reason. Doing this, seems to
have completely resolved the issue for me."
I found a number of infections on the various drives (including C:\) and in
the registry, which I deleted (not the registry – just the virus files !).
Following this, I re-formatted C:\ drive and reinstalled the OP, which I was
planning to do in any event. I also re-formatted D:\ drive, again which I was
planning anyway.
I had assumed that the problem virus had been successfully removed - which
it probably has - after making a further check for the offending files.
However, I now find on trying again to open the partitioned external HHDs,
E:\, F:\ & G:\, I get the message “Windows cannot find ‘resycled\boot.com’.
Make sure you have typed the name correctly and then try again. To search for
the file click the start button and then click searchâ€. I still can’t access
these drives except through Explorer.
Strangely, I am able to access the re-formatted D:\ drive and the removable
storage, the MMC card and flash drive.
Is the only way to resolve this, to move all data from the affected drives
and then delete, re-partition and reformat ?
Any assistance would be much appreciated.
Mike