I did as you suggested and ran chkdsk /r but from the recovery Console as
supplied on the disk I mentioned in my previous post. (I cannot create a RC
CD just now as you suggested as I do not keep handy any blank CD's as I do
not download/burn music/movies, and all my backup is done to an external
500GB hard drive. This PC is also at my home so I do not have an internet
connection currently). Chkdsk took a while to run and had me worried as I was
watching its overall progress and at one stage it went from 71% complete back
to 50% complete, but it then continued on and finished with statistics being
displayed. I exited RC and rebooted.
I then signed back on and searched for a boot.ini file but it could not find
one on my c:drive. Should there be? Also at no stage have I used msconfig in
my troubleshooting. I also have SuperAntiSpyware loaded and have run that and
quarantined what it found. Additionally I have SpyBot installed and have also
run/deleted what it found. Coming back to MBAM I have run this again and
again but despite trying to delete what it has found, some of them seem to be
persistent and cannot be removed. I can post details of these entries back to
you if you wish.
This PC is still infected because I tried using the inbuilt Help and Support
but it is not loading. I am now at the stage where I think a clean install is
required to rid this PC of these persistent objects/entries, unless there is
anything I have missed or have done incorrectly.
PS I have previously done a re-install of XP Home on my brothers PC so I am
not too worried if I have to do on on this PC, but it would be nice if I
didn't have to!!
Chkdsk does sometimes seem to run backwards - my advice it to be
patient and it is impossible to tell how long it will take, how big is
your drive, how much used, free, what kind of problems, etc. It can
be frustrating but if it is not totally stuck, I would just leave it.
The boot.ini is a hidden system file, so if you are using Explorer
navigate to c:\ and click Tools, Folder Options, View and enable SHow
hidden files... and UNcheck Hie extensions for known file types. You
will see a few more curious things and your c:\boot.ini if you have
one.
You also have to tell Windows Search to look at these hidden system
files or it will not find them. If Search doesn't find it, it doesn't
mean something is broken - maybe it is not set up to search for these
kinds of files.
You do not need a boot.ini file to boot a general purpose XP box - XP
will complain but still boot, so there answer is there should be, but
there doesn't have to be.
Malware will sometimes afflict your system in such a way that it will
not boot, or if you add certain options using msconfig, you will not
boot either. It is still trying to trick you into reinstalling. Of
course you would want to have a good boot.ini file just to not see the
complaint!
It is just a text file and here is an example of a basic one from C:\:
[boot loader]
timeout=5
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP
Professional" /fastdetect /NoExecute=OptIn
When you say Inbuilt Help and Support, do you mean when you click
Start, Help and Support it does not work or gives you an error? What
is the error.
Help and Support is also a popular target for malware, but not too
hard to fix.
The scanning programs MBAM and SAS do a good job, but they can't tell
if something has been turned off or disabled on purpose or by malware,
so instead of just changing the settings that might not make sense to
it, they leave them alone. Depending on the severity of the findings,
sometimes they will at least show the
suspicious item to you and let you decide what to do.
If malware really wanted to be malicious, it would really do some
damage - like delete your My Documents folder or something like that.
Instead, it just tries to annoy you. The only time folks seem to lose
things is when they think there is no other option and then they give
up and choose to reinstall XP - but the malware didn't delete their
stuff....
I would be very interested in seeing your MBAM logs. Sometimes things
are not problems, but noteworthy and MBAM is just calling it to your
attention.
.