I spent 2 days in the battle with viruses trying to fix the PC of my client. He said that he visited porno sites and since then every time Windows boots up to the point before the Windows logo it stops responding by displaying a black screen with the white arrow on it. Sure I could just reinstall the Windows but I decided to challenge zillions of viruses, Trojans and worms that are populated this machine through damaged Norton Antivirus and Windows Firewall that was turned off.
Fortunately I was able to access Safe Mode and clean up the system of some viruses and malware using AVG, Adaware, etc….
To my surprise any anti-malware software for some reason couldn’t get updated while it clearly showed that the connection to the internet is present. That was the real problem as I couldn’t browse the net and make necessary updates. So I used out-dated software to temporary clean up the system. I then succeeded loging into Windows but randomly, sometimes it continued to get stuck with the white arrow on the black screen.
I disconnected all programs and non-Microsoft services through MSCONFIG and did clean boot-up to no avail - the 3 main problems didn’t want to get resolved:
1. The system (Windows Home Edition) would hang randomly before the Windows logo screen appears
2. I could ping websites to their domain addresses and IP addresses but couldn’t browse the Internet
3. Couldn’t start Automatic Update Service to update Windows XP
To resolve the first problem I did CHKDSK and SFC /SCANNOW and scanned once more with AVG, Spybot, Adaware, A-squared, etc to no avail. To my surprise I only resolved it by doing Defragmentation of the “C” partition. So the one problem seemed to be solved, it would no longer get stock while booting up. I never thought that defragmentation could resolve this type of a problem. The funny thing is when I pressed “Analyze” in defragmentation section it told me that I don’t need to defragment this volume.
Some antivirus software I couldn’t run as it first required update and it was the second problem that needed to be resolved.
When I first logged into the Windows I found out that the Firewall was turned off and the PC had zillions of malicious programs. In the cleanup process some malware couldn’t be deleted completely as it would recreate themselves immediately after deleting them. I tried to scan the pc with many differant outdated software (absence of the Internet) to remove any possible Trojans, worms, viruses, etc…
At last I felt that the pc is pretty clean of malware but still there is no ability to do updates or browse the Internet!? The PC is connected to the Internet through the broadband modem. When I connect another PC to this modem the conection is fine, that means this is not an ISP’s problem but the PC’s.
I typed “ping www.google.com” in the cmd prompt and it returned positive results with no lost packets?! I tried to ping the IP address and it was positive as well. It was very strange that I could ping domain names and their IP addresses but couldn’t browse the net or get any updates, that means it wasn’t the browser’s problem. I went on to the CMD prompt again and typed “netstat -an” and it reterned just “listening” state of a few ip addresses, no connection were established. I typed “telnet www.google.com 80″ and it wrote “Could not open connection to the host, on port 80: connection failed”. So there was something blocking ports that I wasn’t aware of. I googled it for half a day with no resolution till I ran out of my fr***n wits.
Note that I tried to turn off firewall and any antivirus and antispyware software to no avail. In the MSCONFIG there were no services running except Microsoft services and no start up programs were checked. In the “services” configuration I disabled all security and antivirus services to no avail. I used “Hijack This” and deleted anything that could look a little suspicious with no results. I reinstalled Winsock (Windows Sockets API) by using Winsockxpfix software with no results whatsoever.
I had one last thing in my mind to do before reinstalling the Windows is to try to completely remove Norton Security and Norton Antivirus. At the beginning I couldn’t uninstall it with the error saying that there is some missing file. I tried to reinstall it(in order to uninstall it then) but couldn’t as it said Norton already installed, so I went to Services and Autorun sections and disabled it. But all this time I had a little attention on that incomplete cycle of uninstalling Norton, I thought maybe Norton is blocking somehow my ports that I am not aware of and I WAS RIGHT!!!
I downloaded Norton Removal Tool and after completely uninstalling Norton software all ports were unblocked and the Internet connections began to work perfectly.
On the last problem I spent much time as well. The Windows update service just wouldn’t start even manually, it would give this error “Error 1058: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it”. I did following things to fix it to no avail but you could find it helpful in your case:
If no success you have some kind of Malware, that what was in my case. After starting AVG antivirus (already updated) it right away recognized some malware (I don’t remember what it was exactly), it warned me that removing it can cause the system to be unstable, I took the chance and removed it. After restarting the pc it was all well and shiny and all worked very well!
Note, I used Kaspersky Antivirus, Spybot, A-Squared Anti-Malware, Adaware, Hijack This, Life One care online scanner and cleaner, registry cleaners and none of them could delete this malware except the AVG! some of them found it but couldn’t delete it or after deleting it this malware appeared again. All these anti-malware software definitely greatly helped in some ways but the AVG software gave final eradicating knock-out!
No comments yet.