Hello,

I am trying to fix my friends eMachine laptop. Initially, I found that
the CPU was running at 100% in normal mode. I cannot start any
programs, or even open a windows explorer window. I couldn't get it to
boot into safe mode (would hang when trying to load atisgkaf.sys).
When I editted msconfig, and select "Safeboot" under the Boot.ini tab I
was able to get safe mode to boot. Other threads I have read suggest
loading safe with enable VGA, although I don't know if that would make
any difference.

In anycase, once I was finally able to boot safe mode, I ran multiple
anti-spyware programs and removed 1000+ traces, but have not been able
to install an anti-virus program as of yet. The CPU usage is no longer
at 100% constantly, but I still cannot start or install any programs
under a normal windows start up.

Next, I plan on uninstalling the video driver and in safe mode, and
then reinstalling later. Failing that, what should be my next step to
getting programs to start in normal mode? Any imput would be great.
Thanks,

KAnsonLane

kanson@gmail.com wrote:

> Next, I plan on uninstalling the video driver and in safe mode, and
> then reinstalling later. Failing that, what should be my next step to
> getting programs to start in normal mode? Any imput would be great.
> Thanks,
>
> KAnsonLane
>

Make sure you turn off
f System Restore and then do another scan.
--
Best Wishes from Martin

So many questions, so few answers.

PGP Key ID, 0x581E4CE1

Martin <martin.s@dsl.pipexdotcom> wrote:

>
>Make sure you turn off
>f System Restore and then do another scan.

No. Nay. Never.

Never repeat never disable System Restore on an infected system until
*after* the system has been cleaned up and is functioning normally.
Then and only then you should clean out the System Restore by either
disabling it, rebooting, and then immediately enabling it, or by using
Disk Cleanup's advanced option to remove all but the most recent
restore point.

An infested but working system is vastly preferable to one that is
unusable because of a botched virus/spyware cleanup.

Even if there are nasties included in the System Restore folder these
items are totally encapsulated and cannot repeat cannot repeat cannot
possibly spread from there unless the user choses to do a System
Restore.

Ron Martell Duncan B.C. Canada
--
Microsoft MVP
On-Line Help Computer Service
http://onlinehelp.bc.ca

In memory of a dear friend Alex Nichol MVP
http://aumha.org/alex.htm

kanson@gmail.com wrote:

>Hello,
>
>I am trying to fix my friends eMachine laptop. Initially, I found that
>the CPU was running at 100% in normal mode. I cannot start any
>programs, or even open a windows explorer window. I couldn't get it to
>boot into safe mode (would hang when trying to load atisgkaf.sys).
>When I editted msconfig, and select "Safeboot" under the Boot.ini tab I
>was able to get safe mode to boot. Other threads I have read suggest
>loading safe with enable VGA, although I don't know if that would make
>any difference.
>
>In anycase, once I was finally able to boot safe mode, I ran multiple
>anti-spyware programs and removed 1000+ traces, but have not been able
>to install an anti-virus program as of yet. The CPU usage is no longer
>at 100% constantly, but I still cannot start or install any programs
>under a normal windows start up.
>
>Next, I plan on uninstalling the video driver and in safe mode, and
>then reinstalling later. Failing that, what should be my next step to
>getting programs to start in normal mode? Any imput would be great.
>Thanks,
>
>KAnsonLane

When the computer is running open Task Manager (ctrl+alt+delete) and
go to the Processes tab. Click twice on the CPU column header to sort
the data into descending order based on CPU usage. That should show
you the name(s) of the items that are using the most CPU time which
could be a good clue as to the underlying cause of the problem.

If you can boot into Safe Mode with Networking support then go online
to http://housecall.trendmicro.com and run their free online scanner
to double check the system.

Also you did not mention which specific antispyware products you used.
If you haven't already done so try the free Beta of Microsoft's
antispyware from http://download.microsoft.com

Another option would be to use HiJackThis and post the log file from
it to one of the specialized HiJackThis forums. See MVP Jim
Eshelman's web page at http://www.aumha.org/a/parasite.htm and click
on the HiJackThis link in the left side column.

Good luck

Ron Martell Duncan B.C. Canada
--
Microsoft MVP
On-Line Help Computer Service
http://onlinehelp.bc.ca

In memory of a dear friend Alex Nichol MVP
http://aumha.org/alex.htm

OK.. So I was able to run Norton 2005 in a safeboot, it clear 5 virus,
but told me that the computer is still infected. I am still unable to
launch control panel, programs, windows explorer (etc) in Normal Boot.

I am now able to boot into safe mode with networking, and I can start
programs there, but I can't seem to get much farther than that. Any
other suggestions?

Leythos wrote:
> If you've run NAV in safe mode and it didn't fully fix your problem, and
> you've deleted files and still have problems, assuming that you've
> already run the spyware removal tools, and you are still having
> problems, it's time to wipe/reinstall from scratch.
>
> While you could do a repair/reinstall, you may not actually clear the
> system of the infection, and while it may boot fine after the
> repair/reinstall, it's likely that you're going to reinfect yourself
> again.
>
> Before others say that it's not necessary to wipe a system to clean
> viruses, consider that you are trusting an application to tell you that
> your system is clean, many times you're trusting a free application, and
> if you had to bet your life on it being clean that you wouldn't.
>
> If NAV 2005 in safe mode didn't clean it, it's time to wipe it.

That's what I figured. Thanks for the help.