Replies

I only install one OS per drive. I do not install 2 OS’s in the same partition on the same drive. as for the $MFT that is a the Root of the NTFS harddrive and that is not fixed just by adding a new OS.
It just becomes a headache installing OS’s when you can just fix the one you are using. I I get a customer that I am charging to install OS’s and go through that timeframe then do the installs for AV and malware removal then remove the issues….that is too many steps…I just pull the drive …scan it as a slave and repair what it finds…then I reload the drive and fix the boot process if need be…then run hitman pro…then it is pretty much done at a 1/4 of the time a parallel installation would require…my customer is happy and I am happy and my time is not wasted.

I had issues with MSE. it caused a lag in my start menu I could never figure out how to fix… I use Avast with no issues at all on most of my computers

Now as for parallel installation…it would become infected too because of the $MFT issue. only good way to clear most of the junk is to slave the drive in a working system…I have a computer that all it does is clean slaved drives…only thing you have to watch out for is folder permissions

Sophos Anti-Rootkit is a great program…but did not find what Hitman pro 3.5 did…just goes to show …you have to use multiple programs to really clean a system out

Well, I have to add my two bits to this
First I don’t think there was anything wrong with Avast
Now the questions are:

Did you have a program called Antivirus 2008, Antivirus 2009, Vista Antivirus 2008, Windows Antivirus 2008, Antivirus 2008 Pro, XP Antivirus 2008, Antivirus XP 2008, XP Antivirus 2009, XPAntiVirus, or any other Antivirus-named program variation that you did not consensually agree to download on your machine?

some good reading here on the subject:
http://www.ca.com/us/securityadvisor/virusinfo/virus.aspx?id=74100

I have to give credit to this site…gives very good info on what happened to your machine and I copied the beginnig quote
http://www.enigmasoftware.com/antivirus-2008-antivirus-2009-xp-antivirus-2008-infect-winlogon/

This is highjackware and affects the winlogon part of the operating system
from what I have seen is Anti-virus 2008 Trojan Family has changed tactics and now installs a root kit that is almost impossible to find as in installs as a driver now. none of the normal malware removal tools work to find it at all (this includes my favorite tool Malwarebytes)

also the new tactic of this program is to make it so the $MBR is infected… So if you don’t zero out the hard drive it will re-infect when the OS is re-installed ..even with a normal format
A re-install or repair install will not work

first you have to load the hard drive on another computer as a slave and do malwarebyte and any good antivirus scans

then you have to get it to boot and run Hitman pro 3.5
http://www.surfright.nl/en/hitmanpro/

it will detect the rootkit and fake drivers and remove them including fixing the $MBR issue
So far it is the only program I have found that works to find and fix it

And as far as I read..you have all the symptoms of a rootkit virus/trogan

I switch on, sign on as Admin and use Password. Windows accepts these but then hangs on the blue Welcome Screen
In Safe Mode, the same procedure gets me to the desktop without hang-ups, which is correct.

Not sure why anyone did not catch that?
Just to note…this is brand new behavior and I have fixed a few with this issue..

OK first …READ THIS ENTIRE WEBSITE. It will explain the boot process and how to fix the boot process for dual boot. this is the best I have ever found for setting up vista machines
http://www.multibooters.co.uk/index.html

I use Bootit NG and it will help a lot as a boot manager. I never use the windows boot manager at all.
http://www.terabyteunlimited.com/bootit-next-generation.htm

just to note.. its way easier to install on a new hard drive then break up the original drive in partitions …you might consider cloning the drive then really digging into the clone and see what the issue is…though starting new is a very good option

good luck