Ok, I have a *gag* Windows XP *gag* problem. I may just go total Ubuntu and leave it at that, but until then, I have a major headache on my hands.

In October, my computer was trying to boot XP (before I heard of Ubuntu) but couldn't make it. Error message on screen said /windows/system/restore was missing or corrupted and had to be fixed. This led to some tears, then the restore partition was invoked to fix it. Everything went smoothly again for a few months. Then I ran a virus scan. Every restore point tested positive for the mitglieder trojan. They were wiped and subsequent scans were clear. A week later, the same boot error: /windows/system/restore missing/corrupted. Then again one month later.

This week, something a little different happened: this time it was only /windows/system that was missing/corrupted. I can always seem to restore the OS without losing personal files and only having to reinstall a few cam and printer drivers and little other software I added. But, automatic updates don't appear to be loading. And, an old version (6.2 I think) of Quicktime is under the mistaken notion it is current when told to check for updates. The current version available is 7.1 or 7.2.

Anyone have a clue as to WTF may be wrong?

Possible things:

the trojan really screwed up windows ... reinstalling might be the best option.

your hard drive is going bad?

Oh god, I hope not. It started doing this a month or so after I first got it. Think that's likely? I can't find any info on Google, but you aware of any mass HD failures from factory shipped Compaq Presario SR1000 models? (Mine was shipped to me Sept 28, 2005 so that time period for date of manufacture.)

I did have Norton on there when I first got it. There were a few months of on internet, but within days of getting dial up, a downloader trojan was found. I check the Norton logs for giggles a long time ago, and found that Norton was unable to delete the infected file, saying it's access to it was denied. I was able to delete it just fine though. I can't verify with any certainty that my system in clean now, but I think it is. All the netstats I run come back "clean" (as in, nobody I'm not known to be connected to shows up). There was some other funny business going on that led to a blog with screen caps. I'll post that if you think it'll help.

i too would suggest a complete reinstall of windows...

also check the SMART info of your hdd, it will tell you how close it is to failing (at least an estimate)

and make sure to use good antivirus/firewall/antispy software, to keep this from happening again

When windows gets a little messed up, it won't be any use trying to get it back alive Re-install

I will re-iterate the voices of those above - re-install. Even if it was working fine and you had had a trojan I would say re-install. Windows XP, in my experience, is just not the same after any trojan/virus/etc infection.

The only Win discs I have were made off the possibly infected partition, so that may not help. May go ahead and do it anyway after I back up the rest of my personal files.

Downloading HDDHealth right now to check SMART info. Had never really heard of it's use until now, even though I grew up around this stuff. I'll load that and see what comes up.

I'm covered in terms of antivirus and antispyware. I do need to think about a real firewall if I keep Windows around. That built-in XP firewall is a bit, well... not a firewall really. It seems to be a great connection logger though. Heh.

Thanks for all the help so far. I'm likely to ask more questions, thanks for not giving me the "rtfm n00b" business. Ubuntu Community<3

If you haven't made the restore discs, call Compaq and ask them for restore discs. You might end up paying $30 or so for them, but it'll help you out. It does sound like you have a bad HD though, and yes, they can go bad anytime, doesn't have to be a huge ordeal. One HD out of 1000's can go bad. You're out of warranty most likely. Run over to Ultimate Boot CD - Overview and run a few of the hard drive tests that are on the boot cd.

If you can get the restore discs from Compaq, use the boot cd to write zeros to the drive a minimum of 2 times before you reinstall. I had some nasty partition table things happening that made me think the drive was bad, even when all the tests came back fine. Wrote zeros to the drive 3 times, took almost a full 2 days. The drive is still in use, even after a year after this happened.

Good luck!

Yeah, it's a shame that people are that way. I really think that there are more nice people out there, but the mean ones are louder.

Just out of curiosity, what's keeping you from going ubuntu?

just use a separate partition for savig your work on, then it wont be afected if your os partition braks

windows needs reinstaling at lest onse a year to ceep it usable

Hold on a second.

You wiped the restore files with your virus scanner/manually? That's a big no-no. Bad things could happen...

If you find a virus on your computer, the proper way to remove it is to first disable system restore, then boot in safe mode, let the virus scanner clean the system, follow any additional directions (do a search on the virus/trojan name), and finally re-enable system restore.

Also, are you sure that it was C:/Windows/system/restore and C:/Windows/system ? It should be in C:/System Volume Information/ for system restore points as you mentioned in the OP. It also shouldn't be a folder. Was there any filename after that?

---
Anyway... that trojan shouldn't cause that error, and if you've checked for other spyware/virsuses (use a second virus checker like AVG or an online check), I would check for bad sectors on the hard drive, bad RAM, and if you've overclocked, I'd run a stress test.

HDD...
Win+R -> "cmd" -> "chkdsk c: /f /r"

RAM...
memtest86+

OC'd?...
Prime95

PS: If you keep your computer secured properly and perform regular maintenance, there's no reason to reinstall XP monthly/yearly.

IMO, this would be the best thing to do.

Completely Wipe your hard drive.
Reinstall Windows. (NTFS of course)
Get all the updates available. And i Mean all of them.
Then get your drivers installed.
Turn on XP Firewall, screw 3rd Party AV software.
Youll be alright from there.

I havent used AV software since 2003. I noticed that AVs just slow down my computer, and just having common sense on the internet and having XPs firewall turned on, works just fine,

I agree if you're talking about something like Norton that runs constantly. Something like ClamAV, however, is only a scan program that runs when you tell it to. I think it could be pretty useful and it won't take up resources. It also doesn't try to repair anything, it just tells you that you have a virus.

A winsoft modem and only dial up access atm. There is WIFI on the horizon though. Just involves paperwork, deal with my aunt, and arguing with the phone company. ETA on that: 1-2 months.

No files were listed after those c:/windows etc items. Just those names. Which part of me is wondering if that screen is a kind of prank trojan of sorts. Conjures up images of the joke viruses like Spin Dry to me. (Anyone know WTF I'm talking about on that one, or too obscure there?)

I had no choice of dealing with the infected restore points: virus scan automatically wiped them upon detection. This is copied out of the log kept by the antivirus that did it:
C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP36\A0008626.exe -> Trojan.Mitglieder : Cleaned.
C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP36\A0008627.exe -> Trojan.Mitglieder : Cleaned.
C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP36\A0008628.exe -> Trojan.Mitglieder : Cleaned.
C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP36\A0008629.exe -> Trojan.Mitglieder : Cleaned.
C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP36\A0008630.exe -> Trojan.Mitglieder : Cleaned.
C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP36\A0008631.exe -> Trojan.Mitglieder : Cleaned.
C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP36\A0008632.exe -> Trojan.Mitglieder : Cleaned.
C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP36\A0008633.exe -> Trojan.Mitglieder : Cleaned.
C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP36\A0008634.exe -> Trojan.Mitglieder : Cleaned.
C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP36\A0008635.exe -> Trojan.Mitglieder : Cleaned.
C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP36\A0008636.exe -> Trojan.Mitglieder : Cleaned.
C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP36\A0008637.exe -> Trojan.Mitglieder : Cleaned.
C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP36\A0008638.exe -> Trojan.Mitglieder : Cleaned.


All scans I've done recently through AVG and AVG Antispyware are clean, as are the online scans available from Norton. I even tried AVG Antirootkit tool. Nothing shows. Hijack This also looks fine. Running the rest of the suggested checks. Post back later with results. Thanks again.

try shipit

https://shipit.ubuntu.com/


they will mail you a free cd, even cover the mailing cost, just takes a while, says up to 10 weeks.
but i belive thats like the very extreme, usually in like ~2-3 weeks i believe