The following question and answer thread was excerpted from ITKnowledge Exchange. Click here to read the entire thread or to start a new one.
A user identified as zzegri posted the following question:
A user identified as Howard2nd replied:
"First -- an attachment in an e-mail -- smells like a virus to me. Since all of the recent attacks use e-mail addresses from address books, did the user call his friend and ask about it? Second, start in 'safe mode' and run antivirus and antispyware programs. If you are comfortable in the Registry, look for items that run at startup. This sounds like a phone home loader that fails forcing a restart and creating the loop. Third, Windows Repair is a big hammer. I usually wait to try it as the last step before 'Erase hard drive and re-install!' Finally, when you have recovered the workstation, check your AV program because it should have tested the attachment BEFORE opening."
A user identified as mljsher replied:
A user identified as MithunMCSE replied:
"I would advise you to format the drive rather then waste your time repairing it. It seems that you will end up waiting longer and having more headaches if you try to repair it. Did you try LKGC? That might work. Also, try putting a /sos switch in the boot.ini and find out where exactly is it getting restarted. If this doesn't work, the best option is to reinstall."
A user identified as Nephi1 replied:
"I would wipe it and start fresh. If you really want to get the system running, look at the event logs to see what's happening in there. Windows can sometimes be very helpful with them. See what is causing the system to drop out on each start up, or even try to boot and press F8 to boot from the last known good settings and see if that works."
A user identified as PeterMac replied:
"I had a similar problem with my Windows XP Home installation. At some stage you will probably have to reload to get a clean installation. I plan to reload, but like you, have some software installed that I can't afford to be without and would cause major problems to reload. My system is still running and is reasonably functional and secure again. Try the following tools:
- Spybot -- Search & Destroy has an excellent startup manager in the 'Tools' section. It identifies and can block most problem programs. It also detects and eliminates most spyware/dialer programs.
- HijackThis is an extremely good tool. If you are not familiar with it, there are sites that will help you analyze the results.
- Symantec has a good online AV scan available.
- PandaSoft has a good online AV scan and free trial AV software. Just run Startup Scan at install time.
- The Lspfix Winsock Repair Tool can repair a damaged winsock stack (sometimes the result of virus software). It can also remove problem programs, but be careful. You need to know what you are doing. If you're unsure, post in one of the forums for help.
This was first published in July 2005