x22 virus help needed please (gasfky rootkit?)

[blink]

Hi Guys i have posted this in the general section as this query isnt really machine specific.
I recently purchased a couple of rather heavily virus/spyware infected x22s for a reasonable price (again i must stop this) with the intention of cleaning up & selling one on & perhaps keeping the other as maybe a dual boot xp linux machine for myself?

Now heres the rub. I was going to do a clean intall of xp on them both but i cant. When i try to enter bios the padlock symbol comes up, i just press enter & can get into bios but i am not allowed to change any settings. Unfortunately on boot both removeable devices & CDROM have been disabled so i only have hard drive & network boot available.
So i guess no options of a clean install?
I have now cleaned up both machines the best i can using a few combinations of anti virus/spyware software, defragged, wiped previous data, cleaned registry et with ccleaner blah blah & they are both running quite nicely with the existing xp they have on the hard drives.
One seems totally clean from any infection now but the other still has a very pesky gasfky rookit virus that i am having trouble clearing & avast finds but cant fix.
I am starting to think that the only way of clearing it maybe by manually deleting its hidden registry files & any other places it may have spread to but am really very wary about playing around in the registry as i have never done this before & if it goes wrong, obviously i probably cant do a fresh install!
I have tried googling for solutions but havent found a straight forward fix & i would certainly really appreciate any ones help who has more experience with such matters that could perhaps offer some guidance on what my best way forward would be.
To be honest I doubt i will keep any machine now unless there is a solution to the bios limitation, however if i do sell i would certainly like it to be clean & trouble free for the next owner, I could easily just put microsoft security essentials on it which shows the machine as clean, maybe its a false positive in avast? But to be honest i would really like to get to the root(kit) of the issue (sorry! ) I couldnt sell something in good conscience that may possibly have a problem.
Many Thanks for any help.

[Neil]

I would pull the hard drive and either put it in another computer or a USB enclosure and wipe the drive clean with an application that will write zeros to it. Then if you want to install a new OS on it, Linux is fairly friendly about installing on one computer and then booting on another, some distros more so than others. Or, if you want XP, then I would make the drive bootable with a Win98 boot disk and copy the i386 folder to the drive. Then you could put it back in the X22, boot up, and install XP from the hard drive itself.

[billp117]

The bios is password protected...unless you can get the password from the previous owner you will not be able to make any significant changes.

Can you remove the hard drive and install it on another ThinkPad that is not password protected? That would give you the ability to remove the hidden partition...it does not solve your bios problem. Or perhaps there is some software that will give you the same ability using a USB adapter. Someone else on the forum may have some ideas.

I cannot help you on the gasfky problem and it looks like that question has been asked by a lot of people. Your problem is complicated even further because your bios is locked.

edit...Neil has you on the right track. Thanks

[wackyD]

Have you tried Malware Bytes? How about the Norton Power Eraser?

I don't think I have dealt with the gasfky myself.


I have found pulling the drive and cleaning with another machine to be the only option in a numberof cases of late.

A word of caution - don't try to clean it with your primary machine, if you have the option. I had the activation section of XP wiped amoungst other things with my last salvage work. Fixed theirs, lost mine. Not good explanation and I may have my self to blame if I missed a check box, but you do run the risk of infecting the host machine when you work on the other drive in an enclosure.


Daniel

[GACrabill]

One seems totally clean from any infection now but the other still has a very pesky gasfky rookit virus that i am having trouble clearing & avast finds but cant fix.

Have you tried using the free TDSSKiller rootkit cleaning tool from Kaspersky ?
http://support.kaspersky.com/faq/?qid=208283363

It is a simple executable that can be run from a USB stick.

It has fixed two problems for me in the past that nothing else seemed to be able to fix.

There are a number of serious viruses, rootkits, and malware which cannot be found and fixed if the hard drive is connected as a 2nd drive on a different PC.

If the infected PC will boot into Windows, use the "portable" versions of CCleaner, SuperAntiSpyware, and TDSSKiller to do some cleaning before trying to "install" clean-up tools.

[frankausmtank]

Don't know about the x22, but on my t60, F12 during startup brings up a boot device selection regardless of the bios boot order.

[RealBlackStuff]

@blink: check your PM

[blink]

Many Thanks for you all your input & suggestions guys its appreciated, I seem to have yet another problem with it now! I decided to take the extra memory stick out & when using just the onboard 128mb it normally just about boots windows & then bsods & says irql_not_less_or_ equal, some general troubleshooting blurb, error codes & then does a physical memory dump! Any Ideas

.Neil & billp you have certainly given me some food for thought, I am not very au fait with making drives bootable & technical stuff but i will certainly look into that if i cant clear the virus by traditional means. I think tthe installing on another machine way may be how the current version of xp was installed as floppy is listed in device manager & obviously their isnt one on these. The only definate working TPs i have are sata now, I have a couple of old 600s & a 570 knocking around but im pretty sure they have been left that way for so long was due to them all having issues.
wackyD yeah malwarebytes was my first port of call but thanks for the heads up on Norton i may have to look at that. GaCrabill, I have tried a couple of anti Rootkits but i will definately give the kapersky one a bash next as im sure i read this virus was based on tdss? Fingers Crossed many thanks for the tip & advice on running portable apps thats great. Frank i tried f12 & the options i get are hdd & Iba, i have to confess i dont know what iba is but thanks for the suggestion.
Cheers again for the pm RBS

[Mike Blake]

These older posts may help you with part of your problem:

"IRQL _NOT_LESS_OR_EQUAL"
http://forum.thinkpads.com/viewtopic.php?t=41566

"W700 - IRQ_NOT_LESS_OR_EQUAL STOP 0x0000000A BSOD"
http://forum.thinkpads.com/viewtopic.php?f=48&t=78994

"New Ram, new problem (beep codes)"
http://forum.thinkpads.com/viewtopic.php?f=2&t=89294

In brief: often bad RAM, RAM slot, or a recently-installed driver that's bad.

[blink]

Good News everything seems fine now!!
Many Thanks to all who contributed in trying to help me resolve this. An extra Special Thanks & a cyber Pint to GACrabill as it was the TDSSkiller that really got to the root of the problem so to speak. After running this all the remaining remnants of it on the machine were found (7 i think) 6 were deleted & the last bit put into a state that could be cleaned & eliminated through Avast.
What a great little program!! Thanks again.

Mike, Some great info there about RAM & IRQs Thank you much appreciated.
After the virus was eliminated the machine no longer bsods & now works albeit at less than a crawl using the onboard 128mb, but rather decently with an additional 256mb added.
Just ran memtest from within windows for 3 hrs & RAM comes up clean.
So fingers crossed it is ok now?
Cheers
Andre

[RealBlackStuff]

Even with the max. 512MB RAM that machine will be slow.
It would run better with Windows 2000/SP4, or Windows FLP (= minimalist XP) if you can find it.