Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Looks Like I'm In Safe Mode Even Though I'm Not


  • Please log in to reply
32 replies to this topic

#1 AhhhLeah

AhhhLeah

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:11:30 AM

Posted 25 November 2007 - 03:18 PM

I'm running Windows 98. I had a couple of trojans on my system that didn't look terribly dangerous so I was running the normal anti-spyware/anti-virus programs when suddenly things look like I'm running in safe mode even though I'm not. Also, my screen will roll or jump several times when I go to a new website. Here's what I did:

1. I dumped all my temp files & recycle bin
2. Ran cccleaner
3. Ran Ad-Aware (nothing) & Spybot (nothing)
4. Ran Housecall (came up with a low level threat trojan but when I told it to delete it my computer went haywire and this seems to be when all my problems began. Also, the trojan didn't appear to be deleted at all.
5. Ran EZ Antivirus (nothing)
6. Attempted to run Bit Defender twice but it said it "failed" before it even ran
7. Ran Panda and it came up with 44 spywares and 2 viruses but I saw no way to delete them and couldn't tell any way to find out where they were located because I couldn't see everything on the screen because the type is so big like I'm in Safe Mode.

Oh, after I ran Housecall I ran HiJack this three times. I got the results but it won't show a log at all. I'm not sure what I'm supposed to do now. Help?

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 32,777 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:30 PM

Posted 25 November 2007 - 04:22 PM

Please download Dr.Web CureIt & save it to your desktop. DO NOT perform a scan yet.

Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with Dr.Web CureIt as follows:
  • Double-click on cureit.exe to start the program. (ignore any prompts to update or check for a new version)
  • When the Dr.Web opens, an "Express Scan of your PC" notice will appear.
  • Under "Start the Express Scan Now", Click "OK" to start. This is a short scan that will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it.
  • Once the short scan has finished, Click Options > Change settings
  • Choose the "Scan tab" and UNcheck "Heuristic analysis"
  • Back at the main window, click "Select drives" (a red dot will show which drives have been chosen)
  • Then click the "Start/Stop Scanning" button (green arrow on the right) and the scan will start.
  • When done, a message will be displayed at the bottom advising if any viruses were found.
  • Click "Yes to all" if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can see the icon next to the files found. If so, click it, then click the next icon right below and select "Move incurable".
    (This will move it to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if it can't be cured)
  • Next, in the Dr.Web CureIt menu on top, click file and choose save report list.
  • Save the DrWeb.csv report to your desktop. (You can use Notepad to open the DrWeb.cvs report)
  • Exit Dr.Web Cureit when done.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web in your next reply.

Microsoft MVP - Consumer Security 2007-2014 MVP.gif

Member of UNITE, Unified Network of Instructors and Trusted Eliminators

#3 AhhhLeah

AhhhLeah
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:11:30 AM

Posted 25 November 2007 - 06:54 PM

Thanks for your help. Here are the results:

backup-20040401-005551-540.inf;C:\;Trojan.DownLoader.3634;Deleted.;
backup-20040527-195228-480.dll;C:\;Adware.Coupons;Moved.;
backup-20041215-093719-565.dll;C:\;Adware.Coupons;Moved.;
brix7ie.dll;C:\WINDOWS;Adware.Coupons;Moved.;
cpnsie2.dll;C:\WINDOWS;Adware.Coupons;Moved.;
brix6ie.ocx;C:\WINDOWS\SYSTEM;Adware.Coupons;Moved.;
uinst_cp.exe;C:\WINDOWS\SYSTEM;Adware.CasProg;Moved.;
Krfpan.exe;C:\WINDOWS\SYSTEM;Trojan.DownLoader.origin;Incurable.Moved.;
dun.exe;C:\WINDOWS\SYSTEM;Adware.DealHelper;Moved.;
SBWinet.dll;C:\WINDOWS\SYSTEM\SBUtils;Trojan.Click.origin;Incurable.Moved.;
OTXMedia.dll;C:\WINDOWS\Downloaded Program Files;Adware.Otx;Moved.;
Catcher.dll;C:\Program Files\Yahoo!\YPSR\Quarantine\ppqC1B3.TMP;Adware.Catcher;Moved.;
36916449.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.6808;Deleted.;
15514024.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.6808;Deleted.;
38191477.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.6808;Deleted.;
87763164.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.6808;Deleted.;
24041321.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.10754;Deleted.;
01749969.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.10754;Deleted.;
10164748.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.6808;Deleted.;
10197862.FIL;C:\$VAULT$.AVG;Adware.MediaTicket;Moved.;
10612971.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.6808;Deleted.;
10641013.FIL;C:\$VAULT$.AVG;Adware.MediaTicket;Moved.;
34335146.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.11615;Deleted.;
34354627.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.11615;Deleted.;
34376054.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.6808;Deleted.;
39942423.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.11615;Deleted.;
39982189.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.6808;Deleted.;
40086610.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.11615;Deleted.;
40107110.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.11615;Deleted.;
32200574.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.11615;Deleted.;
32200731.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.12069;Incurable.Moved.;
32201663.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.11615;Deleted.;
46970298.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.11615;Deleted.;
46980149.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.6808;Deleted.;
73098100.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.11615;Deleted.;
18391799.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.11615;Deleted.;
53712926.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.10754;Deleted.;
43006564.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.12125;Deleted.;
43008278.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.12125;Deleted.;

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 32,777 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:30 PM

Posted 26 November 2007 - 09:41 AM

Now download and scan with SUPERAntiSpyware Free
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here and unzip into the program's folder.)
  • Under "General and Startup", make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen and exit the program.
  • Do not run a scan just yet.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with SUPERAntiSpyware as follows:
  • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
  • Click Close to exit the program.
Also, let me know how your computer is running now.
Microsoft MVP - Consumer Security 2007-2014 MVP.gif

Member of UNITE, Unified Network of Instructors and Trusted Eliminators

#5 AhhhLeah

AhhhLeah
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:11:30 AM

Posted 26 November 2007 - 03:31 PM

My computer is still very grainy and jumps and or flashes several times when I go to a new website. It still looks like I'm running in safe mode even though I'm not. All the print is magnified and doesn't fit on the page. Here's the log report:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/26/2007 at 02:44 PM

Application Version : 3.9.1008

Core Rules Database Version : 3350
Trace Rules Database Version: 1349

Scan type : Complete Scan
Total Scan Time : 02:26:54

Memory items scanned : 64
Memory threats detected : 0
Registry items scanned : 2411
Registry threats detected : 0
File items scanned : 28436
File threats detected : 11

Adware.Tracking Cookie
C:\WINDOWS\Cookies\default@adlegend[2].txt
C:\WINDOWS\Cookies\[email protected][1].txt
C:\WINDOWS\Cookies\default@revsci[1].txt
C:\WINDOWS\Cookies\default@rambler[1].txt

Adware.ClickSpring/PuritySCAN
C:\WINDOWS\SYSTEM\WNSINTSU.EXE

Adware.BonziBuddy
C:\WINDOWS\DESKTOP\BBSETUPCOM.EXE
C:\WINDOWS\DOWNLOADED PROGRAM FILES\BBSETUP.EXE

BS5-TSRKQN.EXE
C:\WINDOWS\BUNDLES\BS5-TSRKQN.EXE

Unclassified.Redirect
C:\DOCTORWEB\QUARANTINE\KRFPAN.EXE

Adware.DealHelper
C:\DOCTORWEB\QUARANTINE\DUN.EXE

Adware.Shorty
C:\DOCTORWEB\QUARANTINE\CATCHER.DLL

Thanks for your help.

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 32,777 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:30 PM

Posted 26 November 2007 - 03:37 PM

Go to Start > Settings > Control Panel, double-click on Add/Remove Programs. From within Add/Remove Programs highlight any of the following programs (if listed) and select "Remove".

ClickSpring
Cowabanga by OIN
ipwindows / ipwins
MediaTickets
MediaTickets by OIN
OIN
Outer Info Network
PurityScan
PurityScan by OIN
Snowball Wars by OIN
TizzleTalk
TizzleTalk by OIN
Yazzle by OIN
Yazzle ActiveX By OIN
Yazzle Cowabanga by OIN
Yazzle Kobe :filtered:! By OIN
Yazzle Picster by OIN
Yazzle Sudoku by OIN
Yazzle Snowballwars by OIN
Yazzle Kobe Balls! by OIN
Zolero Translator
or anything similar with OIN, Outer Info Network or Yazzle in them.

Important! Reboot when done.

Open My Computer or Windows Explorer, navigate to C:\Program Files and delete any of the named program folders listed above that you find (if they still exist).

If you do not see any icon for "OIN" or "(program) by OIN" in Add/Remove Programs, then download and run the Purity Scan uninstaller.
  • Save the Uninstaller to your desktop.
  • Double click on the OiUninstaller.exe icon on your desktop.
  • Click on "Run".
  • Enter the four digit code that is displayed and click on "Uninstall".
  • Click on "Ok" and reboot your computer.
Click here for Instructions with screenshots if needed.

Note: OiUninstaller uses UPX (ultimate packer for executables), an advanced file compressor and a method for compressing executable files to reduce their size to save space on a disk and download time. Some anti-virus programs such as Avast and Kaspersky may detect it as malware when attempting to download or unpack the compressed file.
Microsoft MVP - Consumer Security 2007-2014 MVP.gif

Member of UNITE, Unified Network of Instructors and Trusted Eliminators

#7 AhhhLeah

AhhhLeah
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:11:30 AM

Posted 26 November 2007 - 05:23 PM

I tried to install it but it says my current settings will not allow the file to be downloaded.

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 32,777 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:30 PM

Posted 26 November 2007 - 07:36 PM

Have you checked your desktop settings and screen resolution? If not, please do. If your not sure how, please see "How to Adjust your Desktop Settings".

You could also be having issues with your video card. There are suggestions for the troubleshooting video card here and here.
Microsoft MVP - Consumer Security 2007-2014 MVP.gif

Member of UNITE, Unified Network of Instructors and Trusted Eliminators

#9 AhhhLeah

AhhhLeah
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:11:30 AM

Posted 29 November 2007 - 05:46 PM

Upon further thought, I think my problem stems from me accidently deleting that .dll file by mistake when I was deleting some files my daughter had on the computer. All the problems with the screen looking weird and jumping started after I deleted those files. Do you think I should do a system restore? If so, could you walk me through that? Or, should I reformat with my boot disc?

Thanks.

#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 32,777 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:30 PM

Posted 30 November 2007 - 04:56 PM

If a file has become lost or corrupted, you can use the System File Check Utility to extract a new file from your Window Installation CD. SFC verifies the integrity of your system files and will scan for missing, altered files and prompt you to restore them if it detects changes or a corrupt file.

How to Restore Windows 98 from a Full System Backup
Can't Use System Recovery With Windows 98 SE
Microsoft MVP - Consumer Security 2007-2014 MVP.gif

Member of UNITE, Unified Network of Instructors and Trusted Eliminators

#11 AhhhLeah

AhhhLeah
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:11:30 AM

Posted 30 November 2007 - 07:47 PM

Thanks for your help. Should I be telling it to "Update Verification Information" or "Restore File"?

#12 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 32,777 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:30 PM

Posted 30 November 2007 - 10:21 PM

If you know you upgraded the file, click Update verification, otherwise click Restore. The previous and current dates will be showing. In your case, what your mainly looking for is altered, missing or corrupt files that you can replace by extracting a new one.
Microsoft MVP - Consumer Security 2007-2014 MVP.gif

Member of UNITE, Unified Network of Instructors and Trusted Eliminators

#13 TMacK

TMacK

  • Members
  • 4,672 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:B.C. Canada
  • Local time:09:30 AM

Posted 01 December 2007 - 02:08 AM

I see you have a HJT log posted in the HijackThis Logs and Malware Removal forum.

You shouldn't make any changes to your system, while your HJT log is posted, as that could change the results of the posted log, making it difficult to properly clean your system.
At this point, the HJT Team should be the only members that you take advice from, until they have verified your log as clean.

I'm closing this topic until you are cleared by the HJT Team.
If, after your log has been cleaned, you still need help, please PM a Moderator and we will re-open this topic.
Chaos reigns within.
Reflect, repent, and reboot.
Order shall return.

aaaaaaaa a~Suzie Wagner

#14 TMacK

TMacK

  • Members
  • 4,672 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:B.C. Canada
  • Local time:09:30 AM

Posted 01 December 2007 - 11:30 AM

This Topic is Reopened.
Note that the HJT log AhhhLeah posted, is for a Windows XP OS.
Chaos reigns within.
Reflect, repent, and reboot.
Order shall return.

aaaaaaaa a~Suzie Wagner

#15 AhhhLeah

AhhhLeah
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:11:30 AM

Posted 04 December 2007 - 06:29 PM

Okay, so I'm motoring through and it is updating a bazillion files. Then I run into a file it says may be corrupted. I follow all the instructions telling me how to extract this file. I get to the window where it says to specify the location of the file you want to extract and the destination for the file. The destination is already filled in and it is the correct location. I try to browse the Windows CD to find the "User.exe" file that I am trying to extract but all I see are folders. I open the folders and there are no files in the folders. I am confused as to how to find the file I'm looking for to extract it from the Windows CD. Any advice for me?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users