Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't run Safe Mode or any spyware-removal programs


  • Please log in to reply
5 replies to this topic

#1 wonderfull

wonderfull

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:16 PM

Posted 06 October 2009 - 01:06 AM

Hi, my laptop is a Dell Inspiron E1505 and I am using Windows XP :thumbsup:

Problems (in order of appearance):
- Cannot perform System Restore (haven't been able to in a long time)
- Search engine redirects
- Cannot run Safe Mode (this has happened before, but that was due to a missing file, which I re-installed, and this time it's a different error... "A problem has been detected and windows has been shut down to prevent damage to your computer")
- Pop-ups (search engines ex. StopSearchClick, virus protection)
- Can't run Spybot: Search and Destroy, Malwarebytes' Anti-Malware, or HijackThis
--> "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item."
- Both IE and Firefox are crashing frequently

Things I may have done to exacerbate problems while trying to fix them:
- deleting (newly created) files in system32, temp and system folders

I've done a decent job of getting rid of problems in the past, by running searches (and finding great sites/forums like this one) or figuring out what to do on my own (ex. I've been able to locate those ridiculous and merciless pseudo- "virus protection" programs and delete them on my own), but I probably got overzealous and now I have too many problems to be able to find one solution for all of them. Please help? I greatly appreciate any time or assistance (it's amazing what people do on forums like this one to help other people). Thank you and have a nice day!
Posted Image

BC AdBot (Login to Remove)

 


#2 rigel

rigel

    FD-BC


  • BC Advisor
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:07:16 PM

Posted 06 October 2009 - 08:34 AM

Please download gmer.zip and save to your desktop.
  • Extract (unzip) the file to its own folder such as C:\Gmer. (Click here for information on how to do this if not sure.)
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on gmer.exe to start the program.
  • Allow the gmer.sys driver to load if asked.
  • You may be prompted to scan immediately if GMER detects rootkit activity.
  • If you are prompted to scan your system click "Yes" to begin the scan.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as gmer.log and copy/paste the contents in your next reply.
  • Exit GMER and re-enable all active protection when done.

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. Will Smith


#3 wonderfull

wonderfull
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:16 PM

Posted 06 October 2009 - 05:57 PM

Hi, thank you so much for the prompt reply!
I started gmer.exe (after following all the other directions) and it detected rootkit activity, so I ran the scan. I left the computer for a bit but when I came back, my computer was turned off -- and no one else had been around it so I know it turned off by itself. I turned it on and tried to run gmer.exe again, but got the same error I've been getting with other programs: "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item."
I don't know how this got so bad so fast :thumbsup:

Edited by wonderfull, 06 October 2009 - 06:13 PM.

Posted Image

#4 rigel

rigel

    FD-BC


  • BC Advisor
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:07:16 PM

Posted 06 October 2009 - 06:49 PM

Since you have seen GMER flagging a rootkit, you will need advanced help. Please follow this guide from step (6). Post a DDS log to the HJT forum and a Team member will be along to help you as soon as possible.

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. Will Smith


#5 wonderfull

wonderfull
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:16 PM

Posted 06 October 2009 - 10:52 PM

I ran dds.srcr, and I don't think I have any script-blocking programs running, but while the black information screen (ending in "dispose after use") did come up, nothing happened for about a minute after. The window then went away, and nothing else happened though I waited for about ten minutes. I tried restarting and disabling my internet connection, but those things didn't help. :-/ I'm sorry if I'm doing something wrong! I don't think I'm supposed to post in that forum without a log, so I'm not sure what to do at this point. I'm sorry but thank you so much for all of your help until now!
Posted Image

#6 rigel

rigel

    FD-BC


  • BC Advisor
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:07:16 PM

Posted 07 October 2009 - 06:25 PM

You aren't doing anything wrong. It's the malware.
  • Please download System Repair Engineer from here
  • Unzip/extract sreng2.zip to a folder on your desktop
  • Double-click on SREngLdr.EXE to launch System Repair Engineer
  • Click the Smart Scan Icon
  • Click Scan
  • Wait for the scan to finish
  • Click on the Save Reports button
  • Save it to your desktop, using the recommended name of SREngLOG.log
  • Close System Repair Engineer
  • Use notepad to open the SREngLOG.log file
  • Note: The log may be long, and you may need several posts to post all of it
  • If you are using a custom HOSTS file, please leave out the HOSTS File section, as it will make the log far too long
Post a your SREngLOG log to the HJT forum and a Team member will be along to help you as soon as possible.

If you need any help with the guide, please let me know.

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. Will Smith





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users