Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer Won't Boot Normally Or In Safe Mode Due To Virus


  • Please log in to reply
1 reply to this topic

#1 hazelnut

hazelnut

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:07:44 AM

Posted 14 August 2007 - 10:37 PM

I was googling the .exe files that automatically start up on my mom's computer, and came across the following nefarious programs: nvcpl, iedll and loader.

Next I attempted to update her Ad-Aware, but it stopped downloading the update at 5%.

I downloaded Spy-Bot, A-Squared, Ccleaner and Stinger (they updated sucessfully). Rebooted in safe mode and ran those programs. I ran Ccleaner first. Spybot reported hundreds of problems, which I quarantined. A-Squared also reported hundreds of problems, including Trojan-Downloader.Win32.f, Trojan-Downloader.Win32.Winshow.l, Trojan-Downloader.Win32.Swizzor.g and Trojan-Downloader.Win32.Tooncom.k. Stinger reported nothing.

Next I rebooted in normal mode. Uninstalled her old Java updates (I'd read that leaving old versions of java lying around can be dangerous), removed some unnecessary programs, and installed AVG Anti-Virus (she had Norton, but it hadn't been updated for years. My plan was to install the freeware for her and then disable and remove Norton as I'd read that running more than one anti-virus program is worse than running none).

AVG immediately reported that the computer was infected with the virus Win32/Kibik. I selected quarantine even though AVG warned me this might cause some programs to malfuntion (no idea if it worked).

Then I rebooted to go in to safe mode, only safe mode wouldn't fully load. I got to the desktop, but none of the programs appeared to be loading. It was just a black screen with the words "safe mode" at the top and bottom.

I attempted to reboot in normal mode and the same thing happened. I got as far as the desktop wallpaper, but none of the programs were loading (no start menu, no icons, etc). I hit ctrl-alt-del and found that the following programs were running:
- svchost
- taskmg
- NPROTECT
- NAVAPSVC
- mdm.exe
- avgemc.exe
- avgupsvc.exe
- avgamsvr.exe
- a2service.exe
- CCEVTMER
- spoolsv
- svchost
- svchost
- svchost
- svchost
- svchost
- alg
- lsass
- services
- winlogon
- csrss
- smss
- wuauclt
- System
- System Ide Process
But no others. Some programs will appear in the tast manager (e.g. WgaTray, wuauclt), but then quickly disappear of their own accord.

I then rebooted while holding down F2 to do a system restore, but it just booted in normal mode the way it had before without ever showing me the system restore option.


Does anyone have any idea what I could do to get out of this mess? Even if I can access the computer again there's clearly some nasty stuff on there that needs to be removed. But at least then I could record a HijackThis log for you all. My poor mom just wants to play solitaire and check her e-mail. I feel awful for crashing her computer. Even if it was inevitable. :(

Moderator Edit: Moved topic to the more appropriate forum. ~ Animal

Edited by Animal, 15 August 2007 - 12:02 AM.


BC AdBot (Login to Remove)

 


#2 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:44 PM

Posted 15 August 2007 - 01:28 AM

After doing Ctrl+Alt+Del to bring up the Task Manager go File > New Task and type "explorer.exe". Hopefully you're desktop will come back.

After that you might want to try running the System File Checker (sfc).

How To Use Sfc.exe To Repair System Fileshttp://www.bleepingcomputer.com/forums/t/43051/how-to-use-sfcexe-to-repair-system-files/
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users