Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Fake Security Messages To Safe Mode Locked To No Windows


  • Please log in to reply
10 replies to this topic

#1 Xandar

Xandar

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:22 AM

Posted 11 December 2007 - 08:53 PM

Hello!
I got a bug one day while surfing the internet. It hijacked my browser and made my bandwidth slower. It also put 3 icons on my desktop. Each one had a very generic title so I knew right away that it was a bug. It also came up with a dialog box saying to the effect that, "Windows has been attacked by a virus." It also disabled all administrator rights to everything. I tried getting Task manager up and it was locked. It gave an error message that I "Didn't have the administrator rights."

I downloaded Spybot: Search and Destroy and installed it. I tried to turn the program on but it wouldn't show. So, I did what I would normally do, Try to boot in safe mode and then run it. I went to the f8 screen and chose safe mode. During the loading for safe mode, it flashed a blue screen and went back to a normal start up. I tried using MSCONFIG to get into safe mode, but now I can't even get my PC up because it is stuck in an eternal loop. I'll try to give any information that I can.

Thank you.

BC AdBot (Login to Remove)

 


#2 Andrew

Andrew

    Bleepin' Night Watchman


  • Moderator
  • 8,260 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Right behind you
  • Local time:06:22 AM

Posted 11 December 2007 - 08:59 PM

First thinks first we need to break that nasty loop you're in.

You should be able to boot up normally by pressing F8 before Windows loads (just like when trying to boot in safe mode) then selecting "Return to OS Selection Menu" (I think that's what it says, but it's something to that effect) and then selecting your installation of Windows and pressing enter.

This should bypass the MSConfig setting and allow you to boot normally. When booted, you should remove the MSConfig setting to avoid further looping.

I'll let one of our malware experts take it from here.

Edited by Amazing Andrew, 11 December 2007 - 09:03 PM.


#3 Xandar

Xandar
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:22 AM

Posted 11 December 2007 - 09:24 PM

No dice. I went into the selection screen and went with the option you told me. I then did the "Start up windows Normally" The first time I did this, it flashed with a white screen and restarted. I tried again and got the blue screen flash then it restarted. I'm going to be trying to use a Win 98 boot disc (If i can find it) and might even try the windows XP cd.


I forgot to mention that I've tried to start it up enough that it comes with a second screen after the one you said.

Edit: Bad news... The Win 98 Boot floppy was a false savior. It got me to a dos prompt but it cannot read the NTFS system. The last file that the Safe Mode brings up is the amdagp.sys. Maybe that will help too.

Edited by Xandar, 11 December 2007 - 09:38 PM.


#4 Xandar

Xandar
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:22 AM

Posted 11 December 2007 - 09:52 PM

Good news. I got to a dos prompt. Is there a way to disable the safe mode entry in the boot.ini? I just found the boot.ini

#5 Xandar

Xandar
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:22 AM

Posted 11 December 2007 - 10:03 PM

I got it back up! I took one of the boot.ini from another one of my PCs and replaced it. Came up without a hitch. I also tried to start Spybot and it is now running! I am truly shocked that the boot.ini replacement worked.

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:22 AM

Posted 11 December 2007 - 10:31 PM

Hello Xandar
First Never force your machine into Safe Mode,you are lucky to get it back. Can you enter safe mode now?
What antivirus and Firewall do you have?
The loop has stopped?

I would run this Online scan ESET Online Scanner

Then Download,install and update SUPERAntiSpyware
Under "General and Startup", make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
Under "Configuration and Preferences", click the Preferences button.
Click the Scanning Control tab.
Under Scanner Options make sure the following are checked (leave all others unchecked):
Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining.

Click the "Close" button to leave the control center screen and exit the program
Then reboot into safe mode to scan the C drive. Perform a Complete Scan.
Quarantine ALL items in the summary. By clicking Finish.
Reboot
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 Xandar

Xandar
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:22 AM

Posted 11 December 2007 - 10:46 PM

Let me clear this. I'm accessing this forum by the means of another computer because I have disconnected that computer from my home network for fear that it will try to talk to the proverbial mother ship.

Safe Mode is locked. I can try to get to it but it will still blue screen the reboot to windows.

At the moment I have no firewall except for my router and I use no anti-virus program, but will be using Spy bot from here on forth.

And yes. I got the reboot loop to stop by replacing the boot.ini file with one from one of my other computers.

Edit: it also tries to start up a website with the root of safenavweb.com

Edited by Xandar, 11 December 2007 - 10:51 PM.


#8 Andrew

Andrew

    Bleepin' Night Watchman


  • Moderator
  • 8,260 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Right behind you
  • Local time:06:22 AM

Posted 11 December 2007 - 11:29 PM

Try disabling the automatic restart on failure setting sso that when it BSOD's you can copy down the error info. That should give us a clue as to what's happening when you boot in safe mode.

How to disable automatic restart

#9 Andrew

Andrew

    Bleepin' Night Watchman


  • Moderator
  • 8,260 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Right behind you
  • Local time:06:22 AM

Posted 11 December 2007 - 11:30 PM

Crap... double post. If a mod sees this, please delete this comment. Thanks.

Edited by Amazing Andrew, 11 December 2007 - 11:31 PM.


#10 Xandar

Xandar
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:22 AM

Posted 12 December 2007 - 05:18 PM

Okay. Here it is:

"A problem has been detected and Windows has been shut down to prevent damage to your computer.

IRQL_NOT_LESS_OR_EQUAL"

Then it gives some ideas to get rid of the blue screen. If you need that info as well i'll put it up

Technical information *** STOP: 0x0000000A (0xF90CD354, 0x000000FF, 0x00000001, 0x804E2E41)

#11 hamluis

hamluis

    Moderator


  • Moderator
  • 56,411 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:08:22 AM

Posted 12 December 2007 - 06:25 PM

That error message is sometimes (not always) overcome by running chkdsk /r from the Recovery Console. I've had it and chkdsk /r solved it for me.

http://www.google.com/search?hl=en&q=I...+chkdsk+%2Fr%3F

Louis




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users