Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Major Infection - Please Help!


  • This topic is locked This topic is locked
10 replies to this topic

#1 mward77095

mward77095

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:07:03 AM

Posted 30 January 2008 - 11:27 AM

First of all, thank you in advance for assisting me with this. You should first know that I am sending this from a different computer (not the infected computer) as I have limited control on the one that is infected.

2 days ago upon start up, my HP m7250n desktop started up fine but then all of my icons disappeared and I had no access to my task bar. I can get to task manager to restart. I tried to re-boot in Safe Mode but the PC will not let me. I can enter my log in info in safe mode, but after logging in, the screen stays black, no Icons, task bar, nothing. Just a black screen with Safe Mode in the corners of the screen.

I can still launch in normal mode, and my Icons will appear briefly before they disappear. Before the icons disappear, I am able to lauch Internet Explorer and have ran Trend Micro and AVG Virus and Spyware detection. Both found viruses and deleted them effectively, however I have no change.

In trying to launch other virus detection, the PC seems to be giving me less and less control each time I relaunch. I don't know where to go from here. Thanks for the help!

Mark

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,117 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:03 AM

Posted 30 January 2008 - 01:43 PM

Please follow the the instructions for using Vundofix in BC's self-help tutorial: "How To Remove Vundo/Winfixer Infection". Use Task Manager to run the tool.

When Task Manager opens, click the File menu and select New Task (Runů) or click the Applications Tab and select "New Task" at the bottom, browse to the location of VundoFix.exe, double-click on it and then press "Ok" to launch.

After running VundoFix, a text file named vundofix.txt will have automatically been saved to the root of the system drive, usually at C:\vundofix.txt. Please copy & paste the contents of that text file into your next reply.

Some types of malware can delete or alter the safeboot key in the registry resulting in the inability to reboot into safe mode. If using vundofix did not ressolve the safe mode booting issue and if your using Windows XP, continue as follows:

Use Task Manger to open regedit
  • Click OK.
  • On the left side, click to highlight My Computer at the top.
  • Go up to FileExport
    • Make sure in that window there is a tick next to "All" under Export Branch.
      Leave the "Save As Type" as "Registration Files".
      Under "Filename" put RegBackup.
  • Choose to save it to C:\
  • Click save and then go to File ╗ Exit.
Then download SafeBootKeyRepair.exe by sUBs and save to your desktop. Again use Task Manager to double-click on it and follow the instructions. When finished, reboot and see if you can access safe mode.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 mward77095

mward77095
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:07:03 AM

Posted 30 January 2008 - 02:01 PM

Ok, thank you but how can I download this file when my computer keeps locking up? Also, I don't have access to programs in order to copy and paste and send the txt file.

#4 mward77095

mward77095
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:07:03 AM

Posted 30 January 2008 - 02:06 PM

Wait, I was able to type fast enough to get the VundoFix saved and it is running now. I'll post back soon.

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,117 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:03 AM

Posted 30 January 2008 - 02:09 PM

Ok. I was going to give you instructions on what to do but that's not necessary now.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 mward77095

mward77095
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:07:03 AM

Posted 30 January 2008 - 02:52 PM

Well, the system locked up during the Scan and did not finish. It did find one file before it stopped... C:\windows\system32\gebcy.dll.

So, you might have to give me altermate instructions.

Thanks again for this help.

#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,117 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:03 AM

Posted 30 January 2008 - 02:59 PM

Use Task Manager to install, create and post a hijackthis log so we can have a better look at what's on your system.

Please read the pinned topic titled "Preparation Guide For Use Before Posting A Hijackthis Log". In step #9 there are instructions for downloading HijackThis and creating a log. (This is a self-extracting version which will automatically install the current version of HJT in the proper location.)

If HijackThis will not run, try renaming it. Open the HijackThis Folder, right-click on the HijackThis.exe file and rename it Scanner.exe. Double-click on Scanner.exe (which is still HijackThis) and then run your scan. If needed, change the .exe to something else such as .bat, .com, .pif, or .scr. Example: Scanner.bat or Scanner.com

When you have done that, post your log in the HijackThis Logs and Malware Removal forum, NOT here, for assistance by the HJT Team Experts. A member of the Team will walk you through, step by step, on how to clean your computer. If you post your log back in this thread, the response from the HJT Team will be delayed because your post will have to be moved. This means it will fall in line behind any others posted that same day.

Start a new topic, give it a relevant title and post your log along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. Please include the top portion of the HijackThis log that lists version information. An expert will analyze your log and reply with instructions advising you what to fix. After doing this, we would appreciate if you post a link to your log back here so we know that your getting help from the HJT Team.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 mward77095

mward77095
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:07:03 AM

Posted 30 January 2008 - 03:27 PM

Ok, I will try to do this. Is this a long scan of my system? I ask because my system will lock up after a short period of time. Looking at my task manager, my CPU usage goes up to 100% and everything locks up.

#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,117 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:03 AM

Posted 30 January 2008 - 03:32 PM

If your referring to the HJT scan, it should only take a few minutes.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#10 mward77095

mward77095
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:07:03 AM

Posted 30 January 2008 - 03:36 PM

Ok, I'm not sure how, but I was able to run the program and create a log. I started a new topic as you suggested. Here is the link...

http://www.bleepingcomputer.com/forums/t/128528/hijack-log-please-help/

#11 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,117 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:03 AM

Posted 30 January 2008 - 06:10 PM

After posting a log you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the member assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

However, you should make a quick edit to include the top version of your log which was left off. The first line of your log should appear as follows:
Logfile of Trend Micro HijackThis v2.0.2

From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.

If after 5 days you still have received no response, then post a link to your HJT log in the thread titled "Haven't Had A Reply In Five Days?".

To avoid confusion, I am closing this topic until you are cleared by the HJT Team. If you still need assistance after your log has been reviewed and you have been cleared, please PM me or another moderator and we will re-open this topic.

Thanks for your cooperation and good luck with your log.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users