Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Warning! Spyware Detected On Your Computer Yellow/blue. Desktop Locked No Icons, Taskbar, Or Cmd.exe Available.


  • Please log in to reply
3 replies to this topic

#1 Nerdful Things

Nerdful Things

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Location:Portland Maine, USA, Earth, Sol
  • Local time:10:05 AM

Posted 09 August 2008 - 07:35 PM

Pasted from my notes of today, read it and weep (too).
Greetings. Been reading and researching all day to get to this point. I am asking where to start so as not to get in trouble with powerful tools.
In a (very large) nutshell:
Dell Dimension 4600 XP Home tower. (Has bad reputation, but power supply voltages fine, all hardware, network, perfect under PCLOS live CD).
Could not follow beginning steps here or other forums, I.E. run spybot, hijack this logs etc., as desktop locked to blue/yellow even in safe mode. Right click inop.
ctrl-alt-del brings up task manger. Run from tab gives cli field, but no commands accepted. I.E. cmd.exe gives "module could not be found" same with explorer.exe, sfc.exe etc, even when typing full path.
Recovery console from cdrom gives c:\windows prompt after blank admin password entered. CHKDSK worked, SFC did not.
Found but did not clean many viruses with TRK3.3 virusscan using AVG, F-prot, clamav, others.
To add to fun, both dvd and cdrom pair would not read my cdr/rw discs. Would read dell setup disk ok. Installed another cdrom on their secondary ide cable for now.
Ran dell setup, using install, not recovery as first choice. After a few mins, it said install fresh or repair. I chose repair.
It went to bsod at 34 minute mark after this dialog box kept popping up. "rundll c:\documentsandsettings\ausername\localsettings\temp\kbitkbilcfe.dll could not be found".
BSOD said: "Stop 0x000000C2 BAD_POOL_CALLER" error message .
Googling it, I found "take out modem in Dell Dimensia 4600 when running setup". After that I still got the rundll file complaint many times, but it finally installed. Left modem out for now, will use cat5 when ready.
Before reboot, ran PCLOS live cd and found all user data ok!.
Boot to XP, missed timing of f8 to start safe, it booted to icons/taskbar for a second, then right to locked up yellow/blue malware.
Rebooted in safe mode, I now have black desktop, all user's icons, right click, taskbar and start button.
I have on usb key: spybot s/d with latest update files, hijackthis, autoruns, combofix, smitfraud, and dss. Ready to run those and online tools at your advice. (will start now with Spybot).


P.S. I registered yesterday and made your training waiting page my home page. I am a hardware and PCLOS geek, but so many friends and family ask me to wipe their windows, I should help here for others.
Thanks!

[Tired of windows]
--
edit update:
no go. burned usb files to cdr as system won't read usb yet. spybot wants online access so won't install, start, run cmd brings up rundll line again: c:blahblah\temp\kbitkbilcfe.dll, as doe most any right mouse click.
loaded recovery disk to look for recovery installation, most clicks on disk buttons bring up the rundll error.
This happens on safemode or regular mode. I tried killing some active processes as soon as seeing the desktop, and managed to avoid the locked screen, but it mat as well be. Now I ask for help.
I cannot run any tools such as hijack this, dss etc.
unless there is a way to do it from a bootable floppy, I am out of luck it seems.
night..

Edited by Orange Blossom, 09 August 2008 - 10:59 PM.
Move to more appropriate forum. ~ OB


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,537 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:05 AM

Posted 09 August 2008 - 11:19 PM

It would seem to me the best thing is to wipe the drive and reinstall the OS,
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Nerdful Things

Nerdful Things
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Location:Portland Maine, USA, Earth, Sol
  • Local time:10:05 AM

Posted 09 August 2008 - 11:51 PM

darn I thought help was coming.
Reinstall will surely work.
It seems in 2 days of intensive research no one has an answer.
If web site will help anyone in future with this problem, I am posting details.
If any other helpers are stumped by this, I have a few advantages being a guinea pig.
I have ghost image of this drive before I booted the machine.
I have ghost after getting to where I was when posting the message.
As I type, stuff is happening on the distressed box...
as it runs or i try things, more and more things come up with the dreaded LINE1 as I will call it from now on. (c:\documentandsettings\ausername\localsettings\temp\kbitkbilcfe.dll).
All data is safe, yes i can be just another phone store..oops reloader.
start-run-cmd line1
start-run-all programs-accessories-system tools-system restore.. line1
click on hijackthis icon, .exe on desktop.. line1
see?
anything to do to try and fix gets directed to a temp file where dll does not exist, and yes i have booted with live cd to find any hidden files etc.
thanks for being the first responder, let's work on this, i will not be the last.
Oh and for good measure, googling rundll module not loading, i hit some google link that crashed firefox in my PCLOS machine. when looking in history, i hit a url i haven't figured out that is home of antivirus 2009...

give me strength...

#4 Nerdful Things

Nerdful Things
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Location:Portland Maine, USA, Earth, Sol
  • Local time:10:05 AM

Posted 10 August 2008 - 01:44 PM

Am I in right place to await help?
Thanks!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users