Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I Need Major Help!


  • Please log in to reply
3 replies to this topic

#1 lga24

lga24

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:39 AM

Posted 28 August 2008 - 09:03 PM

I knew I had a virus when my I started getting pop-ups and other things that wouldn't go away. One said "spyware detected, please download...." and I knew it was fake so I didn't click it. another was an accept/decline box for some "Antivirus XP 2008" that I also knew was fake. I was getting error messages for things that I've never seen before and the screen kept flickering. This is what bugged me the most: pressing CTRL+ALT+DEL wouldn't bring up my task manager; all I got was an error message that read "Task manager has been disabled by system administrator." and I'M THE SYSTEM ADMIN... I never did that! To make matters worse, I kept getting porn pop-ups... vomit.

I tried running my antivirus programs to get rid of them. I ran Symantec Antivirus because that's what my college requires us to use. I also used Spybot Search & Destroy. Neither of these could download the latest updates, as they kept giving me error messages. I ran them anyway, knowing these programs weren't up to date, figuring I didn't have anything to lose. They both came up with a few things and I took care of those things, but I still had the same problems as before.

Luckily, I haven't left for college yet so I have access to my Mom's desktop computer (My laptop is the one giving me problems). I stumbled upon bleeping computer and found the tutorial titled "How to remove a Trojan, Virus, Worm, or other Malware". It told me to download Autoruns, which I did. I followed every instruction on how to use the program. Every single file that Autoruns came up with, I searched against the Startup Database. If it had a big red X next to it, I deleted it. If I wasn't sure or the database didn't recognize it, I left it.

Went to restart my computer in safe mode because I didn't have the patience to run the Autoruns with all the popups. I figured it would be easier to run Autoruns in safe mode. So I reboot in safe mode, and get to the startup screen where I have to type my password. The password goes through, the computer flashes my desktop, then returns to the previous screen and says "Saving your settings" as if it were shutting down. Try my password again. Does the same thing. Tried my password a couple more times until I realized I must have done something wrong in Autoruns.

Then I start reading around in forums on bleeping computer, and from reading other responses, I realize I deleted stuff on Autoruns that I wasn't supposed to. Some of them were svchost, shell32, etc. How could this be if the Startup Database told me they were viruses????

Now I can't even get to my desktop to back up files, get to system restore, etc.

I'm royally screwed. CAN ANYONE HELP ME???

Edited by lga24, 28 August 2008 - 09:16 PM.


BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,267 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:39 AM

Posted 29 August 2008 - 07:43 AM

You are saying you cannot get into safe mode to do anything but are you still able to get back into normal mode? From your post, that was not clear.

Note: Determining whether a file is malware or a legitimate process sometimes depends on the location (path) it is running from. One of the ways that malware tries to hide is to give itself the same name as a critical system file. However, it then places itself in a different location on your computer. So when you search for possible malware files in the database, you also need to be aware of the location that is provided.

Edited by quietman7, 29 August 2008 - 07:45 AM.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 lga24

lga24
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:39 AM

Posted 29 August 2008 - 09:43 AM

I can start in either mode, but both ask for my password at the beginning. As I explained, when I type my password, it flashes my desktop as if it were starting up, but then returns back to the password screen. This happens in BOTH safe mode and regular mode.

And no one told me that I had to pay attention to the path it was running from... I'm not a computer genius by any means. I followed step by step the "How to remove a Trojan, Virus, Worm, or other Malware" tutorial and checked all the files against the "Startup Database" and this is what I get.

Edited by lga24, 29 August 2008 - 09:44 AM.


#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,267 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:39 AM

Posted 29 August 2008 - 11:14 AM

In the How to remove a Trojan, Virus, Worm, or other Malware Guide, in Step 6 under How to remove these infections, a warning is clearly provided.

...It is important to note that many malware programs disguise themselves by using the same filenames as valid Microsoft files. it is therefore important to know exactly which file, and the folder they are in, that you want to remove. You can check our Startup Database for that information or ask for help in our computer help forums.


I understand your frustration but its not just deleting legit files that can cause the problems you are having. Malware can do the same. Without knowing exactly what files you deleted and where they were deleted from, its hard to say what was removed. If you were deleting malware files, they may not all have been deleted. Some infections are difficult to remove completely because of their morphing characteristics which allows the malware to regenerate itself. Sometimes another piece of malware which has not been detected protects other files (which have been detected) so they cannot be permanently deleted. If that was the case, depending on what type of infection you had, some types of malware can disable your ability to boot up.

If you cannot boot up in Normal or Safe mode, you may be able to use a Windows XP bootable Floppy Disk to boot from a diskette instead of your hard drive. If your hard drive's boot sector or Windows' basic boot files have been corrupted, this disk will circumvent the problem and boot you into Windows. If you don't have an emergency boot floppy, you may be able to use one created on another PC running Windows XP but there's no guarantee that it will boot your machine.

"Resolving Boot Issues with a Boot Floppy Disk".
"How to obtain Windows XP Setup boot disks" and select the download that's appropriate for your Operating System. The Setup boot disks are available so that you can run the Setup program on computers that cannot use a bootable CD-ROM.

Another option is to create a Bootable CD:
Bootable CD FAQs
How To Boot your Computer from a Bootable CD or DVD
How to Create a Bootable Windows XP Setup Disk on a Preinstalled/Preloaded Windows System

You can try doing a "Repair Install with Recovery Console". The Recovery Console is a Windows utility that provides a DOS-like command line from which you can run some repair programs. If you have a Microsoft Windows CD-ROM, you can get to the Recovery Console by booting from that CD and pressing any key when you told to 'Press any key to boot from CD'. At the 'Welcome to Setup' screen, press r for Repair.

"Langa Letter: XP's No-Reformat, Nondestructive Total-Rebuild Option"
"How to perform a Repair/Reinstall" (with screenshots).

If you don't have your XP CD you can download an ISO of the Recovery Console files:
Recovery Console ISO file
NTFS4FreeDos ISO
XP Recovery Console zip file

Burn it as an image to a disk to get a bootable CD which will startup the Recovery Console for troubleshooting and fixing purposes. This is especially useful for those with OEM systems with factory restore partitions or disks but no original installation CD. If you are not sure how to burn an image, please read How to write a CD/DVD image or ISO.

You can start a new topic in the Hardware forum if you need assistance with this.

Important Note: If this issue was indeed related to a malware infection, you should know that some types of malware can result in a system so badly damaged that a Repair Install will NOT help!. Reinstalling Windows without first wiping the entire hard drive with a repartition and/or format will not remove the infection. The reinstall will only overwrite the Windows files. Any malware on the system will still be there afterwards. Starting over by wiping your drive, reformatting, and performing a clean install of the OS removes everything and is the safest action. Please read:

"When should I re-format? How should I reinstall?"
"Help: I Got Hacked. Now What Do I Do?".
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users