Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Halp!


  • Please log in to reply
4 replies to this topic

#1 idiotmyshkin

idiotmyshkin

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:42 PM

Posted 26 October 2008 - 10:31 AM

My laptop has been unable to boot for about 6 months now, and last night, I just felt like trying it again, so I started it up, and was able to boot into safe mode. I'm using Windows XP Home SP2, with a 25gb hard drive, 224mb of ram, Celeron processor at 2.2ghz. The virus that is on my laptop has created an administrator account that is not visible under "user accounts", though is visible (but inaccessable) from the XP login page, consistently turns off my anti-virus software (sbc-yahoo online protection package), has taken away my access to windows installer with an error message that states "the system administrator has set policies to prevent this installation". gpedit does not work. I cannot go online. "administrator *" is not recognized as an internal or external command, operable program, or batch file. I REALLY do not want to try to reboot it, seeing as how it's the first time I've gotten it to boot in 6 months. Any suggestions? I'm running in safe mode now.

BC AdBot (Login to Remove)

 


#2 tswsl1989

tswsl1989

  • Members
  • 260 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cymru/Wales
  • Local time:10:42 PM

Posted 26 October 2008 - 10:40 AM

When you get the message "administrator *" is not recognised, what are you doing?
What anti-virus software are you running on that laptop, and do you have a way of copying files to it?
Tom

Tswsl1989
Duct tape is like the force. It has a light side, a dark side, and it holds the universe together

#3 idiotmyshkin

idiotmyshkin
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:42 PM

Posted 26 October 2008 - 10:48 AM

I'm running it from CMD.exe, It's some advice I found from another forum to try and change the admin password. I'm running att yahoo online protection which is....powered by norton (I think). I've been trying to find my update version, and a way to download necessary updates onto my flash drive, but haven't been able to yet, and I'm not sure if it would require the installer to update it, or if not, how I would update it otherwise.

sorry, it's powered by Computer AssociatesR

#4 idiotmyshkin

idiotmyshkin
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:42 PM

Posted 26 October 2008 - 10:51 AM

Computer Associates Antivirus

Product version: 7.0.7.4
Engine Version: 31.1.0
Virus Signature Update: 5334
Proxy Expiry Date: 11/27/2008

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:42 PM

Posted 26 October 2008 - 11:55 AM

Hello

Your PC also had a Backdoor trojan,Backdoor.Sdbot.
This Trojan allows for its author to control a computer by using Internet Relay Chat (IRC). The Trojan can update itself by checking for newer versions on the Internet.

Your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. Even though the infection has been identified and quarantined all financial,password and account numbers that were stored on this PC should be considered stolen.

Disconnect infected computer from the internet and from any networked computers until the computer can be cleaned or reformatted.
Inform all of your banks, credit card companies, financial institutions. You may have been a victim of identity theft and to put a watch on your accounts or change all your account numbers.
Change ALL of your online passwords from a NON infected Computer.

When Should I Format, How Should I Reinstall?
Danger: Remote Access Trojans.
How Do I Handle Possible Identify Theft, Internet Fraud and Credit Card Fraud?

We will help you clean this PC but that would be a decision you have to make and there is no promise of future security without the format. Let us know how you wish to proceed.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users