Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer unresponsive in normal mode Having problem scanning in safe mode


  • This topic is locked This topic is locked
8 replies to this topic

#1 SomersetGuy

SomersetGuy

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:06:40 PM

Posted 06 January 2009 - 06:16 PM

I am working on my sister's PC here. Last week she saw a popup that she says looked like a MS update. She clicked on it and has been having problems ever since. The software "FOUND" lots of malware and redirected her to a site to buy their software

The PC is a Dell XPS 400 running XP Media Edition SP 3. When you try to boot the machine in normal mode sometimes it just hangs once it reaches the desktop and other times I get a blue screen that says IRQL_NOT_LESS_OR_EQUAL STOP 0x0000000A (0xe1023C58, 0x00000002, 0x00000000, 0x805E1CA5). I booted it into safe mode and ran AVG (last updated on 12/23/08) AVG found the following which was moved to virus vault. C:\Documents & Settings\Steve\Local Settings\Temporary Internet Files\Content.IE5\RT27SPSR\freescan[2].htm - Virus ounf Fake Aert Object moved to virus vault.

I can't open anything in normal mode. I booted the machine in safe mode with networking I get a webpage not found message when I try to go to Microsoft's update site. I can get to Microsoft.com. using my PC I downloaded the exe file for Malwarebytes' Anti-Malware copied it onto a thumbdrive then over to her PC. It looked like it installed but when I run it all I get is an hourglass for about 2 minutes then the cusor returns. The program doesn't appear to start. Any advie? Thanks in advance.

BC AdBot (Login to Remove)

 


#2 Tehsplink

Tehsplink

  • Members
  • 120 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Near London
  • Local time:11:40 PM

Posted 06 January 2009 - 06:30 PM

Unfortunately i cannot find any command line search results for MBAM.
I can also not find any portable version of MBAM that isn't warez.

Is there nothing that you can do in normal mode?


Keep trying, and if you can get into normal mode and run a quick scan then please give us logs so we can analyze them.



Post back then :thumbsup:
Please PM me if i have been assisting you and do not reply for 24 hours!

#3 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:06:40 PM

Posted 06 January 2009 - 06:37 PM

If you can get mbam to run in safemode then do that
------------------------------------

Some types of malware will disable MBAM and other security tools. If MBAM will not install, try renaming it. Right-click on the mbam-setup.exe file and change the .exe extension to .bat, .com, .pif, or .scr and then double-click on it to run.

If after installation, MBAM will not run, open the Malwarebytes' Anti-Malware folder in Program Files, right-click on mbam.exe and change the .exe as noted above. Then double-click on it to run.
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#4 SomersetGuy

SomersetGuy
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:06:40 PM

Posted 06 January 2009 - 06:39 PM

I left her PC on all night last night hoping that I would be able to run windows update Update AVG etc today. It is frozen in normal mode. I was reading some other posts here and am able to HijackThis and dds.scr scans in Safe Mode. Would those be of any use?

#5 Tehsplink

Tehsplink

  • Members
  • 120 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Near London
  • Local time:11:40 PM

Posted 06 January 2009 - 06:41 PM

only in the hijack this section of a the forum. please do not post them here :thumbsup:
Please PM me if i have been assisting you and do not reply for 24 hours!

#6 SomersetGuy

SomersetGuy
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:06:40 PM

Posted 06 January 2009 - 06:51 PM

If you can get mbam to run in safemode then do that
------------------------------------

Some types of malware will disable MBAM and other security tools. If MBAM will not install, try renaming it. Right-click on the mbam-setup.exe file and change the .exe extension to .bat, .com, .pif, or .scr and then double-click on it to run.

If after installation, MBAM will not run, open the Malwarebytes' Anti-Malware folder in Program Files, right-click on mbam.exe and change the .exe as noted above. Then double-click on it to run.


OK I tried all of the above, each time I ge the cursor hourglass for a minute or two then it returns to normal. I started up Procss Eplorer and they are all (MBAM.exe, MBAM.pif, MBAM.scr etc.) running. Under properties their state: is Wait:UserRquest. Then it looks like they time out anddrop off the process list.

#7 SomersetGuy

SomersetGuy
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:06:40 PM

Posted 06 January 2009 - 06:54 PM

only in the hijack this section of a the forum. please do not post them here :thumbsup:



I know not to post them here. I have been doing a lot of reading. Would they be of any use? or do they nee to be run in normal mode to be useful?

#8 Tehsplink

Tehsplink

  • Members
  • 120 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Near London
  • Local time:11:40 PM

Posted 06 January 2009 - 07:31 PM

yes, they would be of use, i would like to see them to help you however i read the rules and i am only allowed to request them to review and not to deal with you... so I'm sorry but you would be better posting a new thread in the other bit of the forum and linking them to this post :thumbsup:
Please PM me if i have been assisting you and do not reply for 24 hours!

#9 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:05:40 PM

Posted 06 January 2009 - 11:13 PM

member has posted in the HJT forum. This topic is closed, as there is no need for this member to post anything further here.
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users