Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer screwed by virus


  • Please log in to reply
2 replies to this topic

#1 vitlow

vitlow

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:00 AM

Posted 22 January 2009 - 01:50 AM

Please help!!!
My laptop was over-run by a virus which I have been fighting to remove for ~5days so far.
I was making good progress and had most of it removed until I made a very bad and also very stupid mistake.
One of the viruses sneaky tricks was to stop me booting in safe mode - when trying to boot in safe mode it would 'blue screen' and then start-up in normal mode so the virus would always run start-up. So I had got round this by using the system configuration utility and essentially starting up with nothing except my virus checker and few other things turned on. I was happily getting rid of the virus and actually found 4 dll's which were (most likely) the root of the problem - so I was almost done with the whole clean-up when I screwed up big time.
Obviously the 'dll's' were write protected so I started researching on how to delete write protected 'dll's' - most of the conclusions I found were to download an unlocking program (can't do this since the virus has disabled both my wired and wireless connections - "cannot find network address") or to start-up in safe mode and then delete.
Thinking I was smart, I thought I could fool the virus by going into the "BOOT.INI" in the system configuration menu and selecting /SAFEBOOT as the boot option. I did not realise that when I re-booted the virus would see this as a "Boot in Safe mode", blue-screen and boot in normal mode as before, but now when it starts to boot up "normally" the system configuration is in /SAFEBOOT and the cirus is seeing this as a "SAFEMODE" boot and blue-screening again - so I am in a constant loop of blue-screens with nowhere to go and no way to boot into windows.

I thought of booting from a floopy disc, so I have generated a disc and booted to the A:\ - thing is, I don't know how to carry on the boot process from the floppy - what do I do next??? Anyone got some step-by-step instructions for recovery from a boot disk - or any other instructurions on how to recoer windows?

Would greatly appreciate any help out there.
By the way, flattening the C-drive is an option I would do - but I have a bunch of files on there I need to get off, one of the the viruses talents was blocking any writing to a CD/DVD and also infecting both a USB stick and external HD I tried using to get the files off. So if I can get the laptop booted up again - great, but i'm at the stage of - screw the files, I just want a working lap-top back.

BC AdBot (Login to Remove)

 


#2 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,714 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:06:00 AM

Posted 22 January 2009 - 03:59 AM

If you have the installation CD you could try to apply the Last Known Good Configuration. This article explains how to do this.

Once you get back to where you can boot your computer I would suggest posting a topic in the Am I Infected forum explaining in detail what your problem is.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#3 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,011 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:09:00 AM

Posted 23 January 2009 - 09:57 PM

Hello vitlow,

My apologies about your topic getting moved to the misplaced log forum. Someone else posted a HiJack This log to your topic which I have now pruned away. I am also moving this topic to the XP forum where I think it originated.

I see that you have since posted a HiJack This log here: http://www.bleepingcomputer.com/forums/t/197430/nasty-undeletable-virus-infection/ However, I note that the log is incomplete. I also note that you didn't follow the directions in the preparation guide here: http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/ Is this because you are unable to run DDS?

At this point you have a few choices.

1) Have this topic closed and keep your topic in the HiJack This forum as is.

2) Have this topic closed and the topic in the HiJack This forum deleted and post a new topic with a DDS log or, if unable to create such, a complete HiJack This log.

3) Have the topic closed and the HiJack This topic deleted and create a new topic in the Am I Infected forum as dc3 suggested and see if your issues can be resolved there.

Please let me know how you wish to proceed as a response to this topic.

Orange Blossom
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users