Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need Major Help with Q6.exe, Q5.exe VIRUS


  • Please log in to reply
52 replies to this topic

#1 annieb1

annieb1

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:05:33 PM

Posted 13 February 2009 - 11:31 PM

My husband's laptop has some sort of virus. We have McAfee Security Center on our laptops. He said that yesterday, he saw a warning on his computer that a major virus was discovered and it asked if he wanted the system to scan it. He also saw a few other little warnings on his screen and wasn't sure what to click on so he clicked on the link that asked if he wanted the scan to start and left the computer. The next morning. He went to use his computer and it would start up but then continually log off and on.

Then his screensaver was replaced by a big rectangle with shapes inside of it like red squares with green or yellow rectangles in them and small green rectangles of various sizes. You can't get past it. Eventually the screen times out and he gets a screen that says "Welcome" and his name (like we would normally get if the computer goes to sleep when we're not using it). If he clicks on it the computer logs on and off. And then you get that big colored rectangle. Everytime you wait till the screen changes and it goes back to the welcome screen if you click on it, the system logs on and off.

I waited till the screen went into that sleep mode and clicked on "Turn off computer" at the bottom left corner of computer. Then at the next box I select restart. As it is restarting I click on control f8 to get to safe mode. Here's where I have no clue what to do. I have tried, clicking on safemode and then I select the operating system and then I get the screen listing all the drivers and then it gives me a screen where I can log on as administrator or my husband. I have tried logging on as both. When I log on, it looks like it is going to take and then it logs me off right away and everytime I relog on it then logs me right back out.

I tried to log on safe mode with command prompts and the same thing happens.

I also tried selecting the option that I expected would allow me to go back to a day before the virus took over but if I click on it, it takes me back to the big rectangle with the red squares and rectangles and long green rectangles.

I cannot access anything that will let me disable system restore. There is literally no way to get to the box where you would select that option. I don't know if there is a way to disable it without having access to the normal method of doing that.

I have spent hours on my laptop, this evening, doing research on every website I can find, trying to find a solution for him. I can't access "start" or anything actually from his computer. I don't know how to get his McAfee virus scan to get rid of this either, although on occasion I would click on control F5 (I saw that on some website I was looking at) and for a second I would see the McAfee black box appear on the screen for a second and then it was gone...like it was giving it a try but the virus wouldn't let it open.

The CD/DVD drive on my laptop doesn't work so I can't download anything to a disk. We have to be very careful about what we do with his computer cause he uses it for business and all his files are there as well as a programming software that he uses. It's an old language that he has had for years. So we don't want to lose everything on his laptop.

He has a Dell Inspiron 1300 Laptop and uses Windows XP.

Any suggestions?

Thanks!

BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,011 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:06:33 PM

Posted 13 February 2009 - 11:52 PM

As no logs have been posted, I am moving this from the HiJack This forum to the Am I Infected forum. ~ OB
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:06:33 PM

Posted 14 February 2009 - 08:33 AM

You are describing the symptoms of a new infection that basically trashes system files and if they are not replaced carefully, can't be fixed.

A professional technician in a shop would be my choice.

Edited by DaChew, 14 February 2009 - 08:35 AM.

Chewy

No. Try not. Do... or do not. There is no try.

#4 annieb1

annieb1
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:05:33 PM

Posted 14 February 2009 - 06:07 PM

I'd like to try to fix it for him here at home first. I'm pretty saavy around computers and even if I don't know exactly what I'm doing I've been pretty successful in the past when I've had other problems. As long as someone gives me the step by step in plain english on how to resolve a problem, I've avoided having to pay someone else to do it for me.

So if there is someone who is willing to give me a hand with this, I'd really appreciate it.

Thanks,

An

#5 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:06:33 PM

Posted 14 February 2009 - 06:12 PM

Without a working cdburner this would be difficult
Chewy

No. Try not. Do... or do not. There is no try.

#6 annieb1

annieb1
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:05:33 PM

Posted 14 February 2009 - 08:42 PM

My son has a working CD drive. What do I need to download and how would I get it to work in the "sick" computer ?

#7 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:33 PM

Posted 15 February 2009 - 08:53 AM

Hello annieb1.

Da Chew, asked me if I could take a look at this problem.

It's good that you have some spare CD's. Do you have another computer that you can burn cd images to a CD, since you said your CD\DVD drive doesn't work...

Also, I was a bit confused on your first post. First you said you cannot log on because you get logged off right away.
Then you said, you cannot access the Start menu or disable system restore. Does this mean you still could log on but only for a limited time only? If so, how long can you stay in windows before it logs you off?

Just one note: If you have a windows XP CD disk, you could simply do a reinstall. Reinstall does not remove any of your files that or important data files. Music files, pictures etc... will not be lost. I have done a repair reinstall a few months back ago and none of my files were gone but I needed to reinstall all my programs that are installed. If you have your drive partitioned that will be easier, simply just reinstall your drive that has windows installed on, usually the C:\ drive.

Reinstall maybe the best option here.

One quick question before I leave. I will be back in the afternoon to continue helping.

Do you do registry backups often? If so, we can use the Recovery Console to help boot your computer back. If not we can use another software to boot into another windows and see what we can do. Perhaps backup your datas etc... before you do a reinstall so you feel safe that everything is in place.

I will get you the instructions soon. Thanks for being patient.

With Regards,
Extremeboy

Edited by extremeboy, 15 February 2009 - 08:58 AM.

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#8 annieb1

annieb1
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:05:33 PM

Posted 15 February 2009 - 05:31 PM

Hi,
Yes, we have another computer in the house that we can download things onto a CD from.
The problem is this. I cannot get to my desktop screen. I turn the computer on in regular mode and I see the Dell logo come on and then it puts this big red and blue rectangle with squares and other rectangles in it. I cannot get rid of that. That is all I can get to. I have to wait until the screen goes into sleep mode and then that rectangle is replaced by the screen that has my husband's name "Stew" and the box that says "log on". Also on the bottom left of that screen is the option to turn off the computer. If I click on that I get the normal three choices to hibernate, turn off or restart. If I click on restart it just shuts off and then restarts back to that big rectangle. If instead, I click the box for "Stew" to log on, it goes to that screen with the big colored rectangle. Sometimes it will make the sound like it is logging on and off. Lately it just goes to that big colored rectangle.

I have tried restarting into safe mode. I'm fine with the first screen where you select the manner of safe mode. Then the second screen wants you to click on the system you want and click enter. No matter what I click on on the prior screen, as soon as I get to the second screen where I select the system, it logs me back on and right to that big colored rectangle.

I put the original system disk in the drive to see if I could find a way to reboot using that disk but I can't find anything in safe mode that lets me even get to the disk in the drive. So I don't even know how I could do a reinstall if as soon as I turn the computer on it takes me right to that big red and blue rectangle. Is there something I can do in safe mode to tell the computer not to use the system to log on but instead use the CD drive? I already tried safe mode with command prompt...no use. Won't take me to that screen to type in prompts. Starts the system and takes me to the big rectangle.

I don't do registry backups. I do registry cleaning everytime I turn that computer off, during normal circumstances.

I appreciate any help you can provide.
Thanks!
An

#9 annieb1

annieb1
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:05:33 PM

Posted 15 February 2009 - 07:23 PM

Just wanted to give you an update. Someone else told me to try the following:

"# Insert the original Windows XP CD (Windows XP with Service Pack 2 is preferred, but not required) and reboot the computer. You may need to configure your computer to boot from the CD-ROM drive.
# When the Windows XP Setup has started, press "R" to "repair the Windows XP installation using Recovery Console".
# Select the Windows installation to repair (generally this is C:\Windows) by typing its number and then pressing ENTER.
# Type the Administrator password and press ENTER.
# Type the following commands:

D: [ENTER]
CD I386 [ENTER]
EXPAND USERINIT.EX_ C:\WINDOWS\SYSTEM32 [ENTER]

After entering "EXPAND USERINIT.EX_ C:\WINDOWS\SYSTEM32" you should see the text "1 file(s) copied", in which case all went well."


Then I tried to remove the Windows XP CD first, as he suggested, but it wouldn't come out so I then typed "EXIT" and pressed ENTER to restart the computer. He said I should now be able to log on as normally. And I did log on but it took me right back to the very same big rectangular screen. I don't think his fix was a fix. Nothing changed.

#10 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:33 PM

Posted 15 February 2009 - 07:25 PM

Hello.

I'm sorry but your wording and information you provided in the first post and the previous post have been confusing me.

To clarify: What happens when you restart your computer with the CD disk in it? Are you prompted to boot from the CD or...?

Also, what is the Big red blue rectangle you're talking about. Please be specfic as you can.

Thanks.

This may take some work. Please be paitent. There's a possible chance that this is not recoverable. I will try my best and ask others for any inputs as well. There is a way that may work that I thought about but may be risky and may not work, depending on how this infection works.

It seems it put a registry value in your HKLM "run" key that makes it log off and on once you go into windows. I will look into this ASAP. I need to go and will be back soon.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#11 annieb1

annieb1
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:05:33 PM

Posted 16 February 2009 - 06:57 PM

First, you may need to reread my first posting with the complete description of the problem. The rectangle is as follows: as a result of whatever virus or trojan got to this computer, my husband's screensaver was replaced by a big rectangle with shapes inside of it like red squares with green or yellow rectangles in them and small green rectangles of various sizes. You can't get past it to the desktop. Eventually that screen times out and he gets a screen that says "Welcome" and his name (like we would normally get if the computer goes to sleep when we're not using it). If he clicks on his name, the computer logs on and off. And then you get that big colored rectangle. Everytime you wait till the screen changes and it goes back to the welcome screen if you click on it, the system logs on and off.

I did manage to change the order of booting to the CD, but I didn't do anything beyond what I described above. And when you restart you're back to that big rectangle thing. Maybe I need to do something else when setup begins in the CD rom drive?

#12 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:33 PM

Posted 16 February 2009 - 09:13 PM

Hello.

I do not know what that person told you to via the RC was to do but as you know it didn't work.

He/She basically was trying to copy the USERINIT.EXE file to your System32 folder which didn't work because that isn't the problem it seem.

You could do a repair install right now and that should get this out of the way. I think it's something to do with the startup registry key that the malware did. Probably added a command there to cause your computer to log on and off as soon as you log on to windows.

I have an option but I would rather not try it because it may not be successfully and can be risky. We could also try to boot from Knoopix which is another OS and see what we can do there but a repiar install of Windows will be the easiest option here.

What do you think? IF you need any help on doing a repair install please ask or post another topic in the XP forum.

Repair install does not remove any of your important data files, pictures etc... It only repairs the system files and certain parts of the registry.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#13 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:06:33 PM

Posted 16 February 2009 - 09:31 PM

Just wanted to give you an update. Someone else told me to try the following:


I would concentrate solely on Extremeboy's advise here, I suspected some registry work might be necessary and called for his expert help.
Chewy

No. Try not. Do... or do not. There is no try.

#14 annieb1

annieb1
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:05:33 PM

Posted 16 February 2009 - 10:06 PM

I will do the repair installation. I have gotten to the point where I selected the windows installation to repair and clicked enter. Now I don't know what to do next to make it start. So if you're online now and can answer me great. If not, I will scout around online and see what I can find. It's 10:03PM eastern time.

#15 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:06:33 PM

Posted 16 February 2009 - 10:15 PM

http://www.michaelstevenstech.com/XPrepairinstall.htm
Chewy

No. Try not. Do... or do not. There is no try.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users