Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

can't get past login, please help.


  • Please log in to reply
5 replies to this topic

#1 supac

supac

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:03:39 PM

Posted 13 March 2009 - 03:06 AM

Ok, backstory: I got the MS Antivirus 2009 virus from blindly downloading this file. I had Teatimer (or whatever program the S+D bot uses in the background) tell me some suspicious changes and all that stuff, so I run ComboFix. ComboFix seemingly fixes the problem, as the newly added shortcut to the MS Antivirus on the toolbar was gone. So I restarted my comp, just for good measure. This is when my comp starts failing. Login stalls for a while and takes a long time to get to the desktop, so I looked in my system32 file and looked for recent changes. I saw that there was a new file (svchostw.exe) which I googled. Seemed suspicious so I deleted it and tried restarting. Same problem occurs, stalled load to the desktop, internet doesn't work, auto shutdown because of RPC failure by NT Authority\system, and a svchost.exe application error with soemthing about the memory not being able to be read, so I was thinking the virus was still there. After trying a bunch of other stuff, I deleted my userinit.exe (33kb file) thinking it was one of the problems. Horrible mistake? So now when I login, it logs right back out and gets stuck on 'Closing Network Connections' + pretty much the same thing happens in safe mode, but even worse since I get the auto shutdown message from NT Authority\system. Another note is that I can not access task manage either as it gets stuck on the 'Closing Network Connections' box.

(sorry for the tl;dr)

I posted all the information I can think of, but I can't post the combofix log or anything since I can't even get to my desktop. So is there anything I can do to save my computer now? I have the Windows XP CDs from my friend, but I can't even figure out how to reformat it now. Please help. :thumbsup:

BC AdBot (Login to Remove)

 


#2 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,714 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:04:39 PM

Posted 13 March 2009 - 03:26 AM

Hi supac, and welcome to BleepingComputer.

Combofix is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. But you have probably figured this out by now.

If you have the installation disk you should do a repair installation. Once we get your computer back up you should post a topic in the Am I Infected forum to make sure that your computer is clean.

Note: The system repair function will remove any updates you have previously installed that are not included on the CD. Drivers will also be reverted to their original XP versions, as well as some settings (network & performance settings may sometimes be reset to their defaults). It may be necessary to reactivate your Windows XP as well. When finished, you will have to download all of the updates from Microsoft Windows Update, because they are all replaced during repair.

Boot the computer from the XP CD. You may need to change boot order in the BIOS so that the CD-ROM is the first device in the boot order.

When you see the "Welcome To Setup" screen, you will see the options below

This portion of the Setup program prepares Microsoft
Windows XP to run on your computer:

To setup Windows XP now, press ENTER.

To repair a Windows XP installation using Recovery Console, press R.

To quit Setup without installing Windows XP, press F3.

Press Enter to start the Windows Setup.

To setup Windows XP now and Repair Install , press ENTER.
You do not want to choose "To repair a Windows XP installation using the Recovery Console, press R.

Accept the License Agreement and Windows will search for existing Windows installations.

Select the XP installation you want to repair from the list and press R to start the repair. If Repair isn't one of the option end the installation, this will mean that you will need to do a fresh installation of XP.

The repair will copy the necessary files to the hard drive and reboot, the repair installation will continue after the reboot.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#3 supac

supac
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:03:39 PM

Posted 14 March 2009 - 02:02 AM

Boot the computer from the XP CD. You may need to change boot order in the BIOS so that the CD-ROM is the first device in the boot order.


What do I have to press to get to the BIOS screen?

(and thanks for the help so far :thumbsup: )

#4 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,714 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:04:39 PM

Posted 14 March 2009 - 02:33 AM

Accessing the BIOS depends on the manufacturer, the link below will take you to a site which lists the different vendors and which key to use. Basically what you do is when the computer starts you begin tapping that key until the BIOS opens.

http://www.michaelstevenstech.com/bios_manufacturer.htm

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#5 supac

supac
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:03:39 PM

Posted 14 March 2009 - 05:20 PM

ok, I figured out how to get to the BIOS screen, but the repair keeps on stalling at the 16 min mark. It keeps asking me to manually find the missing files in the E:/1386 drive, but I read somewhere that this step was skippable, so I skipped the long list of downloads. I'm thinking about just reformatting the whoel drive now, so how would I got about doing this?

#6 supac

supac
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:03:39 PM

Posted 14 March 2009 - 07:01 PM

ok, i decided to jsut reformat my C drive. thanks for the help though.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users