Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Laptop virus infection prevents complete logon, even in Safe Mode


  • Please log in to reply
2 replies to this topic

#1 Euthenia

Euthenia

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:19 AM

Posted 30 May 2009 - 01:25 AM

I have an IBM ThinkPad, running Windows XP Professional. While working online last week, The screen suddenly went blue and gave an error message (unfortunately, I don't recall what it said). I attempted to restart, but could not logon. I shut down, then removed the battery. A few hours later, I reinserted the battery and tried to boot back up. I now receive the following error messages:

First -

Services.exe - Application Error

The instruction at "0x00096e80" referenced memory at "0x00096e80". The memory could not be "written".

Click OK to terminate the program
Click CANCEL to debug the program

Second, appearing behind that error message, is the logon screen. I enter my password and the logon screen disappears. A few seconds later, another error message pops up:

Data Execution Prevention

To help protect your computer, Windows has closed this program.

Name: Boot Acceptance Application for Registry
Publisher: Microsoft Corporation

Data Execution Prevention helps protect against damage from viruses and other security threats. What should I do? CLOSE MESSAGE


If I click on the underlined "What should I do?" link, it brings up a help screen. Through that screen, I am able to follow another link which brings up my browser window, and I am able to access the internet. If I 'X' out that error window, I get yet another pop up error message:

Boot Acceptance for Registry

Boot Acceptance Application for Registry has encountered a problem and needs to close. We are sorry for the inconvenience.

If you were in the middle of something, the information you were workin gon may be lost. For more information about this error, click here. CLOSE (or) DEBUG


Following that link I get:

Boot Acceptance Application for Registry

Error signature EventType : BEX P1 : services.exe P2 : 5.0.2134.1 P3 : 47d29fec P4 : unknown P5 : 0.0.0.0 P6 : 00000000 P7 : 00095778 P8 : 00000005 P9 : 00000008

To view technical information about the error report click here. CLOSE


Which takes me here:

Error Report Contents

The folowing files will be included in this error report:

C:\DOCUME~\********\LOCALS~1\Temp\WERa267.dir00\services.exe.mdmp
C:\DOCUME~\********\LOCALS~1\Temp\WERa267.dir00\appcompat.txt
CLOSE

(asterisks above represent my computer logon name)

I have used ctrl+alt+del to bring up the Task Manager, where I have tried to access the Desktop by starting a New Task, but as soon as I do, I get a black screen with the notorious System Security 2009 warning, followed by the 'loading' of my desktop icons behind a fake AV program which runs and tells me I am infected. The difference in my case, however, is that this appears to be more malicious than a mere succession of nag screens. I cannot circumvent the pop-ups in order to run my MalwareBytes and other system protection software. In fact, I cannot access any of my laptop files. Any icon I click or program I try to 'run' or folder I try to open results in a tiny pop-up bubble over a fake AV icon in the taskbar, which tells me that the specific file is infected and urges me to click to download the latest protection. I have tried a couple of times to use Task Manager to end some suspicious processes, but that doesn't seem to have any effect. Eventually, the same cycle of warnings begins, no matter what.

I have also tried to get into Safe Mode in order to run my Malware and Spybot programs, but I am denied logon access completely, nor can I force the Task Manager to open.

Is there any way at all to force a logon? I have tried downloading and running my Malware prog again, and telling it to open and run upon completion of download, but the program will not download. I haven't tried scanning my laptop directly from the internet - is that an option? Can you recommend a safe site where I can do this free of charge that will also allow me to remove the offending files?

I am at my wits' end. Is this a lost cause or can my laptop be salvaged? I have some very important files that I had not yet backed up and cannot afford to lose them . . .

Any help would be very greatly appreciated!

BC AdBot (Login to Remove)

 


#2 Euthenia

Euthenia
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:19 AM

Posted 30 May 2009 - 09:49 AM

By the way, I was in the habit of routinely running Spybot S&D, Malwarebytes, and ccleaner on the Thinkpad mentioned above. The last time I ran them (the day before the crash), they reported no infections, and no registry errors. This thing caught me totally off-guard.

I'm going to take a quick detour while I wait for help with the original issue:

I am currently using an old Compaq Presario desktop, with Windows ME, to access the internet. I'm afraid using the Thinkpad, even though I can force an internet connection, will just keep the virus floodgates open. In the meantime, I am wondering if anyone can recommend an alternative to Malwarebytes anti-malware. That program is not available for ME, but I don't want to leave this PC unprotected. (I do have Spybot S&D and ccleaner installed, but they don't catch everything.)

Thanks!

Edited by Euthenia, 30 May 2009 - 09:51 AM.


#3 Euthenia

Euthenia
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:19 AM

Posted 31 May 2009 - 12:01 AM

Well, after reading through more topics in this forum, I decided to try a few things for myself. I went back to the laptop and forced it to go online, then - after many hours of trial and error - managed to access MalwareBytes by using the browse feature of an online file scanner. I then closed the browser and managed to run the program, which found and removed around sixty infected files. After that, I was able to restart, logon, and access my desktop. But, I had to reconfigure my browsers' proxy settings, because I couldn't get online anymore, and my programs were unable to properly update.

When I was back online, I downloaded and installed two additional protection programs, SuperAntiSpyware and Avast Home Edition. I wanted to run both of them, as well as MalwareBytes, which I couldn't update prior to running beforehand, and was prompted to update each of the three programs in turn. I was also prompted to restart prior to running each of them. Restarting after the Avast update triggered an automatic scan - which I believed to be safe, based on the program info and settings, so I let it run. After completion, the screen went black, then the laptop restarted. Now, I can't get past a looping logon request. After inputting my password, I get a message that says my preferences are being loaded, then I'm kicked back out to the logon screen. As before, I cannot get into safe mode, and I also cannot access the BIOS screen to change the settings to allow for boot-up through the CD drive.

This is very disheartening. Is there anything I can do at this point?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users