Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

trojan 119428


  • Please log in to reply
5 replies to this topic

#1 Norman_11

Norman_11

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:03:15 PM

Posted 21 July 2009 - 07:55 AM

clamwin sent me email of scan (see below) ,,,, The computer was turned off before issue was addressed . Now when I try to startup computer i log on and I see my desktop for a split second and then instant logoff . I have tried Safe Mode with same results . It is a Dell Precision 490 windows xp Service pack 3.
How do I address this issue?? Do I reinstall windows?

Scan Started Mon Jul 20 06:30:00 2009
-------------------------------------------------------------------------------

*** Scanning Programs in Computer Memory ***
*** Memory Scan: using ToolHelp ***


*** Scanned 32 processes - 438 modules ***
*** Computer Memory Scan Completed ***

C:\hiberfil.sys: Permission denied
C:\pagefile.sys: Permission denied
C:\WINDOWS\ServicePackFiles\i386\userinit.exe: Trojan.Agent-119428 FOUND
C:\WINDOWS\ServicePackFiles\i386\userinit.exe: Removed
C:\WINDOWS\system32\config\DEFAULT: Permission denied
C:\WINDOWS\system32\config\SAM: Permission denied
C:\WINDOWS\system32\config\SECURITY: Permission denied
C:\WINDOWS\system32\config\SOFTWARE: Permission denied
C:\WINDOWS\system32\config\SYSTEM: Permission denied
C:\WINDOWS\system32\drivers\fidbox.idx: Permission denied
C:\WINDOWS\system32\userinit.exe: Trojan.Agent-119428 FOUND
C:\WINDOWS\system32\userinit.exe: Removed
C:\WINDOWS\Temp\ZLT006c2.TMP: Permission denied
C:\WINDOWS\Temp\ZLT0766a.TMP: Permission denied

----------- SCAN SUMMARY -----------
Known viruses: 596209
Engine version: 0.94.1
Scanned directories: 6277
Scanned files: 68164
Infected files: 2
Data scanned: 19004.16 MB
Time: 4057.947 sec (67 m 37 s)

Edited by Norman_11, 21 July 2009 - 09:35 AM.


BC AdBot (Login to Remove)

 


#2 Stang777

Stang777

    Just Hoping To Help


  • Members
  • 1,821 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:15 PM

Posted 21 July 2009 - 09:55 AM

Hi,

I would start out by doing a scan with Malwarebytes...

It can be downloaded from any of these places...

http://www.malwarebytes.org/mbam.php

alternate download link 1 (easiest way)
http://malwarebytes.gt500.org/mbam-setup.exe

alternate download link 2
http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.html

Double-click on mbam-setup.exe to install the application. (If it will not download, install, or open after installation, change the name of it to whatever you want and change the .exe extension to .bat or .com or .pif or scr and then double click on it to run.)

When the installation begins, follow the prompts and do not make any changes to default settings. When installation has finished, make sure you leave both of these checked:

Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware

Then click Finish.

MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.

Make sure the "Perform Quick Scan" option is selected. Then click on the Scan button.
If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.

When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found". Click OK to close the message box and continue with the removal process.

After running that scan, post the complete log of the results here and then download, install, update and run a quick scan with SuperAntiSpyware and post the complete log of the results here. This scan may take some time to complete so please be patient.

That can be downloaded from SuperAntiSpyware.com

If it will not download, install, or open after installation, change the name of it to whatever you want and change the .exe extension to .bat or .com or .pif or scr and then double click on it to run.

If possible, both programs should be run in regular Windows, not safe mode. Allow both programs to remove whatever they find and if they tell you that you need to reboot your computer to complete the removal process, reboot into normal Windows.

#3 Norman_11

Norman_11
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:03:15 PM

Posted 21 July 2009 - 11:47 AM

But first I need to be able to get logged on my computer . Note

Now when I try to startup computer i log on and I see my desktop for a split second and then instant logoff

..........

#4 Stang777

Stang777

    Just Hoping To Help


  • Members
  • 1,821 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:15 PM

Posted 21 July 2009 - 11:53 AM

Ooops, I missed that, sorry.

Hopefully someone will come along soon and be able to help you with that

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,749 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:15 PM

Posted 21 July 2009 - 12:35 PM

If you cannot bootup or logon in normal or safe mode, then your options are limited. You may be able to use a Windows XP bootable Floppy Disk to boot from a diskette instead of your hard drive. If your hard drive's boot sector or Windows' basic boot files have been corrupted, this disk will circumvent the problem and boot you into Windows. If you don't have an emergency boot floppy, you may be able to use one created on another PC running Windows XP but there's no guarantee that it will boot your machine.Another option is to create a Bootable CD:These are links to Anti-virus vendors that offer free LiveCD or Rescue CD utilities that are used to boot from for repair of unbootable and damaged systems, rescue data, scan the system for virus infections. Burn it as an image to a disk to get a bootable CD. All (except Avira) are in the ISO Image file format. Avira uses an EXE that has built-in CD burning capability.If you are not sure how to burn an image, please read How to write a CD/DVD image or ISO. If you need a FREE utility to burn the ISO image, download and use ImgBurn.

Note: In order to use a rescue disk, the boot order must be set to start from the CD-ROM drive. If the CD is not first in the boot order, the computer will attempt to start normally by booting from the hard drive. The boot order is a setting found in the computerís BIOS which runs when it is first powered on. This setting controls the order that the BIOS uses to look for a boot device from which to load the operating system. The default will normally be A:, C:, CD-ROM. Different computers have different ways to enter the BIOS. If you're not sure how to do this, refer to:If at some point, you are able to boot up but have difficulty running programs, you can try using VIPRE PC Rescue. This is a command-line utility that will scan and clean a computer which is so badly infected that programs cannot be easily run. Be sure to print out and follow the instructions provided on the same page.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 Norman_11

Norman_11
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:03:15 PM

Posted 22 July 2009 - 06:11 AM

Heres what I did . I deleted partition and reinstalled OS .




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users