Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware Gone, but No Sound, No BITS, XP boots to CMD prompt only


  • Please log in to reply
2 replies to this topic

#1 bigbearh

bigbearh

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:08 AM

Posted 02 September 2009 - 01:36 AM

I had a bunch of malware (Total Protection? and System Protector? I can't remember these generic names)..

Anyway, I used MSconfig, Malwarebytes, and combofix (the only one that actually took care of anything because the infestation somehow blocked all other scanners from running and reinstalled itself when I did get them to run. AVG8.5 and Spybot search and destroy were present but didn't help much.

THE GOOD: no more popups taking control of explorer.exe.
Networking works via wireless and ethernet.
I can use everything fine and didn't lose any files.

THE BAD:
No sound at all (Control Panel > Sound and Audio Devices > reports "No Audio Device"
- but clicking on hardware says "device is working properly"

No BITS service:
I can't run windows update, or ONEcare or install anything from microsoft in iexplorer (no security updates)
(the windows update site, and many other virus scanners complain that they can't run in safe mode)
I can't turn on BITS manually from services.msc
Error "Could not start the BITS service on local computer.... Error 1084: service can't be started in safe mode"


Current State:
I can change bootup options in MSCONFIG but even when I choose "normal startup" XP boots up fine, but doesn't start explorer.exe (or anything) except a window with the c:\Documents and Settings\Username dos prompt.
I can run explorer.exe and then everything is stable except for the above issues.

This is a Compaq Presario V5310US
windows xp home edition 2002 SP2

Any ideas where to start to get sound and updates going again?


:thumbsup:

Edited by bigbearh, 02 September 2009 - 02:07 AM.


BC AdBot (Login to Remove)

 


#2 bigbearh

bigbearh
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:08 AM

Posted 02 September 2009 - 02:42 AM

Reading another forum:
http://www.petri.co.il/forums/archive/index.php/t-23032.html
makes me think its something about 'SafeMode" in registry.

searching "safemode" in regedit reveals many keys like this:


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1127B7095AA567A4DB7A87865C78A357 4F57260AB42358E4596E782BDC274910 02:\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinDefend\

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\52795F2371BD01F42A6775BF9209C842 4F57260AB42358E4596E782BDC274910 02:\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinDefend\

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\59251E4271B80F94B91D0035114F0805 4F57260AB42358E4596E782BDC274910 02:\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend\



HKLM\system\controlset001\safeboot AlternateShell cmd.exe
HKLM\system\controlset002\safeboot AlternateShell cmd.exe
HKLM\system\controlset002\control\session manager\environment SAFEBOOT_OPTION NETWORK
HKLM\system\controlset004\CONTROL\safeboot AlternateShell cmd.exe

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot AlternateShell cmd.exe

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment SAFEBOOT_OPTION REG_SZ NETWORK

I don't know if that means anything but it seems related.

Edited by bigbearh, 02 September 2009 - 03:33 PM.


#3 bigbearh

bigbearh
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:08 AM

Posted 02 September 2009 - 03:35 PM

SOLVED: Malware Gone, but No Sound, No BITS, Windows Updates don't work, XP boots to CMD prompt only, Windows XP thinks its in Safe Mode

Found my solution with help from link above!

Scenario:
I removed virus and malware (Total Recovery) with combofix and then couldn't do windows updates or install some things (system said I was in safe mode but I wasn't).
Also for me, the PC audio device wasn't recognized, AND the PC booted to
only a window with a dos 'cmd' prompt.

looked for:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Option

I first modified OptionValue dword value from 2 to 0
reboot and sound worked fine and windows updates started to work fine! (still had dos prompt only)

Then modified UseAlternateShell dword value from 1 to 0
Now PC is all better and boots normally into explorer.exe

Great thread! Hope my story helps others.

James




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users