Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

windows startup problem


  • Please log in to reply
5 replies to this topic

#1 marzie_marzbar

marzie_marzbar

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:08 PM

Posted 27 July 2005 - 07:31 AM

i tried to save a hijackthis log after being infected with the oneclicker trojan (the one with popuper.exe, msole32.exe,intmonp.exe) etc but my computer then kept getting the "internet explorer has blah blah.."send report" "do not report"

and wouldn't let me save. So i decided to restart my computer in safe mood and try to do the hijackscan again and save the log.

however..now my computer pauses at the "windows XP - windows is starting up" screen.


my OS is WinsXP prof.

is there any hope of getting into my computer to atleast take whatever files i need (damn myself for not backing up) before i decide to have it reformatted or something?

BC AdBot (Login to Remove)

 


#2 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:06:08 PM

Posted 27 July 2005 - 07:43 PM

hello marzie_marzbar and welcome to the BC malware forum. If the computer will not boot to Normal or Safe Mode then try booting to the 'Last Known Good Configuration'. If that does not work then there are other manual methods that require the XP CD and booting to the recovery console that get quite involved. If you need to save the data I can get you a link to the instructions.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#3 marzie_marzbar

marzie_marzbar
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:08 PM

Posted 27 July 2005 - 10:57 PM

Hi OldTimer.

I tried that. It wouldn't start in the 3 types of "safe mode", didn't work in normal and i tried Last Known Good Config....it's been stuck on that 'Windows start up page" for the last 14 hours (since it took a while to get to that start up page...i thought it might take a while to actually get to my desktop - i was wrong).

What are the manual methods to boot to the recovery console?
i just really would like to save whatever was in my documents. The rest is replaceable.

I would really appreciate the link.

Cheers,
Marzie

ps: I just remembered...is this taking into account that i've been affected with the 'oneclicksearches' trojan thing? the affect comp has a whole bunch of .exe that i could see from 'task manager'. Popuper.exe, msole32.exe, intmonp.exe and a few others that i can't recall.

Edited by marzie_marzbar, 28 July 2005 - 02:26 AM.


#4 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:06:08 PM

Posted 28 July 2005 - 09:25 AM

Hi marzie_marzbar. If you cannot get it to boot into any mode then you can manually go back and replace the current registry with a prior one from System Restore. Here is a link for the directions: http://www.easydesksoftware.com/news/news20.htm

This is not an easy undertaking but it does work. I have tried it on a test machine myself. You will need your XP CD to boot into Recovery Console at various points in this fix. Make sure to read throughthe entire procedure and understand it before beginning.

Cheers and good luck.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#5 marzie_marzbar

marzie_marzbar
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:08 PM

Posted 28 July 2005 - 10:49 PM

ok. I'm using this "A new installation of Windows, not using a Recovery CD but a Widows CD, will allow you to keep all your documents and software, " section.

I've inserted the WinXP cd, and got into the "repair" option and it's currently copying files..but it pauses at wow32.dll, saying it cannot be copied.

And i've read that winxp might not work properly (and crash frequently) without this file. Although..i'm just really interested in getting into windows to burn everything in "my documents".

Should i risk not copying wow32.dll?

#6 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:06:08 PM

Posted 29 July 2005 - 10:23 AM

Hi marzie_marzbar. Wow32.dll is used to allow 16-bit applications to call 32-bit routines. it doesn't sound like you re going to run any 16-bit applications if all you are going to do is backup the My Documents folders. In any case, you don't really have an option. Try continuing and see what happens. The machine will not be any worse off than it is right now.

If all you want to do is copy over the My Documents folder you can always pull the hard drive and add it into another computer as a slave and just copy the files to the other computers hard drive for the time being. Make sure that the other computer is protected because there could be infected files that you will be copying.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users