Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can not run Antivirus, can only boot in safe mode


  • Please log in to reply
3 replies to this topic

#1 Anna1345

Anna1345

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:34 PM

Posted 26 October 2009 - 02:11 AM

Okay so I am having major problems! Running Windows XP First I started getting all these BAD popups and nothing made them go away. So I ran a Ccleaner, and Spybot S&D. I was prompted to reboot. I did. when I got to log in screen, it immediately prompted an automatic reboot citing a NT Authority\system reboot. So I rebooted in safe mode with networking, tried to run antivirus. then I tried to run SuperAntiSpyware, it started to run, showed 2 trojans and something else, then stoped running and I no longer have access to it. So I tried running malewarebytes (also renamed it mb.exe). Same thing. Starts to run, dissapears then I no longer have access to it. Happened to spy bot S&D. Tried to access the online SuperAntiSpyware. No go. Runs, picks up 2 Trojans and quits working. HELP!!! I can not boot in normal mode.

I can not run a Hijackthis....

BC AdBot (Login to Remove)

 


#2 Queen-Evie

Queen-Evie

    Official Bleepin' G.R.I.T.S. (and proud of it)


  • Staff Emeritus
  • 16,485 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:My own little corner of the universe (somewhere in Alabama). It's OK, they know me here
  • Local time:02:34 PM

Posted 26 October 2009 - 07:18 AM

You mentioned that you booted into safe mode with networking.
Have you tried regular safe mode?

#3 Anna1345

Anna1345
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:34 PM

Posted 26 October 2009 - 10:07 AM

Yes I have. I was able to get a rootrepeal report

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/10/26 02:01
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_iaStor.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_iaStor.sys
Address: 0xF6A7B000 Size: 778240 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xF652B000 Size: 49152 File Visible: No Signed: -
Status: -

Name: win32k.sys:1
Image Path: C:\WINDOWS\win32k.sys:1
Address: 0xF791B000 Size: 20480 File Visible: No Signed: -
Status: -

Name: win32k.sys:2
Image Path: C:\WINDOWS\win32k.sys:2
Address: 0xF76EB000 Size: 61440 File Visible: No Signed: -
Status: -

==EOF==

#4 Anna1345

Anna1345
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:34 PM

Posted 26 October 2009 - 10:09 AM

Also I just downloaded combo fix it and it says "Combofix detected a rootkit activity and needs to reboot" so I am rebooting at the moment



UPDATE:
Okay So COmboFix said it removed a bunch of infected files and it was successfully restored. It it attempting to reboot the machine.

UPDATE 2:
I finally got combofix to work. Ran it. It detected a rootkit. It removed a bunch of infected stuff. This allowed me to boot in normal mode and download/run malewarebytes. Ran Malewarebyts and it too detected a bunch of stuff. I am trying to Super anti spyware but I am not able to down load it and run it. It seems that my execution files for it and Spyware S&D are read only files. I tried uninstalling and reinstalling to no avail.

Attached Files


Edited by Anna1345, 26 October 2009 - 11:40 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users