Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Something Nasty - Can't Get Anything to Execute


  • Please log in to reply
4 replies to this topic

#1 superls1

superls1

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:16 AM

Posted 01 December 2009 - 05:56 PM

Dell laptop D620, ~3 year old with Windows XP Professional, latest service packs.

Somehow, I have allowed an infiltration that has completely hijacked my computer. I can't get into Safe Mode as I get an error. I don't have the hex address handy. The only way I can boot is by disabling 'Automatic reboot with system error'.

When I get the computer to finally come up, I am continually hammered with messages about the computer being infected and asking if I want to upgrade my anti-virus. The error messages point to sysguard2010.com.

I can't get any form of AV to execute. I have PC Tools and ZoneAlarm on there. Somehow, the hi-jacking won't allow them to execute. I can't even execute Task Manager.

Is there some way to run any sort of AV or Combofix remotely if I am connected to a network?


Very frustrated.

Thanks.

Edit: Moved topic from XP to the more appropriate forum, to preclude the need for member reposting, as suggested in this thread. ~ Animal

BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 56,541 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:01:16 AM

Posted 01 December 2009 - 06:36 PM

Info only: http://www.bleepingcomputer.com/virus-remo...irus-system-pro.

Read carefully and see if you can follow suggestions.

Louis

#3 superls1

superls1
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:16 AM

Posted 01 December 2009 - 07:12 PM

That is exactly what I have, but I cannot execute anything. So, when I get to step 7, this f'ing infection somehow prevents rKill from running. I am sure I will have the same problem with installing MBAM.

I can get the computer up by using F8, selecting don't restart on system error. My hope was that there was someway to 'point' AV software at my laptop.

I did find post #14 interesting in this thread, but it is almost too much information. It is hard to know if one option is better than another, risks, etc.

#4 hamluis

hamluis

    Moderator


  • Moderator
  • 56,541 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:01:16 AM

Posted 01 December 2009 - 08:13 PM

When in doubt...I suggest posting at BleepingComputer.com - Am I infected What do I do - http://www.bleepingcomputer.com/forums/f/103/am-i-infected-what-do-i-do/. They are better able to advise on malware situations than us folks here at the XP forum.

Louis

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,047 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:16 AM

Posted 02 December 2009 - 09:59 AM

The instructions in Post #14 are options to try if a computer cannot boot up at all. If you can boot up in normal mode (even though there may be problems) you have other options.

You can try downloading and using the VIPRE Rescue Program - the size of the downloaded application is large. This is a utility designed to scan and clean a computer which is so badly infected that most programs cannot run. Virus definitions are included and the program is self-running once executed. All scans include Rootkit Detection. Be sure to print out and follow the instructions provided on the same page for running under Windows or with the Command Line option.

You can also try downloading and using TDSSKiller.zip.
Be sure to print out and follow the instructions provided on that same page for performing a scan.
-- If malicious services or files have been detected, the utility will prompt to reboot the PC in order to complete the disinfection procedure. After reboot, the driver will delete malicious registry keys and files as well as remove itself from the services list.

Follow that by scanning with the Kaspersky Virus Removal Tool. Be sure to print out and read the instructions provided in How to use Kaspersky virus removal tool.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users