Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

VDUndo, Troj_fakeAV, immediate logoff, bsod safe mode


  • Please log in to reply
1 reply to this topic

#1 Bill Beadenkopf

Bill Beadenkopf

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:40 PM

Posted 02 December 2009 - 02:57 PM

CAD workstation infected with VDUNdo and Troj_FakeAV and maybe others. Personal Protector windows were popping up on this machine. The supervisor was able to start Sunbelt's VipreRescue, but it never created a log, so apparently did not finish. Other A/V software would not run (MalwareBytes AntiMalware, HijackThis).

The machine will not boot into safe mode. Goes to Stop 0x0000007B.
Same Stop message booting into recovery console from Windows CD. No problem booting to other CD-ROMs.

I ran NTFS4DOS A/V from Ultimate Boot CD. It discovered and renamed a number of VDUndo and Trojan records.

I used the Password and Registry Editor utility to remove key values in:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run for 'personalprotector' and 'winupdate86.exe'.

Also ran CHKDSK from this utility CD.

It will boot XP to a log-on screen. As soon as the login is entered, the desktop is visible for a brief instant and then it logs off back to the login screen.

Unless there is a bootable version, I don't have any way to generate a JijackThis log or ComboFix log.

What else can I try?

BC AdBot (Login to Remove)

 


#2 Bill Beadenkopf

Bill Beadenkopf
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:40 PM

Posted 10 December 2009 - 02:34 PM

Never mind. I wiped the machine.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users