Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

can only log on in safemode


  • Please log in to reply
4 replies to this topic

#1 ineedafix123

ineedafix123

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:23 PM

Posted 13 December 2009 - 02:16 PM

Greetings all

I was running XP media center edition with service pack 3 everythig worked great until i was infected with a fake anti viruus i think it was called spyguard.
i was unable to shut it down with task manager or run malwarebytes so i restarted and when i did my destop desplay was channged saying you are infected and the anti virus so i used root repeal to see the processes running and begain to not only shut them down but kill and force delete them thinking it was a bug i foolishly deleted ssms.exe which crashed my computer
on restart i recieved the blue screen of death

i called dell and ordered a new XP disc After one month of delays i cancelied the order and found what i thought was it on ebay
but it was xp mediacenter edition with roll up 2 not SP2 so when i did a repair install i virtually downgraded my system to what on the says 2005 with a copyright of 2006 but is a 2002 version.
after my repair install i was able to get into windows but gone was the sleek look of my login in it's place was an old windows 2000 looking login box where i now had to type each username in order to login.

once i logged in everything looked the same but soon the fake antivirus was back along with IE popups so i again used root repeal to search for hidden files and found files with nt titles and each users name next to it assuming they were bugs i wiped them when i restarted and tried to log on to my profile i got an error saying it could not load my destop settings all my files were still there just no longer on my desktop but the bugs were also.... so after a restart i logged on and was stuck at loading personal settings for hours so i restarted
all of my profiles now had this loading problem
so on safe mode i logged in renaming malwarebytes on a another "clean machine" and emailing it to my self i ran and removed
300 infections
i created a new profile but the new profile still has the login problem the other profiles do.

is there a way for me to fix this or create a profile that wont suffer from this

i cannot format i have 100 gigs if files that cannot be lost.

BC AdBot (Login to Remove)

 


#2 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:07:23 PM

Posted 13 December 2009 - 04:07 PM

You should have waited for the Dell CD

soon the fake antivirus was back along with IE popups so i again used root repeal to search for hidden files and found files with nt titles and each users name next to it assuming they were bugs i wiped them


You're still infected. your best bet is before you even start to format and reinstall is to wipe the drive with Killdisk or Dban
http://www.killdisk.com/
http://www.dban.org/

Edited by garmanma, 13 December 2009 - 08:02 PM.

Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#3 ineedafix123

ineedafix123
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:23 PM

Posted 13 December 2009 - 06:02 PM

i did get a dell cd... from ebay...... when i run malwarebytes the machine is clean.... i removed 300+ infections

its no longer popping up i got it its gone

Edited by ineedafix123, 13 December 2009 - 06:06 PM.


#4 Ken-in-West-Seattle

Ken-in-West-Seattle

  • Members
  • 518 posts
  • OFFLINE
  •  
  • Local time:04:23 PM

Posted 13 December 2009 - 06:59 PM

From a quick read of your situation, it looks like you did not get the same version of xp media center oem for dell that originally came with your computer. Version 2002 and version 2005 are quite different. If you used an actual 2005 Dell oem cd to do a "repair install" rather then an actual reinstall, then your malware was never gone at all since a repair install will do nothing to find and replace rootkits though it can replace and repair files that have been damaged by rootkits in some cases. A mixed install of 2002 and 2005 mediacenter files is going to act like it is infected even if it isn't.

Also your infection is unlikely to follow a Dell full reinstall from OEM cd/dvd. You may have backed up an infected file or dropper. Can we assume you no longer have the recovery partition or the diagnostic partition our Dell originally shipped with?

Back up your files to an external drive with no bootable os on it. Killdisk and dban are handy for sterilizing your drive even though deleting partitions and making and creating a couple of different sized partitions in setup after booting from your Dell oem xp mc disk should be good enough to kill anything on the original partitions...

Do a complete reinstall on the clean drive. Load only the dell network driver from cd or known clean usb key if needed for internet access.

Manually load SP3 from a cd or flash drive. If it is sp1 you should be able to run just sp3 rather than sp2 and then sp3.
Make sure your firewall is turned on. Do manual windows updates (63 of them I think) Do not install IE8 until last. Then install the updates to IE8 that will appear. Turn on automatic updates and make sure the firewall is still on and remove all the AOL exemptions from it unless you actually use AOL.

Install you antivirus of choice looking for and enabling scanning of external drives on plug.

Install malwarebytes and superantispyware.

Do a restore point and/or a clonezilla backup image.

plug in your drive with backed up files and scan with everything you have. Let it kill anything that looks suspicious.

Move on with you life and reinstall the apps you use.

#5 ineedafix123

ineedafix123
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:23 PM

Posted 13 December 2009 - 08:05 PM

thanks packing up my files now and getting ready to wipe the drive a start over




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users