Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HELP! My Laptop wont do safe mode or boot into reg Windows mode-


  • Please log in to reply
9 replies to this topic

#1 azyardies

azyardies

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:USA
  • Local time:05:38 PM

Posted 14 December 2009 - 10:43 AM

MALWARE issues!!!

I was having trouble staying in SAFEMODE to try to do some cleanup on my Laptop. The malware prevented my getting into safe mode and would cause the pc to just reboot normally. Because of this, I went into the msconfig>system config utility > boot.ini>
then placed a check in the safemode box. I rebooted.

Now its worse because it is now stuck with the BLACK screen safe mode choices. But It still wont go into safe mode and wont even reboot normally to reg windows mode.

It trys to reboot on its own after a countdown of 30 seconds. But a blue screen quickly flashes once. Then it tries to reboot over and over again no matter which option I pick
(last known config, safe mode networking, safe mode, safe with command, etc), it just tries to
reboot over and over again like a broken record.

I can get into phoenix BIOS by pushing F10 (or F12 I think), but I dont know what I can do there.

At this point, i just want my pc to be able to boot normally into Window, and I will see
what I can do in reg windows mode as far as cleaning the malware off my pc.
Please help in easy terms.
Thanks for your help in advance...

PS: Windows Home edition OEM sp2 IE7-HP pavillion 8100 laptop-
I have the original sealed discs that came with my 4 or so year old Laptop.
I just need to be walked step by step if I need to boot from them. I dont want to have to wipe everything out or have to do a fresh install, if I can at all avoid this....Sorry for the hassle.


My original main goal was to do cleanup in safe mode. Once I can get into the system config utility area, and UNCHECK the box in boot.ini for safemode, I may have to repost about getting into safe mode.

Edited by azyardies, 14 December 2009 - 10:48 AM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,760 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:38 PM

Posted 14 December 2009 - 03:34 PM

Hello and welcome. I am moving this from XP to the Am I Infected forum for scans.

Lets do these from normal.

Please download TFC by Old Timer and save it to your desktop.
alternate download link
Save any unsaved work. TFC will close ALL open programs including your browser!
Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.

Next run MBAM (MalwareBytes):

NOTE: Before saving MBAM please rename it to zztoy.exe....now save it to your desktop.

Please download Malwarebytes Anti-Malware and save it to your desktop.

alternate download link

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer),

they may interfere or alert you. Temporarily disable such programs or permit them to

allow
the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from

    here and just double-click on mbam-rules.exe to install.
On the Scanner

tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed
with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.



I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 azyardies

azyardies
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:USA
  • Local time:05:38 PM

Posted 14 December 2009 - 06:03 PM

Hi All. Hi Boopme:

PLEASE note that I am stuck in the safe mode phase. My PC wont reboot. It wont do safe mode. It does nothing. The only thing i can access is the Phoenix Bios.
What I need to do first is get passed safe mode and reboot normally. BUT the reason I think that I am stuck in the safemode screen is because I placed a CHECK mark in this area...run>msconfig>boot.ini tab> and placed a check in the safemode box.
The reason I had to do this is because the malware was preventing me from going AND staying into safe mode (when doing the F8 pressing)......All my pc was doing was rebooting normally.

But now with the box checked in msconfig, it wont do nothing. No boot at all.
How can I uncheck the box so I can do all you are advising?

#4 AustrAlien

AustrAlien

    Inquisitor


  • BC Advisor
  • 6,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cowra NSW Australia
  • Local time:10:38 AM

Posted 14 December 2009 - 08:13 PM

Please follow the instructions provided by quietman7 in post #14 at the following link, to fix your immediate issue ...
http://www.bleepingcomputer.com/forums/ind...t&p=1535498
AustrAlien
Google is my friend. Make Google your friend too.

Posted Image

#5 azyardies

azyardies
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:USA
  • Local time:05:38 PM

Posted 15 December 2009 - 12:35 AM

To: AustrAlien: I followed your advice to do Quietman7 instructions. I have listed my steps here to make sure I did things right..... First let me start by saying that it did NOT work. :thumbsup:

I put in the CD that came with my Laptop....
Windows did the set up in blue background. Then it stopped and went to
Welcome to setup.

I Pressed 'R' to enter the Recovery Console.

Then it says, Which Windows installation would you like to log onto ( 1:
C:\WINDOWS), I clicked on the number "1" then enter. Then it asked for the
Admin password, I just clicked enter cause there was never a pw made.

Then this came up, C:\WINDOWS>
So I typed " ren boot.ini boot.ini.bak " ... to look like this:

C:\WINDOWS>ren boot.ini boot.ini.bak

I clicked enter. The message came up " The parameter is not valid. Try /?
for help.

I retyped it without a space after "ren". This came up: "The command is not
recognized.Type help for a list of supported commands."

I dont know if placing or removing spaces between the letters makes a
difference but I did try it with or without spaces...... Anyways....

Anyways, I removed the disc, typed EXIT. And the machine rebooted. But, it instantly went back to the same old problem and the countdown began again of the
cycle of rebooting endlessly after 30 seconds. So I assumed that the
Boot.ini file infact did NOT get re-named sucessfully.

What is going wrong here? Any ideas what I might have missed or why the
renaming thing did not work?
I really appreciate your help. Thanks

#6 AustrAlien

AustrAlien

    Inquisitor


  • BC Advisor
  • 6,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cowra NSW Australia
  • Local time:10:38 AM

Posted 15 December 2009 - 12:54 AM

Then this came up, C:\WINDOWS>
So I typed " ren boot.ini boot.ini.bak " ... to look like this:
C:\WINDOWS>ren boot.ini boot.ini.bak

Type ren C:\Boot.ini Boot.ini.bak

To look like this C:WINDOWS>ren C:\Boot.ini Boot.ini.bak

You wrote: "I dont know if placing or removing spaces between the letters makes a difference"
It is critical to success!

Edited by AustrAlien, 15 December 2009 - 12:55 AM.

AustrAlien
Google is my friend. Make Google your friend too.

Posted Image

#7 azyardies

azyardies
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:USA
  • Local time:05:38 PM

Posted 15 December 2009 - 09:43 AM

Hi AustAlien: Yes indeed adding the C:\ in front made the difference and adding spaces.
To look like this C:WINDOWS>ren C:\Boot.ini Boot.ini.bak

Here is where I am at....I was able to reboot and am now in windows. Went to My computer> C drive> windows> and found the boot.ini.bak file there. After doing the renaming, I went to run> msconf >system Config Utility and the BOOT.INI tab is not where to be seen. The only tabs visible there are: General, system.ini, win.ini, services, startup ONLY.

These are the ways I tried renaming the boot to see if it would work:

boot.ini file
boot.ini
boot.inifile

None worked.
On another note, the rogue anti virus thing keeps popping up. SS&Destroy is going crazy flashing.
So I have alot of work to do once I get the boot.ini thing back to norm.
Thanks for help. Please, what can i do about this boot.ini thing??

NOTE: On my desktop pc, i noticed that the boot.ini file is located in the "Local Disk(C:)". But on my infected Laptop, I found the boot.ini.bak file in the "Windows" area as stated above; NO traces of the boot.ini.bak or anything with the word boot were in my laptop local disk (C:)

Edited by azyardies, 15 December 2009 - 09:49 AM.


#8 AustrAlien

AustrAlien

    Inquisitor


  • BC Advisor
  • 6,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cowra NSW Australia
  • Local time:10:38 AM

Posted 15 December 2009 - 12:31 PM

I've seen someone else do exactly the same thing ... ie. inadvertently move the file from the C:\ folder to the C:\WINDOWS\ folder.

The file MUST be named "boot.ini", and at the moment it is located at C:\WINDOWS\boot.ini
Right-click on that file, and select "Copy".
Now navigate to the C:\ folder, and in there (in a blank area), right-click and select "Paste".
You should now have a copy of the "boot.ini" file in C:\ drive, like so C:\boot.ini

Now ....
Start > Run > and type "msconfig" and press <ENTER>
You will then see the BOOT.INI tab, and can make the necessary change.
Ensure that all items in msconfig are enabled, and that the startup type is "Normal".
Click Apply, OK, Restart now ....

Allow your system to start normally. Does it start as expected?
(You can then navigate to C:\WINDOWS\ folder and delete the copy of boot.ini that is located there.)

*Note: If you receive a "read-only" message, right-click on the file and select "Properties" and remove the check-mark from the "read-only" box, and click Apply, OK etc.
------------------
*Edit:

*Note: It might be handy at this time if you were to provide some details of the malware that you are seeing/the messages that are being displayed.

Once the above steps have been completed .... return to boopme's post and run TFC and Malwarebyte's Anti-Malware as instructed. Please pay particular attention to the comment about disabling other security programs that may interfere with malware removal, especially Spybot's TeaTimer. Post the MBAM log.

If you are then able to do so, continue with boopme's instructions to run the ESET on-line scan.

Edited by AustrAlien, 15 December 2009 - 12:57 PM.

AustrAlien
Google is my friend. Make Google your friend too.

Posted Image

#9 azyardies

azyardies
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:USA
  • Local time:05:38 PM

Posted 15 December 2009 - 02:02 PM

AustrAlien:
Coping the file to the C:\ worked and I unchecked the SAFEBOOT box in msconfig. My avg scan finished and placed everyhthing in the virus vault that it found. I rebooted my machine.

Now...my system is stuck in the "Welcome screen" (blue) - I click on my user acct (only one that I have), and it starts to say, 'loading your personal settings'. I get a split second view of my wallpaper on my desktop. But then it goes back to the welcome blue screen...Then it says 'logging off' under my icon user name acct..It wont log off/turn off unless I manually click the 'turn off computer' button on the bottom left corner.

I tried rebooting three times now, and the machine can not go beyond the 'welcome screen'.

Note this: Normally, before this malware happened to my Laptop, when I turn ON the pc, I never had to "click" on the user account. It would go straight to the wallpaper/desktop. The only time that I would need click on my icon user acct, is after it hibernates/stand bys;because it was there and I had to in order to resume windows. I dont have any password on this acct.

Sorry for the hassle. But I do thank you for your help..

#10 AustrAlien

AustrAlien

    Inquisitor


  • BC Advisor
  • 6,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cowra NSW Australia
  • Local time:10:38 AM

Posted 15 December 2009 - 02:29 PM

My avg scan finished and placed everything in the virus vault that it found.

Oh dear oh dear .... you are getting yourself into some bother .... AVG and you have removed one or more files that you really did not want to remove!

Let's see if we can extract you from this little mishap.
Visit the link below and follow the instructions slowly and carefully. Although it may seem a little daunting, it is really quite easy. I expect that you will be back up and running in just a few hours.
Fix Windows XP Logon/Logoff Loop .... thinkinginpixels
http://thinkinginpixels.com/quick-fixes/fi...onlog-off-loop/
AustrAlien
Google is my friend. Make Google your friend too.

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users