Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

2010 virus, no access to computer


  • Please log in to reply
7 replies to this topic

#1 TOM40650101

TOM40650101

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:25 PM

Posted 10 January 2010 - 08:55 PM

I have the 2010 Internet Security virus BAD! The infected computer is a Dell desktop, running XP. It will start as normal, but after the login page, I get a box stating SPYWARE ALERT! Then various really bad sounding stuff, followed by a recommendation to do a scan. If you click to close the box, it starts the scan. If you try to close the scan or do ctrl-alt-del, you get a box stating the action is not authorized. There is no start button, or any icons on the desktop. This happens on all users, and also in safe mode (there is green field background in normal mode and a black background in safe mode). There is no access to the internet, so I can't download any malware antivirus software.

Now I'm on my laptop. Personally I'm at the point where I'm just about ready to re-install XP. However, my daughter has a ton of photos (not backed up of course!!) that will be lost if I do this.

Is there anything short of the nuclear option I can do??

Thanks for any help

Tom

BC AdBot (Login to Remove)

 


#2 AustrAlien

AustrAlien

    Inquisitor


  • BC Advisor
  • 6,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cowra NSW Australia
  • Local time:06:25 AM

Posted 10 January 2010 - 10:49 PM

Personally I'm at the point where I'm just about ready to re-install XP. However, my daughter has a ton of photos (not backed up of course!!) that will be lost if I do this.

Welcome to BC TOM40650101 :thumbsup:

I would recommend that we proceed as follows:

Recover personal files from the computer and then

either :trumpet: wipe the drive/install XP,

or :flowers: attempt to get past the malware, and attempt to get the system operational again and clean it up.

There is no guarantee that the system will get to be operational again: Malware removal is always a risky business. Hence my recommendation that you recover all personal files from the computer first, no matter which option you choose.

To recover your files, the following guide is a good one:
Use Ubuntu Live CD to Backup Files from Your Dead Windows Computer

Backup your personal files to an external USB hard drive, or another hard drive of some sort, or CD/DVD or flashdrive (a flashdrive should be "disinfected" beforehand though .... and I forget what to use ... let me know if you are going to do this).

Note: Files with the following extensions should not be backed up:
  • .exe
  • .scr
  • .htm
  • .html
  • .xml
  • .zip
  • .rar
  • .asp
  • .php


The safest practice is not to backup any executable files (*.exe), screensavers (*.scr), autorun (.ini) or script files (.php, .asp, .htm, .html, .xml ) files because they may be infected by malware. Avoid backing up compressed files (.zip, .cab, .rar) that have executable files inside them as some types of malware can penetrate and infect .exe files within compressed files too. Other types of malware may even disguise itself by adding and hiding its extension to the existing extension of file(s) so be sure you look closely at the full file name. Then make sure you scan the backed up data with your anti-virus prior to copying it back to your hard drive.

Again, do not back up any data with the following file extensions: exe, .scr, .ini, .htm, .html, .php, .asp, .xml, .zip, .rar, .cab as they may be infected.

Source: quietman7 http://www.bleepingcomputer.com/forums/ind...t&p=1390964

Edited by AustrAlien, 10 January 2010 - 10:51 PM.

AustrAlien
Google is my friend. Make Google your friend too.

Posted Image

#3 TOM40650101

TOM40650101
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:25 PM

Posted 11 January 2010 - 07:27 PM

thank you for your help. I've started loading Ubuntu and ran into a problem. On step 4 of 6, it's asking where I want to put Ubuntu. I know I don't want to delete Windows XP, but the other 2 options won't work as it states I do not have enough free space. My Windows XP Home Edition (/dev/sda1) shows its using 74.5gb, and I only have 7.8mb of free space.

Is there a way around htis?

#4 AustrAlien

AustrAlien

    Inquisitor


  • BC Advisor
  • 6,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cowra NSW Australia
  • Local time:06:25 AM

Posted 11 January 2010 - 07:55 PM

I've started loading Ubuntu and ran into a problem. On step 4 of 6, it's asking where I want to put Ubuntu.

Please explain exactly where you are and what you are trying to do.

Let me see if this clears it up: You sound as though you are attempting to install Ubuntu, and you should NOT be doing that.
You simply run Ubuntu as a LiveCD operating system, by choosing "Try Ubuntu without making any changes to your computer" at the first screen. This does not add anything at all to your hard drive.
AustrAlien
Google is my friend. Make Google your friend too.

Posted Image

#5 TOM40650101

TOM40650101
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:25 PM

Posted 11 January 2010 - 08:24 PM

Yes, you're right. Sorry about that. So I backed all the way back out and started over. I nw have a Ubuntu desktop, 2 icons: "Examples" and "INstall Ubuntu 9.10"

How do I access my files?

#6 AustrAlien

AustrAlien

    Inquisitor


  • BC Advisor
  • 6,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cowra NSW Australia
  • Local time:06:25 AM

Posted 11 January 2010 - 08:32 PM

How do I access my files?

From the instructions ...

Once the system has started up, the first thing you want to do is choose Places > Computer from the menu.


Edited by AustrAlien, 11 January 2010 - 08:33 PM.

AustrAlien
Google is my friend. Make Google your friend too.

Posted Image

#7 TOM40650101

TOM40650101
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:25 PM

Posted 16 January 2010 - 12:06 PM

All the files needed have been saved. Thanks for your help. What would be the next step in removing the virus? I've been traveling all week, just got back

#8 AustrAlien

AustrAlien

    Inquisitor


  • BC Advisor
  • 6,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cowra NSW Australia
  • Local time:06:25 AM

Posted 16 January 2010 - 08:03 PM

What would be the next step in removing the virus?

There are a number of ways to go about this, and a number of tools to choose from, so I have had to make a choice, and hope that you can follow this without too much trouble. If there is any problem along the way, please stop and post your question/problem with details of where exactly you are up to.

:inlove: Use the following guide to create a BartPE bootable CD How to edit the registry offline using BartPE boot CD ?
http://windowsxp.mvps.org/peboot.htm
:flowers: Then use that same guide and the BartPE CD to edit the Window's registry in the exact fashion used in the guide example. Please be very careful, very exact, and post if you have any problem what-so-ever.


:thumbsup: When you have completed the above, again using BartPE, please look for the following folders/files and delete them if found.
  • c:\s
  • c:\Program Files\InternetSecurity2010 <<< delete this folder and all its contents
  • c:\WINDOWS\system32\41.exe
  • c:\WINDOWS\system32\winhelper86.dll
  • c:\WINDOWS\system32\winlogon86.exe
  • c:\WINDOWS\system32\winupdate86.exe
  • %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Security 2010.lnk
    C:\Documents and Settings\<username>\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Security 2010.lnk
  • %UserProfile%\Desktop\Internet Security 2010.lnk
    C:\Documents and Settings\<username>\Desktop\Internet Security 2010.lnk
  • %UserProfile%\Start Menu\Internet Security 2010.lnk
    C:\Documents and Settings\<username>\Start Menu\Internet Security 2010.lnk
Source: Remove Internet Security 2010 (Uninstall Guide) Posted by Grinler on December 10, 2009
http://www.bleepingcomputer.com/virus-remo...t-security-2010


:trumpet: Now restart your computer normally, removing the BartPE CD.
Does your system start normally now? If so, we will now be able to continue with the malware removal using the "normal" methods.
AustrAlien
Google is my friend. Make Google your friend too.

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users