Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Search engine redirects and other possible worms/virus


  • This topic is locked This topic is locked
5 replies to this topic

#1 Taktikool

Taktikool

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:14 AM

Posted 18 January 2010 - 06:13 AM

First off, I originally posted a topic on December 27th (http://www.bleepingcomputer.com/forums/topic281795.html) and at the time was not able to download and run DDS.scr and RootRepeal do to Norton's claiming they were viruses and would promptly remove and delete them every time. I am now able to and hope it is alright to post a new topic with the logs here. I checked to see if there was an option to delete the post but did not see one, so an admin may want to close out/delete the older post linked above.

Anyway, my lovely issues: redirects, random websites opening, Norton's constantly reporting attacks and possible worm?

- Around dec 25th this computer started getting attack messages from Norton's internet security every 30 minutes to an hour. The attack pop-up message reads, "a58990058.cn" as the attacker and risk name is listed as "HTTPS Tidserv C and C Domain Request" with application path \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\SVCHOST.EXE"
The Norton's attack messages have now become more frequent, about every 5 to 10 minutes, so I had Norton's stop notifying me about the attacks because the pop-ups were driving me insane. Not sure if this is of any great concern since Norton's claims to be blocking it, but figured I should mention it, since it started when my other problems did.

- Originally when I first started having problems, my browser would open up multiple random website tabs at once (in Firefox and IE). Now, the multiple websites have stopped popping up, but instead I get a single website every so often that opens its own tab on my browser page, usually something called "thewebsitesurvey," or one that tries to get me down download "Registry Defender," which I assume is a virus. Thewebsitesurvey site that pops open is highly annoying and plays an audio advertisement saying something along the lines of "Congratulations, you have been selected to take part in our anonymous survey" blah blah blah...by that point I normally close the window. It first pops up when I open Firefox, and then every so often pops up again and again while I still have a Firefox browser open. The amount of times between this popping back up seems to fluctuate. Sometimes it won't do it for a good while, other times it does it many times per hour.

- I am also having my search results redirected to other websites. The only way I can get to some websites is to cut/copy the link and paste it into my browser bar to get it to work.

- Earlier today I got some type of message saying (I sadly wasn't paying much attention to this first message) that something wasn't responding correctly and needed to be shut down/closed because something had an error so I clicked OK. At the time all I had open was Yahoo news page, so I figured it was legit and some type of error happened with Firefox and needed to close. Immediately after I clicked "OK," I got a new error message saying my computer needed to shut down. This alarmed me so I remembered part of the error "NT AUTHORITY\SYSTEM so I could Google it after the restart and check it out. When I did so, I was able to find what exact message I got about the shut down. The sites that I found said it was a worm. Here is the shutdown message below:

"System Shutdown

This system is shutting down. Please save all work in progress
and log off. Any unsaved changes will be lost. This shutdown
was initiated by NT AUTHORITY\SYSTEM

Time before shutdown:

Message:
Windows must now restart because the Remote Procedure Call
(RPC) service terminated unexpectedly"

Is this a worm? Should I be worried about this also?



So far I have done:

1. Multiple Norton's scans, result nothing but tracking cookies.

2. A few Malwarebytes AntiMalware scans, result nothing but tracking cookies.

3. Outdated Adaware Lavasoft scan, result nothing but more tracking cookies.

Here is the DDS log:

DDS (Ver_09-12-01.01) - NTFSx86
Run by Owner at 3:13:25.56 on 01/18/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.284 [GMT -6:00]


============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\Program Files\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://srch-us8.hpwis.com/
uSearch Bar = hxxp://www.google.com/ie
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = hxxp://us8.hpwis.com/
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: : {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\17.1.0.19\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\17.1.0.19\IPSBHO.DLL
BHO: BndFibu7 IE Helper: {8041e642-8cfc-4720-bc9d-d2db8904286f} - c:\program files\qdrdrive\QdrDrive12.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: hp toolkit: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\hp\explorebar\HPTOOLKT.DLL
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\17.1.0.19\coIEPlg.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
EB: Internet Speed Monitor: {17996e72-ee06-4d59-943f-4c3ebba5a916} - c:\program files\qdrdrive\QdrDrive12.dll
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: hp toolkit: {8f4902b6-6c04-4ade-8052-aa58578a21bd} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [Aim6]
uRun: [Yahoo! Pager] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
mExplorerRun: [ZTwbit5WtA] c:\windows\enshkdsr.exe
IE: &AIM Search - c:\program files\aim toolbar\AIMBar.dll/aimsearch.htm
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {44226DFF-747E-4edc-B30C-78752E50CD0C} - {44226DFF-747E-4edc-B30C-78752E50CD0C} - c:\program files\ati multimedia\tv\EXPLBAR.DLL
DPF: ActiveGS.cab - hxxp://www.virtualapple.com/activegs.cab
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} - hxxp://housecall60.trendmicro.com/housecall/xscan60.cab
DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} - hxxp://www.creative.com/su/ocx/15009/CTSUEng.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} - hxxp://webserver.dyyno.com/tng/dyyno-client/DyynoCAB.CAB
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scan8/oscan8.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1114019648812
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - hxxp://www.pandasoftware.com/activescan/as5free/asinst.cab
DPF: {A3009861-330C-4E10-822B-39D16EC8829D} - hxxp://www.ravantivirus.com/scan/ravonline.cab
DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {DCEA263C-75E9-4029-F6AA-37F011CC4EF1} - hxxp://dialcom.com/spontania/download/SpontaniaVideoCollaboration.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://138.237.46.59/activex/AMC.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://games.pogo.com/online2/pogo/bejeweled2/popcaploader_v6.cab
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4764/mcfscan.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/su/ocx/15010/CTPID.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: igfxcui - igfxsrvc.dll
Notify: OPXPGina - c:\program files\softex\omnipass\opxpgina.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
Hosts: 91.212.127.226 winguard2009.microsoft.com
Hosts: 91.212.127.226 winguard-2009.com
Hosts: 91.212.127.226 www.winguard-2009.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\usgko5yr.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.1.0.19\coffplgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.1.0.19\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\documents and settings\owner\application data\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\documents and settings\owner\application data\move networks\plugins\npqmp071701000002.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\real\realone player\netscape6\nppl3260.dll
FF - plugin: c:\program files\real\realone player\netscape6\nprjplug.dll
FF - plugin: c:\program files\real\realone player\netscape6\nprpjplug.dll
FF - plugin: c:\program files\veoh networks\veoh\plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1101000.013\SymDS.sys [2009-12-14 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1101000.013\SymEFA.sys [2009-12-14 171056]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.1.0.19\definitions\bashdefs\20091205.001\BHDrvx86.sys [2009-12-4 529456]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1101000.013\cchpx86.sys [2009-12-14 501888]
R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [2006-3-24 33920]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1101000.013\Ironx86.sys [2009-12-14 114736]
R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\17.1.0.19\ccSvcHst.exe [2009-12-14 126392]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-1-10 24652]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-12-15 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.1.0.19\definitions\ipsdefs\20100116.002\IDSXpx86.sys [2010-1-16 329592]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.1.0.19\definitions\virusdefs\20100117.019\NAVENG.SYS [2010-1-17 84912]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.1.0.19\definitions\virusdefs\20100117.019\NAVEX15.SYS [2010-1-17 1323568]
R3 SUPERWEBCAM;SuperWebcam, WDM Virtual Video Capture Device;c:\windows\system32\drivers\superwebcam.sys [2008-8-15 31872]
S3 PCDRDRV;Pcdr Helper Driver;\??\c:\progra~1\pc-doc~1\diagno~1\pcdrdrv.sys --> c:\progra~1\pc-doc~1\diagno~1\PCDRDRV.sys [?]
S3 RTPatch File Service;RTPatch File Service;c:\program files\rad3 technologies inc\wow sage\rtpio.exe [2008-9-26 19296]

=============== Created Last 30 ================

2010-01-12 10:28:20 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-09 17:43:16 0 d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy)
2010-01-09 17:43:13 0 d-----w- c:\program files\SDHelper (Spybot - Search & Destroy)
2010-01-09 17:43:13 0 d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2010-01-09 17:43:11 0 d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)

==================== Find3M ====================

2010-01-12 11:38:00 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-12-15 00:32:14 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-12-15 00:32:14 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-12-15 00:32:14 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-12-15 00:32:14 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-12-03 22:14:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-03 22:13:56 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-14 18:22:05 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-11-14 18:22:05 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-11-03 02:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 07:45:38 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll
2004-09-25 20:55:58 0 -csha-w- c:\windows\sminst\HPCD.SYS

============= FINISH: 3:16:49.89 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:14 PM

Posted 24 January 2010 - 10:45 AM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks thumbup2.gif
Posted Image
m0le is a proud member of UNITE

#3 Taktikool

Taktikool
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:14 AM

Posted 26 January 2010 - 06:54 PM

Hello m0le, and thank you for taking the time to reply. Currently I am not even able to turn on my computer anymore (using my laptop at the moment to post), it just attempts to restart over and over, so first things first I need help getting it to even turn on fully. Any help is greatly appreciated smile.gif

Edited by Taktikool, 26 January 2010 - 07:20 PM.


#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:14 PM

Posted 27 January 2010 - 07:47 AM

Looping boot problems are quite common with a very infected machine and to circumnavigate them you need to create a boot disk.

Please go here for an instructional and a download for BartPE, one such boot disk.
Posted Image
m0le is a proud member of UNITE

#5 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:14 PM

Posted 30 January 2010 - 03:53 PM

I'm back. How is the BartPE disk going?
Posted Image
m0le is a proud member of UNITE

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:14 PM

Posted 31 January 2010 - 03:33 PM

Since this issue appears to be resolved ... this topic has been closed. Glad we could help. smile.gif

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users