Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows failure to boot


  • Please log in to reply
4 replies to this topic

#1 DogStar5988

DogStar5988

  • Members
  • 116 posts
  • OFFLINE
  •  
  • Local time:02:25 AM

Posted 19 January 2010 - 01:00 AM

Hi, I've had a few viruses or malware on my computer and I thought I had finally gotten rid of them with Malwarebytes however now there is a new issue. After trying to do a restart a bunch of command prompts popped up and then it froze. After trying to start up again I just got a screen saying that windows failed to start successfully and gave me options such as starting in safe mode etc. I tried all of those options and only got the blue screen that says there is a problem and windows will shut down. So now I can't get into my computer at all. I have tried using the recovery console however I don't have the administrator password so I can't really get into it. Please let me know what I can try to fix this. Thanks


Here is a link to my original thread where I took a few steps to solve the issue

Original thread

Currently I am trying to start Windows repair installation but my computer keeps trying to boot into safe mode and saying that the Windows setup can't run in Safe Mode. I cannot access my computer at all so I can't post any logs currently however I was running Malwarebytes, SpyBot Search and Destroy, and Super Anti-Spyware. I had to rename Malwarebytes to get it to work after the inital infection and I was in the process of uninstalling it so I could re install it when all this happened. Sorry for the long post, I hope you people can help! Thanks

BC AdBot (Login to Remove)

 


#2 DogStar5988

DogStar5988
  • Topic Starter

  • Members
  • 116 posts
  • OFFLINE
  •  
  • Local time:02:25 AM

Posted 20 January 2010 - 08:51 PM

I did a scan with the Avira Antivir Rescue system cd. Here is what it found:
Patched.Gen
TR/PCK.Tdss.AA.3614
TR/PCK.tdss.AA.3613
TR/PCK.AA.3615
TR/SPY.23040.37

I have the scan set to try and repair files and then rename them if it can't repair them.
Thank you

#3 DogStar5988

DogStar5988
  • Topic Starter

  • Members
  • 116 posts
  • OFFLINE
  •  
  • Local time:02:25 AM

Posted 21 January 2010 - 12:34 AM

Update: I was able to get the windows repair to run and have been able to get into my computer in safe mode. However my anti-virus, spybot s&d, and super-anti spyware still wont open. Malwarebytes was uninstalled.

#4 DogStar5988

DogStar5988
  • Topic Starter

  • Members
  • 116 posts
  • OFFLINE
  •  
  • Local time:02:25 AM

Posted 21 January 2010 - 07:25 PM

Sorry, I have another update. I was able to open SuperAnti Spyware by renaming the file extension (exe to bat). The scan didn't find anything though. Also I was able to get the last Mbam log I had from just before windows failed with my flash drive. Here is that log.


Malwarebytes' Anti-Malware 1.44
Database version: 3584
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/17/2010 2:03:23 PM
mbam-log-2010-01-17 (14-03-23).txt

Scan type: Quick Scan
Objects scanned: 132170
Time elapsed: 10 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
\\?\globalroot\systemroot\system32\H8SRTykdxspnlmo.dll (Trojan.Vundo) -> Delete on reboot.
c:\WINDOWS\system32\sshnas21.dll (Trojan.FakeAlert) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\H8SRT (Rootkit.TDSS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SSHNAS (Trojan.Renos) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
\\?\globalroot\systemroot\system32\H8SRTykdxspnlmo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\kmcvicar\Local Settings\Temp\f.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sshnas21.dll (Trojan.FakeAlert) -> Delete on reboot.

#5 DogStar5988

DogStar5988
  • Topic Starter

  • Members
  • 116 posts
  • OFFLINE
  •  
  • Local time:02:25 AM

Posted 11 February 2010 - 05:18 PM

This topic is continued in the HJT forum here is the Thread




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users