Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

XP refuses to go into Safe Mode


  • Please log in to reply
1 reply to this topic

#1 MotherMary

MotherMary

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:05:43 PM

Posted 24 January 2010 - 03:40 PM

My husband has been using an anti-malware program called VIPRE that he's been happy with. Hubby is a TOTAL non-techie type; his idea of "tech support" is to ask me for help, and I know very little more than he does. Luckily, about a month ago I triumphed in a six-week-long battle against Virtumundo on my own computer (with a LOT of help from bleepingcomputer!!), so I at least know A LITTLE.

A few days ago, hubby's 2006 XP began to slow down dramatically. He ran a full scan with VIPRE, which pronounced him clean of malware. Yesterday his computer began denying him access to the Internet, even though ipconfig said he was so too connected. Up until yesterday afternoon, every time he booted or rebooted, he was notified that Windows couldn't find two malware files -- dimisawo.dll (sp?) and logon.exe.

I probably acted in the wrong order, but I trusted Jerry's report that VIPRE had said all was well. I obtained and used Uniblue's Registry Guard. Then, just to be scrupulous, I obtained Malwarebytes and ran a full scan. MWAM announced that it had found more than 200 malware files, including roughly 60 Virtumundos.

MWAM said it had to reboot to complete the cleansing, so I said "Fine." On rebooting, I was notified about 20 times that "putevama.dll is not a Windows image" -- since when is ANY library an image? I did an Internet search and discovered it's a "system file" associated with Virtumundo. Argh!

Well, it was late and I was tired. I decided to continue the battle today. Overnight, I thought it would be a good idea to start Jerry's computer in Safe Mode and run MWAM again there, before I obtained SuperAntiSpyware and ran IT.

Jerry's computer refuses to start in Safe Mode. It will only allow me Last Known Good Configuration.

OTOH, there is no evidence of putevama.dll today. When I go back to Jerry's computer, I plan to first use Task Manager to make sure it's not running, and then search for and manually destroy every copy I find.

Earlier today, I ran MWAM a second time. Today, it found and cleaned off one Trojan Horse. When it told me it needed to reboot, I did so. The good news is that there's STILL no evidence of putevama.dll. The bad news is, the computer still refuses to reboot into Safe Mode.

After that, I obtained SAS and ATF-Cleaner.exe. As I type, SAS is running and has found about 100 malwares that MWAM missed (so far).

I'm writing to ask, how frightened should I be that J's computer refuses to boot into Safe Mode? What, if anything, should I do? Now that most of the malware is gone it SEEMS to be working just fine, but my intuition is that if it refuses to go into Safe Mode, it's NOT just fine.

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:43 PM

Posted 24 January 2010 - 07:00 PM

Hello the Safe mode can be serious enough to cause you to have to reformat.
First though Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.



SUPERAntiSypware has a built in "Repairs" feature to fix policy restrictions and certain Windows settings which are sometimes targeted by malware infection. To use this feature, launch SUPERAntiSypware.
  • Click the Repairs tab.
  • Click on (highlight) "Repair broken SafeBoot key" and then click the Repair button.
  • You may be asked to reboot your computer for the changes to take effect.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users