Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer will not boot properly, well... at all


  • This topic is locked This topic is locked
21 replies to this topic

#1 schaffnuts

schaffnuts

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:10:28 PM

Posted 24 January 2010 - 04:11 PM

Alright, new here, I will try to explain this as best I can.
1st of all WINDOWS XP HOME (i believe home version)

About 10 days ago I tried downloading some .csv file from the internet, it was a simple excel file, not what i was looking for, with nothing but numbers and junk. IMMEDIATELY after when using google (primary search engine) and yahoo (if google isnt doing the job) I would be redirected to another random website. Files were downloaded from a site called csvhome.com (terrible mistake to even try to download these files that i didnt even want or need, but thats neither here nor there)

I rarely ever shut off my computer (a desktop). I have had issues in the past and completely reinstalled windows because of the inability to fix the problems. I am tempted to do so again, unless somebody can help.

I have comcast for a service provider, so I decided to download their Internet Security program for free.
I installed it, and also another program that came along with it as well (i cannot find anything to do with it on my computer, and thus forget what its called) But the comcast program is called Norton (NortonDL.exe).

After installing the Norton program, my computer asked to restart, so I chose to have it boot up again. 1st time in a couple weeks. It began booting, went through its normal screens, and came to the Intel Inside screen before going black and restarting. After it did this it gave me the "boot normal, safemode, or last config" screen. I chose to boot normal as I didnt think anything was wrong. It did the SAME thing. So I chose last good config, SAME deal. Next I chose regular Safe Mode, and it went through all its boot programs list, it came to one on the bottom (let me figure out the name.....) SPTD.sys, it started booting, and got to the WINDOWS screen this time, and restarted, i tried all other safe mode options and got the SAME thing.

I then tried to do safe mode with networking, but when the SPTD.sys came up, I hit escape, which cancels it. And the computer booted right up in safe mode.

I have access to internet, and have access to do a lot of things I tried to do. Including to attempt to remove the Norton from my computer. Which I did twice, once after reinstalling it and doing a scan. (the scan came up with 4 files, i scanned again after fixing/removing them, and it came up with nothing)

After that, the same stuff happened upon start up, so I booted up like I knew how, and tried to install mbam-setup.
Something I searched the web for, and saw might be a good start to a solution.
I tried installing it, and no dice, nothing showed up on my screen.

I tried changing the boot systems.... using msconfig, i unchecked all startup components, and it still does the same thing.

I tried searching msconfig for issues, and found files named kkl.exe and kkk.exe that had issues (I have no idea what they are)

UMMMM, lets see, anything else I tried?.... other than searching the web for good solutions, or the same issue...
I think that is everything

Thank you in advance for anyone who tries to help, whether it does or does not. I am just sick of trying to find an exact solution for my problem on the internet for the last 3 days, and hope to get a tailored one to my specific problem.

BC AdBot (Login to Remove)

 


#2 schaffnuts

schaffnuts
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:10:28 PM

Posted 24 January 2010 - 04:41 PM

AH HA the program was internet security 2010, the program i mentioned that i could not remember

It just booted, and just ran a scan.

at least I think it was this program..... the symbol looks the same, however somethings look suspicious

Virus:W32/Alman.B
Trogan-PSW.Win32.Hangame.cp
Adware:W32/Gamevance (ive never had adaware on this computer)
Trojan-PSW.Win32.Hangame.cp
Rootkit.Win32.Agent.pp
Exploit.Win32.DCom.y
Other:W32/Dropper
Trojan-Clicker.HTML.IFrame.g
Nuker.Win32.CGSi
Trojan-Downloader.Win32.Agent.alr
Trojan-Clicker.Win32.Agent.bm
Trojan-Clicker.Win32.NetBuie.b
Email-Worm.Win32.Mytob.t
Trojan-Downloader.NSIS.Agent.a
Nuker.Win32.WinNuke.b
Backdoor.Win32.Kbot.al
Net-Worm.Win32.Mytob.t
Trojan-Clicker.Win32.Agent.bm
Trojan-Clicker.Win32.NetBuie.b
Trojan-Downloader.JS.Multi.ca
Trojan-Spy.HTML.Visafraud.a
Trojan-Spy.Win32.Iespy.od
Net-Worm.Win32.DinNet.d

something tells me these are all fake errors, because it wants me to download and pay for the service.
pay 40 bux to get the program to remove these supposed viruses

maybe i really do have all this stuff, but something seems fishy

anywho, i thought i might as well try and update with this info

#3 schaffnuts

schaffnuts
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:10:28 PM

Posted 24 January 2010 - 04:47 PM

also, how bout this....
I tried doing Control Alt Delete, and it comes up with this error
Application cannot be executed. This file is infected. Please activate your antivirus software.

I think I am just going to shut off this computer, as I think the malware on it is just multiplying.
At least keep it off til I get some help.

OK.... ie just opened up randomly. This is so much fun.....

now another Warning error, ATTENTION! System detected a potential hazard (TrojanSPM/LX) of your compuer.... blah blah blah

Just shut it down, I'm thru with all this crazy stuff popping up on my computer

#4 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,947 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:10:28 PM

Posted 24 January 2010 - 04:49 PM

Internet security 2010 is a rogue program which needs to be removed from your system. I don't know how to go about it though. It's a tricky one.

~ OB
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#5 schaffnuts

schaffnuts
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:10:28 PM

Posted 24 January 2010 - 04:53 PM

yea, i figured as much... that is likely my major problem, i assume
while im kinda glad it showed its ugly head so i could see it, i wonder how much damage it did while running

#6 schaffnuts

schaffnuts
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:10:28 PM

Posted 24 January 2010 - 05:30 PM

i am going to try this, and will update later if it works...

http://www.bleepingcomputer.com/virus-remo...t-security-2010

at last ive found something that might do something for my situation, haha

Edited by schaffnuts, 24 January 2010 - 05:30 PM.


#7 schaffnuts

schaffnuts
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:10:28 PM

Posted 25 January 2010 - 12:20 AM

no such luck removing it

#8 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,947 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:10:28 PM

Posted 25 January 2010 - 12:37 AM

In that case, please follow the instructions in ==>This Guide<==.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<==

If you cannot produce the DDS logs, then post back here and we will provide you with further instructions.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#9 schaffnuts

schaffnuts
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:10:28 PM

Posted 26 January 2010 - 04:29 PM

no dice, the dds file is shut down by the internet security 2010

moreover, i am having to move files from computer to computer, because i cannot access this website from the computer anymore... yes anymore, i was able to do so before i started to try different things, accessed it once, maybe twice, then i can no longer access this website on that computer

thank goodness for having 2 computers on 1 desk

#10 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,947 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:10:28 PM

Posted 26 January 2010 - 05:32 PM

Hello there,

There's a couple things I'd like you to try. Hopefully they will work. If not, I've something else up my sleeve.

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.

Please download RSIT by random/random and save it to your Desktop.
Note: You will need to run this tool while connected to the Internet so it can download HijackThis if it is not located on your system. If you get a warning from your firewall or other security programs regarding Rist attempting to contact the Internet, please allow the connection.
  • Close all applications and windows so that you have nothing open and are at your Desktop.
  • Double-click on RSIT.exe to start the program.
  • If using Windows Vista, be sure to Run As Administrator.
  • Click Continue after reading the disclaimer screen.
  • Leave the drop down box set to default: "List/folders created or modified in the last 1 month (30 days).
  • When the scan is complete, a text file named log.txt will automatically open in Notepad.
  • Please start a new topic and post your logs; GMER and RSIT in the HijackThis Logs and Malware Removal forum, NOT here.
  • Be sure to mention that you tried to follow the Prep Guide but were unable to get DDS to run.
If neither GMER or RIST work, then reply back here.

If you can get either but not both of the logs, go ahead and create the topic in HJT and let them know what logs you tried to get and couldn't in addition to letting them know you couldn't follow the prep guide.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#11 schaffnuts

schaffnuts
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:10:28 PM

Posted 28 January 2010 - 06:54 PM

there is no "scan" option, after i click "NO"
im gonna try and find it, but i dont see anything

edit: under autostart there is a scan option, is this what i pick?

Edited by schaffnuts, 28 January 2010 - 06:54 PM.


#12 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,947 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:10:28 PM

Posted 28 January 2010 - 07:57 PM

Are you referring to RSIT or GMER?

Orange Blossom :thumbsup:

Edited by Orange Blossom, 28 January 2010 - 07:57 PM.

Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#13 schaffnuts

schaffnuts
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:10:28 PM

Posted 29 January 2010 - 12:26 AM

gmer, thanks

#14 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,947 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:10:28 PM

Posted 29 January 2010 - 12:54 PM

I just ran the program, but I didn't get that question requiring the NO, so at the moment, I can't answer the question. I'll see what I can find out.

Were you able to run the RSIT program?

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#15 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,947 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:10:28 PM

Posted 29 January 2010 - 01:01 PM

Another question: Are you in Safe Mode when running gmer?
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users