Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware Defense Problem


  • Please log in to reply
10 replies to this topic

#1 fastsigns

fastsigns

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:08:38 AM

Posted 04 February 2010 - 01:46 PM

Hello and Thanks in advance!

Running xp

Got a popup that mentioned 'malware defense'. I immediately unplugged the ethernet. Tried to run spybot, but no go. rebooted, but xp would hang up at the welcome screen.

Booted up in safe mode ok. Tried to run spybot, but no go. Tried to run tdsskiller, but it would not run. Tried to run malware bytes, no luck.

Any ideas? Oh I'm in trouble.

BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 56,298 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:09:38 AM

Posted 04 February 2010 - 01:50 PM

http://www.bleepingcomputer.com/virus-remo...malware-defense

Louis

#3 fastsigns

fastsigns
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:08:38 AM

Posted 04 February 2010 - 02:01 PM

Thanks for the prompt response. As I indicated, I cannot boot up to xp, and programs, such as the one you recommended, will not run in safe mode.

Anybody else have any ideas?

Edit: Spoke too soon. More later. Sorry.

Edited by fastsigns, 04 February 2010 - 02:11 PM.


#4 fastsigns

fastsigns
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:08:38 AM

Posted 04 February 2010 - 02:25 PM

rkill seems to run. The log file shows nothing found, and then a xp type message comes up that indicates the 'you are working in safe mode. select ok to go into safe mode or 'other' to go to restore'.

if I click on safe mode, then I get back to the desktop and malware install will not run.

Thanks in advance!

#5 hamluis

hamluis

    Moderator


  • Moderator
  • 56,298 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:09:38 AM

Posted 04 February 2010 - 02:29 PM

You are following the instructions which were so carefully written?

Louis

Edited by hamluis, 04 February 2010 - 02:57 PM.


#6 fastsigns

fastsigns
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:08:38 AM

Posted 04 February 2010 - 02:51 PM

Thanks Louis.

Sorry for being an #ss. I missed the rename to explorer.exe part.

I was unable to run 'get updates' as I do not have an internet conn on that machine. I am running a scan now.

Thanks!

#7 fastsigns

fastsigns
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:08:38 AM

Posted 04 February 2010 - 04:41 PM

Got an internet connection on the machine and got updates for malwarebytes. Ran it, it requested to reboot, started to come back up, then froze up in the same spot as before, at the welcome screen.

Log indicates that 5 found items were quarantined and deleted.

Shall I revert back to an old restore point?

Thanks for all your help!

#8 hamluis

hamluis

    Moderator


  • Moderator
  • 56,298 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:09:38 AM

Posted 04 February 2010 - 05:46 PM

That's a decision that you must make.

The problem that I see with restore points...is that you have no idea whether such will go past the point of infection...and it's not guaranteed that you can even use the System Restore function successfully.

You can either try that...or follow the suggestion included in the Removal link I provided:

""If you are still having problems with your computer after completing these instructions, then please follow the steps outlined in the topic linked below:

Preparation Guide For Use Before Posting A Hijackthis Log" (this is not a link, the functional link is in the Removal Instructions mentioned).

If you decide to go the route listed in the Removal Guide, bear in mind that the log will be posted at that malware forum and all further instructions will come from the designated helpers at that forum.

Louis

#9 fastsigns

fastsigns
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:08:38 AM

Posted 04 February 2010 - 07:01 PM

Thanks, my friend. I will wait to do a restore.

I ran malware bytes several times in safe mode and it come up clean.

I can boot up to a normal desktop from the cd, but it hangs at the welcome screen without the cd. Strange. Can I use the fixboot command?

Also, when I look at task manager, iexplore.exe's keep popping up, with up to 3 running. Also even after uninstalling and reinstalling spybot, it still won't work.

Oh me oh my! Have I given you any more clues?

Any help is appreciated.

#10 hamluis

hamluis

    Moderator


  • Moderator
  • 56,298 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:09:38 AM

Posted 04 February 2010 - 07:18 PM

Well...users seem to have a conception that removal of an infected file or files...is all that is necessary to make a system healthy again.

I don't take that view, since any file that was damaged during the infection or removal of same...will continue to be damaged post such removals.

For advice on malware items, you really need to visit one of our malware forums. They have the knowledge and skill to deal with such and I would not expect to find it here in the XP forum (no matter how knowledgeable some members are).

FWIW: An instance of iexplore.exe should appear in Task Manager for every instance of a window being open, plus or minus one, in my experience. I have 3 windows open in IE right now and I have 3 instances of iexplore.running. Note that I did not say iexplorer.exe, which is a malware item.

Louis

#11 fastsigns

fastsigns
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:08:38 AM

Posted 05 February 2010 - 11:02 AM

Thanks for the input!

With regard to my system unable to boot up (only boots with xp cd in drive), do you think I should start by running a bootcfg /rebuild in the recovery console?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users