Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unable to boot WinXP in safe mode


  • Please log in to reply
3 replies to this topic

#1 zgod

zgod

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:44 PM

Posted 11 February 2010 - 10:05 PM

Greetings, recently my computer became infected with the "Antivirus Plus" malware. I followed all of the steps listed in this removal guide, and that seemed to take care of the problem. However, when I started my computer up the next day, I noticed that I was getting several different pop-ups periodically while browsing in FireFox. Some were linking to bogus surveys, while others seemed to be related to something that I had typed into Google as a search. Additionally, I began receiving this error:

"Generic Host Process for Win32 Services has encountered a problem and needs to close."

With the additional details:

szAppName : svchost.exe szAppVer : 5.1.2600.2180 szModName : mshtml.dll
szModVer : 7.0.6000.21183 offset : 000733a9

C:\DOCUME~1\Unknown\LOCALS~1\Temp\WER5668.dir00\svchost.exe.mdmp
C:\DOCUME~1\Unknown\LOCALS~1\Temp\WER5668.dir00\appcompat.txt

So, I thought maybe if I booted up in safe mode and completed all the steps on the aforementioned removal guide, that would help get rid of some lingering malware that may have resulted from the Antivirus Plus malware (please keep in mind that while I am fairly computer-literate, my knowledge of malware/viruses is rather minimal).

Anyway, when I went to boot up in safe mode, after selecting "Safe mode with networking" from the list, I came upon the dreaded BSOD. After disabling automatic restarts upon system failure, I found that there were only three characters printed on the blue screen, a "sideways L" character (rotate 'L' 90 degrees clockwise), followed by a space, followed by a question mark. I couldn't reboot with any input, I could only reboot using the power/reset button on my tower.

Can anyone help me with this?? I should say that this is not the first time I've had a virus on this machine, but have been able to fix them (seemingly) using MBAM, SuperAntiSpyware, etc. Any insight on this problem would be greatly appreciated!!

BC AdBot (Login to Remove)

 


#2 bqm8751

bqm8751

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:44 PM

Posted 12 February 2010 - 03:54 PM

i've had the exact same experience when trying to boot in safe mode. but my major problem now is that i cannot boot in ANY mode. this is because i tryed to boot in safe mode by going through "run" then "msconfig" and restarting it manually from there. Unfortunately, i had the same results. now when i try to boot in "normal mode", my computer is now stuck on trying to boot in "safe mode". basically, i unknowingly changed my computer's default boot settings, to where now, normal mode=safe mode, and obviously, safe mode keeps crashing :thumbsup:

#3 zgod

zgod
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:44 PM

Posted 13 February 2010 - 09:40 PM

***UPDATE***

Ran into some more problems today. When I came home from work, I found out that my facebook account had been disabled by the administrator. I don't know what caused this, unfortunately facebook doesn't disclose the specific information that elicted the ban/disabling. I can only assume that some malware on my comp hacked into my profile and sent out links to my contacts.

After learning this, I decided to run the usual anti-malware programs. Ran rkill, then updated and ran MBAM. It found a handful of infected objects and prompted for a restart. When my computer booted back up, the AntiVirus Plus icon was back on my desktop, and within minutes I was bombarded with the same bogus alerts/scans/pop-ups etc.

I didn't post this to bump my thread as a way of demanding help or anything, I just thought this information would be helpful to anyone trying to tackle this problem. It seems like this is a newer version of Antivirus Plus, that is somehow eluding the removal process. It sickens me to think of the people that spend time programming this kind of diabolical (the term "malicious" doesn't even seem to do it justice) software. I have spent the remainder of my day frantically changing passwords to all of my accounts (on a different machine), and now I'm too paranoid to log on to any of my usual websites... very frustrating.

Anyway, I apologize for bumping this thread, however I hope that this problem can be solved, not just for my sake but for anyone else who may be experiencing this problem.

**EDIT** I forgot to mention: since I'm obviously infected with malware, do I need to post this in a different forum, or could someone move it for me?

Edited by zgod, 13 February 2010 - 09:54 PM.


#4 zgod

zgod
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:44 PM

Posted 15 February 2010 - 03:04 AM

*** UPDATE ***
Well, it seems as if I may have solved this problem on my own.

To make a long story somewhat shorter, I'm not sure how it happened, but I ended up having both Antivirus Plus and Antivirus Soft on my machine. Without being able to boot up in safe mode, I thought I was certainly doomed to having to reformat/reinstall my OS, since Antivirus Soft was preventing me from loading any of my anti-spyware programs. However, I was able to get around it by loading up task manager as soon as explorer.exe opened at start up, and ending the processes once AV soft loaded up. From that point, after searching and reading, and was able to find and change/delete most of the registry keys and hijackthis entries associated with these two rogue programs, and MBAM/SAS seemed to get the rest.

However, I still could not boot up in safe mode, and I was still getting the google redirects and random pop-ups in firefox, meanwhile MBAM and SAS were not finding any malicious items. After a little more research, I came across a program called Hitman Pro 3.5.4., which detected a few infected objects that were not showing up in the other programs. After rebooting, it seems as if it fixed the problem. I can now load up in safe mode, and I have not experienced any redirects or pop-ups in firefox so far.

I am still having two issues. When I scan with SAS, it detects one trojan (Agent/Gen-Nullo[Short]), but the program hangs in the last folder of my hard drive. The program itself doesn't freeze, as the time elapsed counter keeps going up, but the scan becomes stuck. MBAM, McAfee, Hitman Pro 3.5 are not detecting that trojan, so I'm not sure if it's a false positive or what. The other issue I'm having is that when I boot up in normal mode, after the desktop appears my comp seems to hang for about 30-45 seconds before playing the intro music and loading up my startup programs.

Other than those two problems, everything else seems to be working smoothly. If anyone else is experience problems with safe mode or firefox pop-ups, I suggest looking into Hitman Pro 3.5, it seems to fix it.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users