Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Security Tool


  • This topic is locked This topic is locked
83 replies to this topic

#1 shellilee

shellilee

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:06:15 AM

Posted 06 May 2010 - 09:11 AM

I am new to this site, but am in great need of assistance. My computer got infected with Security Tool. Twice. The second time is so crazy. I can see the computer booting on the monitor, but windows will not boot, the desktop will not come up all I get is a blank screen. Now, I can't even start in Safe Mode. I am so aggravated. Is there another way to get rid of this software, i want to wipe out my PC and reinstall windows, but can't even do that. Please help. crazy.gif

Edited by Pandy, 07 May 2010 - 01:32 PM.
Moved from Windows XP to a more appropriate forum ~Pandy


BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 55,726 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:05:15 AM

Posted 06 May 2010 - 10:18 AM

Do you get any screens at all? Do you get the POST screen? Is there any indication that your monitor is working properly?

<<Is there another way to get rid of this software, i want to wipe out my PC and reinstall windows, but can't even do that.>>

If that's what you want to do...why can't you?

System manufacturer and model?

Louis

#3 shellilee

shellilee
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:06:15 AM

Posted 06 May 2010 - 11:38 AM

I am getting the boot screens, and I can get into setup. I can also use the F8 key and tell it to start in safe mode. But once that is done, I get nothing but a blank screen.
Like I said, I know I have been infected with Security tool and the second time it even seeped into the Safe Mode on the computer.
Any ideas?


#4 hamluis

hamluis

    Moderator


  • Moderator
  • 55,726 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:05:15 AM

Posted 06 May 2010 - 01:11 PM

I've asked the BC malware personnel for some help...just be a bit patient smile.gif.

Louis



#5 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,706 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:12:15 PM

Posted 07 May 2010 - 01:29 PM

Hi shellilee,

Welcome to Virus/Trojan/Spyware/Malware Removal (VTSMR) forum. I am going to assist you with your problem.

Please refrain from making any changes to your system (scanning or running other tools, updating Windows, installing applications, removing files, etc.) from now on as long as we are handling this together as it might interfere with our fixes. Please let me know in your next reply if you agree with this.

Could you please update me about the current condition of your computer?

#6 shellilee

shellilee
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:06:15 AM

Posted 10 May 2010 - 09:58 AM

The current condition of the computer is that it is sitting in my closet because I can not get windows to boot. When I turn the computer on I see all of the correct booting information. I am able to go into setup, I am able to press the F8 key to try Safe Mode, however the computer will not start in safe mode anymore nor will it boot windows. I know the monitor is working or I would not see any of these things.
I was originally infected with Security Tool and I found SpyBot which I thought took care of it. Come to find out about two weeks later, I was so infected that the malware is pretending to be my Windows Security Center. I tried again to run Spybot but the malware blocked it. I tried to download a different malware program to a flash drive and then drop to my computer and the malware blocked it. I then was able to boot one time in safe mode to try and run the malware removal program, again it was all blocked. Since then, I cannot even get windows to boot.

Thanks in advance for your help.


#7 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,706 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:12:15 PM

Posted 10 May 2010 - 11:34 AM

I need to know exactly how far it goes and at what stage it stops booting and you see the black screen you mentioned in your previous post.

So please us F8 to get to Advanced boot option. From the menu select "Last Known Good configuration" and press Enter.
Let the computer boots and tell me how far it goes. Does the Windows load bar appears? Does the black screen comes while the loading bar shows loading? Do you get log on screen and welcome screen?



#8 shellilee

shellilee
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:06:15 AM

Posted 10 May 2010 - 07:50 PM

After using the f8 button and choosing the last good configuration, the screen goes black. I loose the cursor and everything.

#9 shellilee

shellilee
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:06:15 AM

Posted 10 May 2010 - 07:55 PM

I thought I would try to start windows normally just to see what happens, the screen went black then a white bar appeared at the bottom of the screen. Only a portion of it is solid the rest slashed.

#10 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,706 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:12:15 PM

Posted 10 May 2010 - 08:13 PM

Thanks for the feedback.
  1. We need to create an Boot CD
  2. If you have Nero:
    • Open Nero SmartStart.
    • Under Applications tab Select Nero Burning Rom
    • In the left pane CD-ROM (ISO) should be highlighted.
    • At the bottom of the open window click Open.
    • In the open window select desktop, highlight the rc.iso file on the desktop and click Open.
    • Put a blank CD in your computer burner and press Burn.
    • When the disk finishes, eject the CD.

  3. If you don't have Nero:
  4. Let me know if it is done.


#11 shellilee

shellilee
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:06:15 AM

Posted 10 May 2010 - 08:47 PM

I won't be able to do this until tomorrow. My funtional computer here at home does not have a cd burner. So you want me to let you know when the CD is burnt and ready?

#12 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,706 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:12:15 PM

Posted 11 May 2010 - 02:36 AM

Yes please let me know when the CD is ready.

#13 shellilee

shellilee
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:06:15 AM

Posted 11 May 2010 - 10:35 AM

I have the CD completed. I will do what I can when I get home from work this afternoon. I appreciate your time in this area. I have been so frustrated.


#14 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,706 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:12:15 PM

Posted 11 May 2010 - 01:37 PM

Good.

I understand your frustration.

Insert the CD-ROM into the CD-ROM drive, and then restart the computer.
  • Please be patient as "Windows" loads
  • Your system should now display a REATOGO-X-PE desktop.
    Note: In case you did not get this screen your computer is not set to boot from CD-ROM and you should change the BIOS set up as describe How to Set BIOS to Boot from CDROM
  • Double click on the OTLPE icon on your desktop.
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • On make sure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start. Change the following settings.
    • For each section there are three options (None, SafeList and All), set all the sections to "All".
    • Copy and Paste the following code into the Custom Scan section. Do not include the word "Code"  

      Please note:  You can use a flash drive and copy this script into a txt file from a clean computer to transfer to this computer.

      CODE
      netsvcs
      msconfig
      safebootminimal
      safebootnetwork
      %SYSTEMDRIVE%\*.exe
      %systemroot%\tasks\*.job
      /md5start
      iaStor.sys
      nvstor.sys
      atapi.sys
      disk.sys
      classpnp.sys
      kbdclass.sys
      IdeChnDr.sys
      viasraid.sys
      AGP440.sys
      vaxscsi.sys
      nvatabus.sys
      viamraid.sys
      nvata.sys
      nvgts.sys
      iastorv.sys
      ViPrt.sys
      eNetHook.dll
      ahcix86.sys
      KR10N.sys
      nvstor32.sys
      ahcix86s.sys
      /md5stop
      %systemroot%\*. /mp /s
    • Push runscan button
    • When finished, the file will be saved  in drive C:\OTL.txt
    • Copy this file to your USB drive if you do not have internet connection on this system
    • Please post the contents of the C:\OTL.txt file in your reply.


#15 shellilee

shellilee
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:06:15 AM

Posted 11 May 2010 - 06:34 PM

I am waiting, it is on "manual file scan, getting file structure" I will reply with the contents of c:otl.txt as soon as I can





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users