- A freshly minted newbie here so please be gentle .
I've tried to follow the guidelines to the best of my abilities but I apologize if I missed anything- checking existing topics, I didn't find anything that exactly fit by subject so, here goes.
Yesterday evening, I came down to our basement PC to find that it was locked up - more specifically, screen was black except for numerous chinese-looking pop-ups. The computer was non-responsive so I did a hard-boot.
Upon re-starting, it comes up to the normal XP account screen (where one chooses which account to use). Up to here, all seems normal. But choosing the accounts leads to the following:
1) I'll call this account "Acct RT". This is the normal administrative account. Selecting this one causes the PC to restart. Initially, it made it to the point where I could see my wallpaper (and nothing else) and then the PC would restart. Now, it doesn't even make it that far: from the account screen, I immediately go down.
2) I'll this account "Acct BR". This one is interesting. Initially it came up with only the wallpaper and a "Loading Personal Settings" pop-up. And that was it- it would just hang. Well, I started with this account since at least it gave me chance to try something before the PC went down. Using Ctrl-Alt-Del, and selecting "Logoff" from the Users Tab, I was able to somehow get the files on the desktop to come up. I then ran Malwarebytes' Anti-Malware which removed 355 virus files. I then tried to restart with Acct RT but it still simply rebooted again. From Acct BR, I ran MBAM again and got something on the order of another 122 files.
I would post the logs but the computer does not let me navigate to any folders (MBAM was sitting on the desktop so I was able to access it). MS Explorer is dead - it comes up but selecting any of the drives doesn't do anything.
So, I came across this website in my search and tried the following based on a similar problem that someone else here had:
- I downloaded and ran ATF-Cleaner in Safe Mode (on Acct BR; the other account was still causing re-boots even when selected in safe mode)
- I downloaded SuperAnti-Spyware and tried to install it in normal mode but it kept crashing with a "this problem has experienced and will now close". It appeared to semi-install, meaning it created an icon for the program but attempting to run it didn't work - ran into the same message.
For what it's worth, the computer still has access to the internet. Other than that, when I'm in normal mode in Acct BR, a pop-up with "ERROR! Corrupt Data!" keeps coming up (and the hard drive makes a belaboured chunking noise). Neither of these happen in Safe Mode. If I leave the computer up long enough, I get barraged with numerous Korean & Chinese pop-ups.
I am running XP Home Edition SP2 Build 2600 on a Sony PCV-RZ24G. I run Norton but it expired a bit back and didn't have the latest updates. Other than that, I occasionally run MBAM. I've never had anything like this happen before.
I'm sorry I couldn't provide any of the logs. I'll look into it to see if I can do anything about accessing and posting those files. I do know that, among the hundreds of others, there was also Trojan.Dropper & Trojan.Downloader. Nothing new has been installed on this computer (at least not intentionally).
At this point, I'm happy that I can atleast access the desktop. But I need to back everything up to back up all the important files (pictures, movies, etc) and, if worse comes to worse, I have the Sony "Recovery Disks" but, according to the documentation, this will return me to the factory settings, minus all my precious data (my bad- used to back up on zip disks ages ago and never got a proper back-up drive).
But, my hope is that I can avoid such drastic action. Any and all help would be much appreciated.
Edited by Budapest, 23 May 2010 - 05:36 PM.
Moved from XP ~BP