Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

After virus removal (fake Microsoft Essential alert) computer don't boot up


  • Please log in to reply
6 replies to this topic

#1 lvrijn

lvrijn

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:43 PM

Posted 17 September 2010 - 01:48 AM

Hello!

Two days ago I was copying some analog video to digital via my old laptop (Dell Latitude D600) because it runs Windows XP.
The driver for the hardware only works with Windows XP. But there was no security software on the laptop, only Norton Utilities.

So I opened my USB drive to install something but it wouldn't start.
I got the alert: "Microsoft Security Essentials Alert". I knew from that moment that I was infected.

So I tried the follow the guide here on bleepingcomputer:
http://www.bleepingcomputer.com/virus-remo...ssentials-alert

But that didn't work. I could't start executable files (taskmgr/regedit). So RKILL.com didn't work too. (When I tried, the alert was popping up)
In safe mode it didn't work either. I got also the alert that there is a problem in services.exe and the the computer is closing down in 60 seconds.

I tried to run Malware AntiBytes, but I couldn't update because when I tried to start it, I couldn't connect to the internet. I was looking in Internet Options but there was no Proxy server connection. Everything was OK.

With norton utilities I could open a sort of processmanagement. I saw there was a kind op security program (antispy safeguard?) using a lot of CPU. I killed it, and I removed it out of Application data. Internet worked! I updated Malware Antibytes and I started scanning. He found some things:

422888.exe
jytr.exe
msftldr.dll
sshnas21.dll

And something like (Trojan.downloader Rogueagent..)
Also I saw in processmanagement 2 times lsass.exe: one of them was every second starting and closing. That file is in the headdirectory of my C:/
I knew this was a virus. I tried to run the sasser.fix (from symantec) but this wouldn't find a thing.

When Malware Antibytes was ready it gave me the message that the computer had to boot again to remove all the bad files.
I pressed yes and it shutdown, when booting up it gave me the black screen with:

Windows couldn't start up, maybe there are hardware changes..
...
....
...

Safe mode
Latest known good configuration
Windows normal start

I tried all three options but then it hangs. Also if I let the counter go to zero it also hangs. It won't go to the Windows boot up logo. It stays hanging in the black screen. (It's a sort of F8 screen).

After that I repaired with the Windows XP professional fixboot and chkdsk, but that didn't help.
I opened the drive with a Knoppix Live boot CD. I saw that the infected files were set in quarantaine, but lsass.exe was so still on it's place.

So I removed the in quarantaine set files and I booted up again, but it still hangs.
I'm out of solutions, does anybody know what files are damaged, or maybe missing that prevent booting up?

Edited by lvrijn, 17 September 2010 - 01:51 AM.


BC AdBot (Login to Remove)

 


#2 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:10:43 PM

Posted 17 September 2010 - 02:11 AM

What does it hang on?

#3 lvrijn

lvrijn
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:43 PM

Posted 17 September 2010 - 07:18 AM

What does it hang on?


Always on the screen like the F8 screen..

Windows couldn't start up, maybe there are hardware changes..
...
....
...

Safe mode
Latest known good configuration
Windows normal start

If I press an option, it always hangs. Nothing happens.
If I let the counter go from 30 to 0 it also hangs, there doen't happen a thing.

#4 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:10:43 PM

Posted 17 September 2010 - 08:55 AM

It doesnt boot up in safe mode at all?

#5 lvrijn

lvrijn
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:43 PM

Posted 17 September 2010 - 10:10 AM

It doesnt boot up in safe mode at all?



No. So I think my register is f*cked up

#6 jonny_79144

jonny_79144

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:43 PM

Posted 17 September 2010 - 10:22 AM

Hey. Just to let you know I also got caught out by the fake Windows Essential thing, I just posted and went to see where my post was and saw yours there too. My PC is stuck in a cycle of constantly rebooting every 15 seconds. I'm sure we will both get help. If someone with no experience tells me it's hopeless and to reinstall windows I may have to kill them :thumbsup:

#7 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:10:43 PM

Posted 17 September 2010 - 12:09 PM

It doesnt boot up in safe mode at all?



No. So I think my register is f*cked up



Please follow the instructions in ==>This Guide<==.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include the link to this topic in your new topic and a description of your computer issues and what you have done to resolve them.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Once you have created the new topic, please reply back here with a link to the new topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users