Two days ago I was copying some analog video to digital via my old laptop (Dell Latitude D600) because it runs Windows XP.
The driver for the hardware only works with Windows XP. But there was no security software on the laptop, only Norton Utilities.
So I opened my USB drive to install something but it wouldn't start.
I got the alert: "Microsoft Security Essentials Alert". I knew from that moment that I was infected.
So I tried the follow the guide here on bleepingcomputer:
But that didn't work. I could't start executable files (taskmgr/regedit). So RKILL.com didn't work too. (When I tried, the alert was popping up)
In safe mode it didn't work either. I got also the alert that there is a problem in services.exe and the the computer is closing down in 60 seconds.
I tried to run Malware AntiBytes, but I couldn't update because when I tried to start it, I couldn't connect to the internet. I was looking in Internet Options but there was no Proxy server connection. Everything was OK.
With norton utilities I could open a sort of processmanagement. I saw there was a kind op security program (antispy safeguard?) using a lot of CPU. I killed it, and I removed it out of Application data. Internet worked! I updated Malware Antibytes and I started scanning. He found some things:
And something like (Trojan.downloader Rogueagent..)
Also I saw in processmanagement 2 times lsass.exe: one of them was every second starting and closing. That file is in the headdirectory of my C:/
I knew this was a virus. I tried to run the sasser.fix (from symantec) but this wouldn't find a thing.
When Malware Antibytes was ready it gave me the message that the computer had to boot again to remove all the bad files.
I pressed yes and it shutdown, when booting up it gave me the black screen with:
Windows couldn't start up, maybe there are hardware changes..
Latest known good configuration
Windows normal start
I tried all three options but then it hangs. Also if I let the counter go to zero it also hangs. It won't go to the Windows boot up logo. It stays hanging in the black screen. (It's a sort of F8 screen).
After that I repaired with the Windows XP professional fixboot and chkdsk, but that didn't help.
I opened the drive with a Knoppix Live boot CD. I saw that the infected files were set in quarantaine, but lsass.exe was so still on it's place.
So I removed the in quarantaine set files and I booted up again, but it still hangs.
I'm out of solutions, does anybody know what files are damaged, or maybe missing that prevent booting up?
Edited by lvrijn, 17 September 2010 - 01:51 AM.