Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Heavy virus infection


  • This topic is locked This topic is locked
2 replies to this topic

#1 Shinkon_Nakami

Shinkon_Nakami

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:39 AM

Posted 05 November 2010 - 10:09 PM

My Toshiba satellite Pro A300 is quite infected by viruses. Originally I had a fake Trojan alert (system tools) which installed its self via driveby download. Also explorer.exe occasionally wont load on start-up, I have to manually start it in a run command. I attempted to run Malwarebytes after a few seconds, malwarebytes froze and stopped responding. I Investigated the start-up programs and start-up services using Autoruns and MSconfig,i had found nothing out of the ordinary, I restarted the laptop into safe mode and reran malwarebytes but the same problem as normal mode.

I removed the hard disk from the laptop and installed it into a spare machine I have and ran a full scan of malwarebytes. The scan did not freeze; I have attached the log malwarebytes has made called malwarebytes scan log 1 from spare computer, the biggest thing that stood out was userinit.exe was infected (Quarantined and deleted successfully). Repaired that by extracting userinit.exe from my xp pro installation CD in a customized BartPe command Prompt. After repairing userinit.exe I checked the registry to confirm that userinit.exe registry file is pointing to the correct location.

Then i reinstall laptop Hard disk drive back into my laptop and re ran malwarebytes full scan, did not freeze ((good sign)Log also attached called Malwarebytes scan log 2). This scan also found userinit.exe registry was infected repaired registry value in customised BartPe. Then I Ran Spybot, after a few hours Spybot froze (Running bot-check (1289774/1289774: Please wait ............)). I Restarted laptop and started a AVG 8.5 (Free) scan after an hour, AVG closed without finishing.

I have also attached the GMER log as requested, though could not get a DDS log due closes without opening the log.



Any help would be awesome

Attached Files



BC AdBot (Login to Remove)

 


#2 Shinkon_Nakami

Shinkon_Nakami
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:39 AM

Posted 10 November 2010 - 04:43 PM

I have read the guide to removing system tools. but same problems

so im going to just backup format and reinstall.

Edited by Shinkon_Nakami, 10 November 2010 - 04:43 PM.


#3 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:39 AM

Posted 11 November 2010 - 04:38 PM

As this issue appears to be resolved I am closing the topic. Please send me (or any other Moderator) a Personal Message (PM) if you would like the topic re-opened.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users