Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Antivirus Action


  • This topic is locked This topic is locked
12 replies to this topic

#1 Kay54667

Kay54667

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:09 PM

Posted 04 December 2010 - 08:27 PM

Got the Antivirus Action on my laptop. Was told to reboot into safte mode but when I shut down my computer to reboot, it won't let me reboot into safe mode. It says that the registery file is either corrupted or missing. It won't go off of this screen. What should I do?

BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:09 PM

Posted 11 December 2010 - 09:18 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 Kay54667

Kay54667
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:09 PM

Posted 12 December 2010 - 08:09 PM

Hi Mole, Thanks for the reply to my problem.

Jackie

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:09 PM

Posted 12 December 2010 - 08:16 PM

Can I just check a few things.

Are you able to boot into normal mode?

You say you are stuck on the registry warning screen. What happens if you try and close down the system?

What operating system are you running?

Do you have a flashdrive and access to another machine?
Posted Image
m0le is a proud member of UNITE

#5 Kay54667

Kay54667
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:09 PM

Posted 13 December 2010 - 01:07 PM

I have Windows Vista. I have shut down and tried to reboot. It won't move off of the reboot screen regardless of which mode I choose. It just sits there. If I shut down and restart, it won't. I can't even use my battery. I can only get as far as the reboot screen by plugging in. Yes, I have another computer and flash drive.

Jackie

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:09 PM

Posted 13 December 2010 - 02:15 PM

Looks like something is stopping you booting the machine.

We can try a few methods to try and access the computer. The first is a good system but often the CD burning goes wrong. Please let me know if this occurs.

Let's try to boot your computer using the Ultimate Boot CD for Windows (UBCD4win).

Please print this guide for future reference!

You will need a blank CD, a clean computer and a flash drive.

Please follow the steps below and let me know if you were successful. If you were unable to create the UBCD4win, please tell me what error messages you got and/or what steps you got hung up on.

1. Download and Run Ultimate Boot CD for Windows
  • Save it to your Desktop.
  • Double-Click on the UBCD4Win.EXE that you just downloaded to your desktop.
  • Follow all of the instructions/prompts that come up.
    NOTES:
  • Do not install to a folder with spaces in it's name.
  • Your Anti-Virus may report viruses or trojans when you extract UBCD4Win, these are "False-Positives." Read HERE for information regarding the files that normally trigger AV software.
2. Insert your XP CD with SP1/SP2/SP3 into a CD Rom drive
  • Double-Click on UBCD4WinBuilder.exe located in your C:\ubcd4win folder.
  • Click "I agree" to the Builders License.
  • Click NO to Search for Windows Installation Files
  • Make the following selections from the Main Screen that pops up:
    • Builder
    • Source:(path to Windows installation files)
    • Enter the path to the drive where your XP CD is located.
    • You can click on the "..." button on the right to navigate to the path as well.
  • Custom: (include files and folders from this directory)
    • No information is necessary, leave blank.
  • Output: (C:\ubcd4win\BartPE)
    • Keep the default BartPE
  • Media output
  • Choose Create ISO image
  • Do not choose Burn to CD/DVD


Please note: If your XP install disc is SP1 then please .....

  • Disable- DComLaunch Service
  • Enable- LargeIDE Fix

    This can be done by pressing the "Plugin" button and checking or unchecking the appropriate selections

Also note: If you have a Dell XP install disc you will need to follow the instructions here
http://www.ubcd4win.com/faq.htm#dell
[/list]
3. Click on the "Build" button
  • You will see the Windows EULA message. Click on I Agree
  • You will now see the Build Screen. Let it run it's course
  • When the Build is finished you can click close, then exit


4. Burn your ISO file to CD
  • Please see HERE on how to burn an ISO to CD.
[/list]
==========

Next........

From your clean computer..

Please download OTLPE.zip and save it to a flash drive.
http://oldtimer.geekstogo.com/OTLPE.zip
http://www.itxassociates.com/OT-Tools/OTLPE.zip

Double click and unzip OTLPE.zip to its own folder on your flash drive. Name it OTLPE <-- Important!!

==========

Plug your flash drive into your sick computer now and do as instructed below..

==========

1. Restart Your sick Computer Using the UBCD4Win Disc That You Have Created
  • Insert the UBCD4Win disc in to one of your CD/DVD drives.
  • Restart your computer.
    • The computer should choose to boot from the UBCD4Win CD automatically. If it doesn't and you are asked if you want to boot from CD, then choose that option.
  • In the window that pops up select Launch The Ultimate Boot CD For Windows and press Enter.
    • It may take a little longer for the Desktop to appear than it does when you start your computer normally. Just let the process run itself until the desktop appears.
  • Once the desktop appears, you will receive a message asking: Do you want to start Network support?
    • Click on Yes if you want to use the PE environment to get online post your log and reply by way of an Ethernet connection.
  • You should now have a desktop that looks like this:

    Posted Image


==========

Single click My computer from your UBCD4W desktop to navigate to the OTLPE folder that you saved to your flash drive.

Open the OTLPE folder and double click Start.bat.

  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTLPE should now start

    Change the following settings
    • Change Services, Drivers, Standard and Extra Registry to All

  • Copy and Paste the following code into the Posted Image textbox. Do not include the word "Code"

    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %SYSTEMDRIVE%\*.exe
    /md5start
    userinit.exe
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    /md5stop
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\system32\drivers\*.sys /90
    CREATERESTOREPOINT
  • Push Posted Image
  • A report will open. Save that log to your flash drive. Copy and Paste that report in your next reply.

=========

With your next post please provide:

* OTLPE.txt
Posted Image
m0le is a proud member of UNITE

#7 Kay54667

Kay54667
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:09 PM

Posted 14 December 2010 - 07:23 PM

Mole, do you know if I am going to lose all my files on my hard drive by doing this? Please advise,

Thanks,

Jackie

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:09 PM

Posted 14 December 2010 - 08:46 PM

No, this is a scanner that is using a recovery disk to boot your unbootable machine.

The plan will be to get a scan of the machine so I can see what might be causing the problem. As it stands, without a bootable machine you cannot access the personal files anyway so it makes sense to try and access them. If this doesn't work then we have other ways of accessing the machine. If you have important files then we can avoid any removal processes and choose just to access the machine, copy the files and get out. Then you could reinstall.

I will let you know as these options open up to us.
Posted Image
m0le is a proud member of UNITE

#9 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:09 PM

Posted 17 December 2010 - 08:45 PM

You still there?
Posted Image
m0le is a proud member of UNITE

#10 Kay54667

Kay54667
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:09 PM

Posted 20 December 2010 - 07:43 PM

Hi Mole,

Yes, I'm still here. Have been out of town. Won't have time to work on this now until after Christmas. Sorry, Jackie

#11 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:09 PM

Posted 20 December 2010 - 07:46 PM

No apologies needed Jackie.

I will come back to you after Christmas. Have a great yule :)
Posted Image
m0le is a proud member of UNITE

#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:09 PM

Posted 28 December 2010 - 08:33 PM

Hope you had a great Christmas. Are you ready to resume?
Posted Image
m0le is a proud member of UNITE

#13 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:09 PM

Posted 30 December 2010 - 07:30 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users