Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

"Windows Safemode" Virus


  • Please log in to reply
2 replies to this topic

#1 Flows

Flows

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:37 AM

Posted 08 March 2011 - 01:01 PM

Hello,

Sorry for starting a new thread, but some forums require a new thread even if you have the same issue as another (so as not to piggyback).

I've acquired this malware and can't seem to remove it.

I'm running windows xp. I already had malwarebytes software on my computer, so I quickly ran it once I acquired the virus, but it did not catch it (too new I think). I shut down and went into safe mode. Once in safe mode, I tried malwarebytes again. No luck. I shut down one more time, and now I can not start my computer in safe mode (or in any form of safe mode - networking, cmd prompt, etc).

I can start in normal mode, but the only thing I get is the fake safemode virus scan. Can't get it to close. I can't access the task manager via ctl, alt, del. That option is greyed out.

Is there a way to remove this from the bios or something? I DO NOT have any of the start up disks that came with the laptop.

Thanks to anyone who can help. I DO have access to another laptop if that helps. (typing on it now).

BC AdBot (Login to Remove)

 


#2 Flows

Flows
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:37 AM

Posted 08 March 2011 - 05:42 PM

Hi All,

I managed to defeat the little buggar! been trying for 2 days.

Copied this from another thread and added more detail on what to do:

Started in Normal mode (safemode did not boot for me). Once I got the dialog box speaking of "boot disk failure" (don't click on it) I just opened utility manager with windows+U (press the windows icon on your keyboard, usually next to the alt button down by spacebar, plus the letter "u"), then clicked the help button on the utility manager, when the help index came up I clicked options and internet options. From there I clicked settings under browsing history, then clicked view files. I was then given an explorer menu and subsequently explorer finished booting.

I did exactly what is typed above. It at least allowed me to get past the nasty "boot disk failure" and my desktop icons loaded up like normal. My computer was still infected, but I was at least able to recover my files and save them on a jump drive. I would have been satisfied if this was as far as I got....

Then, I did this:

My Computer -> C: drive, documents and settings, all users, application data - delete all files that were created on the day of virus (suspicious .exe's that share the same look as windowssafemode icon
- restart the whole process except now go back into application data and delete the .dll file that was also created on the same day and could not be deleted previously (in my case it began with a caps N). I had to shut down and restart in normal mode in order to delete this final .dll file.

Than I ran Malwarebytes. Malwarebytes caught the virus and deleted it. I did not need rkill as this virus was not preventing me from running malwarebytes. But I ran rkill anyway.

All is well.

Edited by Flows, 08 March 2011 - 05:43 PM.


#3 hamluis

hamluis

    Moderator


  • Moderator
  • 55,264 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:02:37 AM

Posted 08 March 2011 - 06:34 PM

Thanks for posting your situation and resolution.

Happy computing :).

Louis




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users