Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Having problems please help


  • Please log in to reply
10 replies to this topic

#1 kingey

kingey

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:01 AM

Posted 24 March 2011 - 07:33 AM

Hello All,

Glad to have found this site and for the past 3 days I've been trawling the forum to see if any solutions could be offered. and want to know the best solution before I continue.

This is partially my fault as I never kept my protection up to date.

A brief list of problems I am encountering.

1. On start up computer goes to a fake logon screen, looking like safe mode with just other user icon and requires login and password, if I switch off at this point it reboots and comes to screen with repair option and start windows normally, if I start normally it recycles this process if I click repair startup it does nothing then I click start normally and it boots up fine.

2. Website re-directions from google search (seems to be a common one on here), successful after a few attempts

3. Cannot start in safe mode, as the f8 option just follows the complete fake login cycle.

4. Have looked at other posts and tried to download the programmes to post logs, but every executable file comes up with error xxxx is not valid win32 application


What I've tried doing...

1. Have updated my McAfee protection, virus scan has removed some files but the above problems persist. Which is why I want to access safe mode to do a scan from there

2. Identified various files on start up from msconfig and disabled these from running, one is entitled bhubejojo and is a rundll32.exe file that keeps re appearing, but can name the others if this helps


What should I do..

1. Can I reboot safely from msconfig into safe mode?
2. I have no restore points for the PC (stupidly), so should I back up my essential files and run the restore disk?
3. Check the registry (not sure how or what this can achieve)

All help is massively massively appreciated..

BC AdBot (Login to Remove)

 


#2 kingey

kingey
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:01 AM

Posted 26 March 2011 - 12:20 PM

So I guess no-one can help me?? Has anyone at all experienced this type happening to them?

#3 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:04:01 AM

Posted 26 March 2011 - 12:30 PM

I'm reviewing your thread right now.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#4 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:04:01 AM

Posted 26 March 2011 - 12:34 PM

In order to provide the best advice to you, I need some clarification on a few things.

Are you able to boot up your computer at all?

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#5 kingey

kingey
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:01 AM

Posted 28 March 2011 - 03:41 AM

Hi Sweetech,

Yes I can boot up the computer but the same cycle happens every time as in problem point (1).

On first start up it opens this fake login screen (mode appearance is like safe mode) with blank other user logo (no image) and asks for user name and password, there is also another icon in the bottom left of the screen when highlighted it says "easy access" but this does nothing.

I shut down via the computer on/off button at this point and re boot where it boots this time to a black safe start up screen saying windows encountered a problem and reccomends two options one startup repair( reccomended) and start windows normally. I first have to select the start up repair, but after 1 second comes back to the same screen so not sure if this has done anything, and then I select start windows normally and it boots the computer just fine then.

If I select start windows normally without first selecting start up repair, the whole safe mode login screen happens again.

#6 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:04:01 AM

Posted 28 March 2011 - 09:11 AM

Can you try to download and run this tool on your computer;


Scanning with MalwareBytes' Anti-Malware

Please download Malwarebytes' Anti-Malware (v1.50) and save it to your desktop.
Download Link 1
Download Link 2Malwarebytes' may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to this Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes' when done.
Note: If Malwarebytes' encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes' from removing all the malware.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#7 kingey

kingey
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:01 AM

Posted 28 March 2011 - 11:03 AM

Thank you SweetTech, but as stated in problem point (4) I download the programme and upon tring to open I get the error message mbam-setup.exe is not a valid win32 application, hence not being able to open any exe programme. See my huge frustartions!!! :angry:

#8 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:04:01 AM

Posted 28 March 2011 - 11:09 AM

Try downloading and running this tool:

Running RKill

  • Please download RKill by Grinler from one of the 4 links below and save it to your desktop.

    Link 1
    Link 2
    Link 3
    Link 4

  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply

Do not reboot your computer after running rkill as the malware programs will start again. Or if rebooting is required run it again.


If you continue having problems running rkill.com, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.


Lets see if that tool will run. If it will please attempt to install MBAM.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#9 kingey

kingey
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:01 AM

Posted 29 March 2011 - 04:02 AM

Hi Sweetech, Again the same problem is not a valid win32 application even with iexplore link and right click run as administrator

#10 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:04:01 AM

Posted 29 March 2011 - 02:32 PM

Hello,

I'm going to ask that you post in our Malware forum. Instructions will be included below. You may not be able to do anything in the instructions, but make sure you post in the topic saying that you were unable to follow the instructions in the post due to the infection you have. Be as specific as you can.

Please follow the instructions in ==>This Guide<==. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues and what you have done to resolve them.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Kindest Regards,
SweetTech.

Edited by SweetTech, 29 March 2011 - 02:35 PM.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#11 kingey

kingey
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:01 AM

Posted 14 April 2011 - 03:54 AM

Apologies for my delay many thanks for the info here, and thank you to the other user who PM'd me with a link to another issue, it did appear very similar. However I have just noticed my bank account has been activated and used by someone else, so I think the best option is to do a full restore.

I have one further question I have an acer AX1300 operating on vista, and have moved all my files to the F: Data partition. Also to create a backup image it will be saved here. However the backup image will take 5 hrs to complete, and it's only my files Im concerned about. If I go ahead with the factory restore, am I right in believing that my data on the F: partition will be safe and accessable?

Many thanks, you guys rock, and I hope no-one encounters this nasty little piece of work either!! :thumbup2:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users