Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Admin account deleted, Windows seemingly deactivated

  • Please log in to reply
No replies to this topic

#1 LastResort


  • Members
  • 2 posts
  • Local time:10:22 PM

Posted 26 May 2011 - 06:19 PM

Edit: Because my parents were prepared to get a new computer I dug out the Vista install disc and did a complete reinstallation. The virus is gone and extra measures have been taken to make sure my brother doesn't do this a fifth time.

My computer is running Windows Vista Home Premium on a Dell Inspiron 531 and recently a "Vista Security 2001" virus has made its way onto the computer. It has evaded all of my attempts to remove it; the god-awful McAffee found nothing in a full scan, disabling what I thought triggered it at startup through MSconfig.exe did nothing; deleting all temp data with CCleaner and everything I could find that could be related to the virus did nothing, and "efe.exe"--the virus itself--is not in AppData\Local like Windows Task Manager says it is. Internet access is blocked with a pop-up saying that both IE and Opera are infected (I may have found a way around this, but it may be too late). After all my attempts at removal in Safe Mode, I booted it up regularly, hoping I could get around the block by typing a URL into the Windows Explorer address bar, but instead of presenting me with the log-in screen, I met a black screen asking me to revalidate my Windows installation because "something changed." I tried using Dell's built-in factory restore after this, but after a long "Please Wait..." screen, the admin account was inaccessible; the only option was "Other User" and my attempts at logging in through it failed as it told me something like "The domain could not be found or does not exist." I haven't tried running the computer since then and my Google searches have turned up little in removing this. I'm stumped. I can't wirelessly send the infected computer anything nor use a USB flash drive as I don't have one. What do I do?

PS. I don't know where the Vista install disk is if it even came with one. We got this computer years ago before I knew anything about computers so a complete reinstall may be out of the question.

PPS. While I couldn't find the virus itself in AppData\Local, I did find a cache file that it made every time it popped up.

Edit: Did not see the other board down there the first time I looked through (despite the obvious red text). Please forgive me.
Edit 2: Thanks for moving this, Budapest.

Edited by LastResort, 27 May 2011 - 11:19 AM.
Moved from Vista ~Budapest

BC AdBot (Login to Remove)


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users