Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I can only use my computer in safe mode


  • Please log in to reply
30 replies to this topic

#1 Jrockin

Jrockin

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Michigan
  • Local time:01:53 AM

Posted 13 September 2011 - 03:25 AM

I have an L505D-GS6000 Toshiba Satellite with Windows 7. At the moment, I can only go on my lap top in safe mode. When I try to log onto it normally, it starts loading the things on my desktop and then freezes. I know that in safe mode, you are limited to what you can do, so I'm not sure if having no sound also is because of the safe mode or if it's related to what ever the problem is with the lap top as a whole.

I have talked to a few people about it, some say I may have a virus that has frozen my drivers.....I know nothing about computers, so this is very frustrating for me.

I have Malawarebytes, and have run a full scan and nothing came up. I also am no able to download anything, which, again, I'm not sure if that's because I'm in safe mode, or if it's related to the problem with the lap top.

Any help on this situation would be greatly appreciated!!

Thank you,

Jaime

BC AdBot (Login to Remove)

 


#2 Jrockin

Jrockin
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Michigan
  • Local time:01:53 AM

Posted 13 September 2011 - 03:28 AM

PS....rebooting the computer does nothing, it still does the same thing. Ctrl Alt Del does nothing as well.

#3 RefreshConsulting

RefreshConsulting

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:53 AM

Posted 13 September 2011 - 05:19 PM

could be an attached USB device our docking station. Reboot with nothing attached, and boot up normally.

If that does not work, boot into safe mode, and set your display to 800X600, and then reboot normally. This is just for testing to see if it's a resolution issue.

#4 RefreshConsulting

RefreshConsulting

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:53 AM

Posted 13 September 2011 - 05:28 PM

oh, and choose "safemode WITH networking" and that should fix your "unable to D/L in safemode issue.

#5 Jrockin

Jrockin
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Michigan
  • Local time:01:53 AM

Posted 13 September 2011 - 10:35 PM

The thing about the usb thing.......I don't have anything attached to my computer, the only thing plugged into it is the power cord. I've tried booting it with and without the power cord attached....didn't do anything.

Also, I do go on my computer in safe mode with networking so that I can go online, but anything I try to download, won't download properly.

I appreciate the help.

#6 RefreshConsulting

RefreshConsulting

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:53 AM

Posted 14 September 2011 - 08:58 AM

ok, Click Start, the in the search box type "msconfig" W/O the "".

Click the startup tab, and in that list I suspect a virus program is set to run on stratup. You can uncheck the item or items and reboot normaly. This will not remove the virus, only stop is from running on startup.

You will want to D/L and install a copy of Malwarebytes. And run the "quick Scan"

If that does not want to run (some Virus's kill the malwarebytes EXE from running) , then you'll want a copy of "Combofix" and that's sure to fix the virus.

#7 Queen-Evie

Queen-Evie

    Official Bleepin' G.R.I.T.S. (and proud of it)


  • Members
  • 16,485 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:My own little corner of the universe (somewhere in Alabama). It's OK, they know me here
  • Local time:01:53 AM

Posted 14 September 2011 - 09:10 AM

When posting your problem, do not run and post a ComboFix log. Due to the power of this tool it is strongly advised that you do not attempt to act upon any of the information displayed by ComboFix without supervision from someone who has been properly trained. If you do so, it may lead to problems with the normal functionality of your computer.Any posts containing CF Logs will be ignored.

You should read this before using ComboFix on your own.

http://www.bleepingcomputer.com/forums/topic273628.html


@RefreshConsulting, the OP stated in his/her first post that he/she ran MBAM and nothing was found. Please do not recommend Combofix to anyone. If it is needed a trained Malware Responce Team Member will request running Combofix and a log post.

Edited by Queen-Evie, 14 September 2011 - 09:28 AM.


#8 RefreshConsulting

RefreshConsulting

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:53 AM

Posted 14 September 2011 - 09:34 AM

@queen

I agree with your statment, But Mbam does not find all the steathy Rootkits out there that Combofix does find.


I agree that everyone should read the "Guide and tutolial on how you use Combofix"

I've used Combo fix on 100+ machines, and have found that you should not run it on a PC that uses any type of SQL Server. Also you would need to uninstall AVG b4 you run combofix.

In the future, what is the proper way to advise a user to run Combofix W/O a Forum Admin skolding me?

Perhaps I should have advise the use of rkill.exe and then to rerun Mbam, as that is also a lesser risk of user confustion.

I'm Sorry for any issues I may have caused.

#9 Queen-Evie

Queen-Evie

    Official Bleepin' G.R.I.T.S. (and proud of it)


  • Members
  • 16,485 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:My own little corner of the universe (somewhere in Alabama). It's OK, they know me here
  • Local time:01:53 AM

Posted 14 September 2011 - 09:55 AM

@queen

In the future, what is the proper way to advise a user to run Combofix W/O a Forum Admin skolding me?

Perhaps I should have advise the use of rkill.exe and then to rerun Mbam, as that is also a lesser risk of user confustion.

I'm Sorry for any issues I may have caused.



In the future you don't advise a user to run Combofix, at least not here at Bleeping Computer.
While you may be experienced in the use of Combofix the policy here is only those who are designated Malware Response Team Members are allowed to interpret the logs and respond to them if one was requested. This also applies to DDS logs and HJT logs. This assures members that they are receiving help from properly trained individuals who go through a rigorous training program before becoming full-fledged team members.

I know nothing about rkill and whether you could advise the use of it. What I will do is ask for clarification from someone who does know about it.

I am sorry you view my response as scolding. It was not intended as that. Rather it was a mention of the policy here at BC.

Edited by Queen-Evie, 14 September 2011 - 10:14 AM.


#10 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:06:53 AM

Posted 14 September 2011 - 11:03 AM

I think this issue maybe related to driver corruption not because of a virus or anything malware related.

but to be sure lets see if the following will work / find something:

SUPERAntiSpyware:

Please download and scan with SUPERAntiSpyware Free

  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are unchecked (leave all others checked):
    • Ignore files larger then 4mb
    • Ignore non-executable files

    Now Perform the scan with SUPERAntiSpyware as follows:
    • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
    • On the left, make sure you check C:\Fixed Drive.
    • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
    • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
    • Make sure everything has a checkmark next to it and click "Next".
    • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
    • If asked if you want to reboot, click "Yes" and reboot normally.
    • To retrieve the removal information after reboot, launch SUPERAntispyware again.[list]
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

SAS Portable
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.


Now GMER

GMER does not work in 64bit Mode!!!!!!

Please download GMER from one of the following locations and save it to your desktop:

  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.


All scans above should be performed in regular boot mode, and if that is not possible then I will post instructions in a follow up reply on how to get into Safe Mode to perform the scans. Also all scans should be COMPLETE and not quick unless specifically instructed to do so.

#11 Jrockin

Jrockin
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Michigan
  • Local time:01:53 AM

Posted 14 September 2011 - 03:21 PM

@ Refresh- The attachment is a screen shot of what is running on startup. The checked boxes are the only things that are running.
With the help of a friend a few weeks ago who is in IT, I believe I tried the combofix thing. I would never do something like that on my own because I know nothing about computers, but I'm pretty sure either it didn't work, or I just wasn't able to do it. If it's something you have to download, the problem was probably in the fact that nothing will download properly.

@crypto- I have heard that it may be a driver problem. Someone said that my drivers are probably frozen. I'm not able to boot up in normal mode, I can ONLY boot in safe mode. And I'm thinking that downloading those things you suggested just wouldn't work because nothing I download works properly.

I really appreciate all the help...just sucks not being able to fix my own computer....why do things have to be so complicated? Also, I am starting school soon...I would really love to get to the bottom of this!

Ps...not sure if I said it earlier, but I've done a system restore on it, and it didn't fix anything, and I've also done the "repair" thing at the boot screen, and that did nothing. Let's just hypothetically say the drivers are frozen, would that be why I don't have any sound? Or do you not have sound in safe mode?

Attached Files



#12 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:06:53 AM

Posted 14 September 2011 - 03:28 PM

Can you try to download them via Safe Mode in Networking?

#13 Jrockin

Jrockin
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Michigan
  • Local time:01:53 AM

Posted 14 September 2011 - 03:29 PM

Yea, I'll try it...here goes nothin!

#14 Jrockin

Jrockin
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Michigan
  • Local time:01:53 AM

Posted 14 September 2011 - 03:36 PM

I'm following your instructions....not sure which scan to choose....

....

Attached Files



#15 Jrockin

Jrockin
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Michigan
  • Local time:01:53 AM

Posted 14 September 2011 - 04:00 PM

Not sure if this matters....but this is the error message I get if I try to go on yahoo, and this happened before, when I was still able to log on in normal mode. I uninstalled it and then re-installed it, and it did the same thing.

Attached Files






1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users