Posted 29 January 2006 - 10:19 PM
About ten days ago, while surfing the Web, the Spyaxe popup alighted on my screen and, not then knowing that I should hit ALT F4 rather than touch the attacker, I tried to eliminate it by clicking on the red X in the top corner, which actually allowed it to install. At the same time, AVG informed me that I had been hit by four more attackers: Trojan-Delf-EF, Krepper, Multi-B, and the infamous Coolwebsearch.
I can't recall whether I managed to tell AVG to take action but the attacks followed each other so fast that I had little time to read or write, and AVG itself seemed to become disabled. I went to Windows Add/Remove Programs and uninstalled Spyaxe, but I can't remember what happened after that. I think I tried to open AVG but could not, and I think that all my desktop icons stopped working. At some stage I got
Now, on normal bootup or on boot with last good configuration, after the BIOS screens, I get the Windows XP screen followed by a blue screen with an Application Error window for csyzx.exe, which no search engine can find on the web to give me information; I guess it may be a Russian creation. The notice says "The application failed to initialise properly (0xc0000022). Click on OK to terminate the application."
My mouse lights up normally but does not move the pointer on screen. When I hit ENTER the error window is usually replaced (after a minute's wait) by another identical one, then at the next ENTER that is always replaced by a similar notice but this time for explorer.exe.
Hitting ENTER again, I sometimes get the Windows welcome screen, but then my desktop wallpaper without any icons but with a notice headed RUNDLL, bearing the message:
"Error loading newdev.dll Access is denied"
This message, like the czyzx notice, usually appears twice, one behind the other.
After all that, I can only press the shutdown button, which works without any problem.
Booting to any Safemode option I get a black screen filled with a list of drivers, each row being as follows:
Then this is replaced with a blank screen headed with the name of my OS:
SafeMode Windows XP SP2 build...... etc..... etc
Then there comes a blue screen telling me there is a problem, but it stays only one second so I cannot read it.
Then the machine reboots until, without touching F8, we get the options screen giving the choice of boot modes; so if I choose safemode we stay in a loop.
When I have the blank desktop wallpaper I can call up the Taskmanager, but I get told that this has been disabled (apparently by the attacker Multi-B).
On the web I see other peoples' problems with Trojans, but all of them can access Windows, at least in safe-mode. Using the XP setup CD, I can reach the "Welcome to Setup" screen, but I need advice as to which route to choose. I suspect that under such a massive onslaught from the combined forces of evil, my system may be beyond repair.
I am running XP Home SP2 on a laptop, HDD 40Gb, NTFS, with data on a separate partition. Not all my data is backed up: can it accessed and copied ? I suppose my old emails (on the C: drive) will be lost, wont they ? Can I copy an uninfected System Restore file to removable media, then put it back after Windows has been cleaned or reinstalled ?
This message is written on my wife's machine. A big thankyou to anyone who can help.