Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cannot Access Windows Even In Safemode


  • This topic is locked This topic is locked
2 replies to this topic

#1 Quarryman

Quarryman

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:30 PM

Posted 29 January 2006 - 10:19 PM

About ten days ago, while surfing the Web, the Spyaxe popup alighted on my screen and, not then knowing that I should hit ALT F4 rather than touch the attacker, I tried to eliminate it by clicking on the red X in the top corner, which actually allowed it to install. At the same time, AVG informed me that I had been hit by four more attackers: Trojan-Delf-EF, Krepper, Multi-B, and the infamous Coolwebsearch.

I can't recall whether I managed to tell AVG to take action but the attacks followed each other so fast that I had little time to read or write, and AVG itself seemed to become disabled. I went to Windows Add/Remove Programs and uninstalled Spyaxe, but I can't remember what happened after that. I think I tried to open AVG but could not, and I think that all my desktop icons stopped working. At some stage I got
appl.data\avg7\avgcc.err

Now, on normal bootup or on boot with last good configuration, after the BIOS screens, I get the Windows XP screen followed by a blue screen with an Application Error window for csyzx.exe, which no search engine can find on the web to give me information; I guess it may be a Russian creation. The notice says "The application failed to initialise properly (0xc0000022). Click on OK to terminate the application."
My mouse lights up normally but does not move the pointer on screen. When I hit ENTER the error window is usually replaced (after a minute's wait) by another identical one, then at the next ENTER that is always replaced by a similar notice but this time for explorer.exe.
Hitting ENTER again, I sometimes get the Windows welcome screen, but then my desktop wallpaper without any icons but with a notice headed RUNDLL, bearing the message:
"Error loading newdev.dll Access is denied"
This message, like the czyzx notice, usually appears twice, one behind the other.
After all that, I can only press the shutdown button, which works without any problem.

Booting to any Safemode option I get a black screen filled with a list of drivers, each row being as follows:
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS\system32\DRIVERS\[filename].sys
Then this is replaced with a blank screen headed with the name of my OS:
SafeMode Windows XP SP2 build...... etc..... etc
Then there comes a blue screen telling me there is a problem, but it stays only one second so I cannot read it.
Then the machine reboots until, without touching F8, we get the options screen giving the choice of boot modes; so if I choose safemode we stay in a loop.

When I have the blank desktop wallpaper I can call up the Taskmanager, but I get told that this has been disabled (apparently by the attacker Multi-B).

On the web I see other peoples' problems with Trojans, but all of them can access Windows, at least in safe-mode. Using the XP setup CD, I can reach the "Welcome to Setup" screen, but I need advice as to which route to choose. I suspect that under such a massive onslaught from the combined forces of evil, my system may be beyond repair.

I am running XP Home SP2 on a laptop, HDD 40Gb, NTFS, with data on a separate partition. Not all my data is backed up: can it accessed and copied ? I suppose my old emails (on the C: drive) will be lost, wont they ? Can I copy an uninfected System Restore file to removable media, then put it back after Windows has been cleaned or reinstalled ?

This message is written on my wife's machine. A big thankyou to anyone who can help.

Quarryman

BC AdBot (Login to Remove)

 


#2 Quarryman

Quarryman
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:30 PM

Posted 03 February 2006 - 04:24 PM

Hi, all !

You will of course have understood that life has moved on since my last post,
and the situation has changed.

Will you please remove my thread.

If in future I need advice, it is good to know that you are there.

Thank you, and au revoir.

Quarryman

#3 phawgg

phawgg

    Learning Daily


  • Members
  • 4,543 posts
  • OFFLINE
  •  
  • Location:Washington State, USA
  • Local time:10:30 AM

Posted 03 February 2006 - 04:36 PM

Your communication in the posts is all good, Quarryman

Representing timely information, good logic and accurate descriptions of an attack
that exhibited symptoms that often are unique on any given machine,
even the source of the trouble can't predict with certainty all factors in all PCs.

Rather than deletion of topics and threads, we generally leave them for reference,
sometimes closing them to further comment.

Thanks for your "vote of confidence" in the value of our site and the information contained here,
and good job of dealing with the unpleasantries we all face using our technology. :thumbsup:





This topic is closed, as it apparently has been resolved.
If you wish to re-open it at any time, please contact any site moderator using a PM. Thank you.

Edited by phawgg, 03 February 2006 - 04:39 PM.

patiently patrolling, plenty of persisant pests n' problems ...




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users