Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


New Virus can not access desktop

  • This topic is locked This topic is locked
2 replies to this topic

#1 Matthew C

Matthew C

  • Members
  • 1 posts
  • Local time:07:49 AM

Posted 22 February 2012 - 11:41 AM

I would love to run DDS for you guys but can not even do that.

Windows Server 2003 (Terminal Server)

Upon login even in safe mode I see the desktop for a split second and then a window takes over and shuts down everything else.

The Window is labeled ACCDFISA Protection Program. It states that the computer was used to view child porn and is probably infected. Please send us money.

Cntrl + Alt + Del allows me to shutdown. Task Mgr is available but does not run.

Using Kaspersky Rescue disk found nothing of value. Booting in Safe Mode allowed me in once with the same affects and now hitting F8 just reboots the computer. Logging in as different users has the same results.

Using Kaspersky I am able to edit HKLM and HKU neither of which shows anything strange starting up. I can not get into HKLM/system/current control set with this editor

I have tried running Rkill as a .scr, .com, and .exe from hklm\software\microsoft\windows\run

I am stumped at this point how to even begin diagnosing this one.

Thanks in advance

BC AdBot (Login to Remove)


#2 Elise


    Bleepin' Blonde

  • Malware Study Hall Admin
  • 61,320 posts
  • Gender:Female
  • Location:Romania
  • Local time:03:49 PM

Posted 24 February 2012 - 01:07 PM

Hello and :welcome: to BleepingComputer.

As this seems to be a corporate computer, please consider the following:
  • There may be restrictions and modifications installed on such machines that could be damaged or altered by the actions we take to remove Malware.
  • Any infection could jump terminals in a computer network.
  • There may also be legal issues regarding any loss of business data that I do not wish to deal with.
  • Some people who come here use their computers for work, and the computers may contain the patient records of a physician or the financial records of an accountant's clients or credit card and bank account information of their employer's customers.
  • There may be tremendous risks and legal liability for such users for not fully securing the computer. We will not know this unless we ask. We do not want to be accidentally putting those we help in vulnerable positions for lawsuits.
  • Business factors outweigh technical factors in making the reformat and reinstall decision. Sometimes friends give missing CDs or lack of expertise as a reason for not doing a reformat and reinstall.
  • The cost of replacing missing Windows XP and MS Office CDs and getting an Microsoft Certified Systems Engineer to come in for 3 hours to do the reinstall and apply all the critical updates, is trivial compared with the potential cost of a multi-million dollar lawsuit for breach of trust if confidential client or patient information is disclosed.
  • In specific situations where highly confidential information about others is on the computer, and a backdoor virus or trojan is found, we are helping people more by identifying that they have a backdoor trojan which puts them in a particularly vulnerable situation and sending them to seek local professional help from a Microsoft Certified Systems Engineer or Certified Information Systems Security Professional or Global Information Assurance Certification Certified Security Expert or Certified Computing Professional or Internet Service Provider than we would be trying to fully resolve their problems long distance.

If despite the above you wish to continue with this topic, please do the following:

Download http://unetbootin.sourceforge.net/unetbootin-xpud-windows-latest.exe & http://noahdfear.net/downloads/bootable/xPUD/xpud-0.9.2.iso to the desktop of your clean computer
  • Insert your USB drive
  • Press Start > My Computer > right click your USB drive > choose Format > Quick format
  • Double click the unetbootin-xpud-windows-latest.exe that you just downloaded
  • Press Run then OK
  • Select the DiskImage option then click the browse button located on the right side of the textbox field.
  • Browse to and select the xpud-0.9.2.iso file you downloaded
  • Verify the correct drive letter is selected for your USB device then click OK
  • It will install a little bootable OS on your USB device
  • Once the files have been written to the device you will be prompted to reboot ~ do not reboot and instead just Exit the UNetbootin interface
  • After it has completed do not choose to reboot the clean computer simply close the installer
  • Next download http://noahdfear.net/downloads/xPUD_userinit_fix to your USB (without a file extension, you may have to right click on the link and click on Save Target As, and make sure that "All Files" is selected)
  • Remove the USB and insert it in the sick computer
  • Boot the Sick computer
  • Press F12 right as the computer is initially starting up, and choose to boot from the USB
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your hard drive
  • sdb1 is likely your USB
  • Click on sdb1 (this is your USB drive)
  • Confirm that you see xPUD_userinit_fix on your USB drive (sdb1)
  • Double click on xPUD_userinit_fix
  • After it has finished a report will be located on your USB drive named UserinitReport.txt
  • Click on the Home tab, click on Power Off, and then click on Turn Off
  • Remove the USB drive and insert back in your working computer and navigate to UserinitReport.txt

    Please note - all text entries are case sensitive
Please copy and paste the UserinitReport.txt for my review.

regards, Elise

"Now faith is the substance of things hoped for, the evidence of things not seen."


Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome


Malware analyst @ Emsisoft

#3 Elise


    Bleepin' Blonde

  • Malware Study Hall Admin
  • 61,320 posts
  • Gender:Female
  • Location:Romania
  • Local time:03:49 PM

Posted 20 March 2012 - 09:39 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

regards, Elise

"Now faith is the substance of things hoped for, the evidence of things not seen."


Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome


Malware analyst @ Emsisoft

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users