Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows does not open


  • Please log in to reply
39 replies to this topic

#1 mark436

mark436

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:05:13 PM

Posted 17 October 2012 - 03:57 PM

My girlfriends Asus eee pc notebook got infected with the system progressive protection virus.

I followed the instructions from stelian pilici at:-

http://malwaretips.com/blogs/system-progressive-protection-virus/

Everything was going well I had completed step 4 (downloaded malwarebytes which had detected 18 problems). Malwarebytes asked me to reboot so I did in "normal mode".
However once I had got to the operating screen, just before the usual icons were about to appear it made the noise it does when it is closing down and took me back to the login screen where I can login as myself or the administrator, clicking on either will repeat the same process and then take me back to the login screen. (a login logout loop)

I have tried opening in safe mode under every option including last known good configuration but still the same.

I only had a notebook but have since purchased an external drive thinking I may have to reload win xp but this may not work as the drive needs to register with the computer first and since the operating system does not work this may not be possible

Could malwarebytes have deleted a process it should not have? Either way I need help. Thanks

Mark

Edit: Moved topic from XP to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)

 


#2 mark436

mark436
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:05:13 PM

Posted 21 October 2012 - 06:52 AM

http://www.bleepingcomputer.com/forums/topic472186.html

#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:13 PM

Posted 21 October 2012 - 08:47 PM

Hello while that may have been it is most likely the malware that corrupted something else.
I have posted for someone to look here that handles these.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:13 PM

Posted 21 October 2012 - 09:09 PM

Hello mark436 :)

  • I will be helping with your computer problems.
  • From this point on, it is very important that you refrain from doing anything else to your computer other than what I have requested of you.
  • I do not mind if you browse the web, do basic tasks, or even test to see if the problem(s) you are experiencing are still occurring with the computer while we are working together, but do not run any tools/fixes unless I or another helper from this thread has asked you to do so.
  • Remember that you came here for help, so allow us to help you :)
  • If something does not run, make a detailed note of what problems you encountered along the way (exact error messages are preferred), but continue onto the next steps until you reach the end of my post.
  • Always do the steps they are listed in (left to right, top to bottom).
  • I prefer that you complete all the steps while you are in Normal Mode. However, I understand that sometimes this is not possible. If you are unsuccessful in getting a tool/fix to run from Normal Mode, but Safe Mode works, then use Safe Mode.
  • If you have a question about something, do not hesitate to ask.

I would like you to follow these instructions first:

Download GETxPUD.exe to the desktop of your clean computer
  • Run GETxPUD.exe
  • A new folder will appear on the desktop.
  • Open the GETxPUD folder and click on the get&burn.bat
  • The program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.
  • Click on Start and follow the prompts to burn the image to a CD.
  • Next download xPUD Userinit_fix to your USB drive
  • Remove the USB & CD and insert it in the sick computer
  • Boot the Sick computer with the CD you just burned
  • The computer must be set to boot from the CD
  • Gently tap F12 and choose to boot from the CD
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Confirm that you see xPUD userinit fix that you downloaded there
  • Doubleclick the file to run it.
  • After it has finished a report will be located on your USB drive named UserinitFix.txt
  • Remove the USB drive and insert it back in your working computer and navigate to UserinitFix.txt

    Please note - all text entries are case sensitive
Copy and paste the UserinitFix.txt for my review
Also try to boot normally from the sick computer.

Edited by Orange Blossom, 21 October 2012 - 09:33 PM.
Moved to log forum. ~ OB


#5 mark436

mark436
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:05:13 PM

Posted 23 October 2012 - 11:52 AM

Thank you for your reply

I have encountered a problem early on. Using the clean computer I click on GetxPud.exe it says you have chosen to open GETxPUD.exe would you like to save this file I click save file. It then says enter file name to save so I save it as that. A grey box then says GETxPUD.exe is an executable file....are you sure you want to launch GETxPUD.exe. I click on ok and then nothing. I can not find it anywhere. The clean computer also uses windows xp.

A couple of other thoughts the sick computer does not have a built in cd drive I have since purchased an external drive but because the computer is broken I have been unable to register it or download any drivers for it this hopefully will not present a problem its just that I noticed further down your list of instructions that I have to plug in the cd driver and wondered if the broken computer will recognise what is a "brand new device" for it.

Also I just tried out the f12 button on the sick computer but it did not work but hopefully once the usb is plugged in it will?

#6 mark436

mark436
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:05:13 PM

Posted 23 October 2012 - 12:00 PM

I should add I tried the f12 button as I had never heard of that before and thought I would see if it works not because I thought it would fix the computer as it may of sounded in the previous message but just to see if the screen would appear.

#7 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:13 PM

Posted 23 October 2012 - 01:51 PM

A grey box then says GETxPUD.exe is an executable file....are you sure you want to launch GETxPUD.exe. I click on ok and then nothing. I can not find it anywhere. The clean computer also uses windows xp.

Save the file to a location that you can locate later on. Also please disable any anti-virus Auto Protect features while you are attempting to download xPud.
You may also want to look in the Downloads folder. c:\Documents and Settings\<Your Username>\Downloads

#8 mark436

mark436
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:05:13 PM

Posted 23 October 2012 - 03:03 PM

Thank you for replying so promptly I previously found it under downloads but then when you mentioned it I also noticed a yellow folder which contained the various options.

I made the cd and then saved xpuduserinit_fix to the usb stick I inserted both the stick and cd into the sick computer but when pressing f12 no screen comes up (it does on the clean computer) but not on my asus eee 1005ha. It just follows through as per my inital query. However f8 does work.

I googled "asus eee f12 not work" to see if its a fault within the computer and a few problems seemed to crop up but of course this may well apply to any make of computer.

#9 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:13 PM

Posted 23 October 2012 - 03:23 PM

Try the Esc button instead of F12.

#10 mark436

mark436
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:05:13 PM

Posted 23 October 2012 - 04:06 PM

I've tried the escape key but nothing.

I did try all the f keys and f5 and f8 were the same (advanced option menu) while f2 came up with "bios set up utility" although this had boot settings I did not proceed with anything as was unsure if this was the correct screen.

#11 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:13 PM

Posted 23 October 2012 - 04:10 PM

While you are in the BIOS, you need to set the first boot device to be your USB CD/DVD ROM drive.
Then Save the changes and exit.

Since not every BIOS display is exactly the same, if you have questions about what is on a screen, either type it out to me to review or take a picture of it and I will help guide you through it.

#12 mark436

mark436
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:05:13 PM

Posted 23 October 2012 - 06:17 PM

In Bios I have a choice of main advanced security boot and exit section.

For now I will list what the boot option says

Boot settings

Boot device priority
Boot settings configuration

onboard lan boot rom (disabled)
boot booster (enabled)

selecting "boot device priority" says:-

1st boot device (HDD:PM-ST9160314AS)
2nd boot device (Removable dev.)
3rd boot device (ATAPI CD-ROM)

I think I will try the 3rd option tomorrow as I have to get to sleep now. If I have not heard otherwise from you I shall let you know how it goes. Thank you for your help.

#13 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:13 PM

Posted 23 October 2012 - 06:33 PM

The third option may work. Let me know how it goes.

#14 mark436

mark436
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:05:13 PM

Posted 24 October 2012 - 04:52 AM

It appeared as "user init report.txt" on the clean computer and says this:-

I have reloaded the sick computer and it is now working I can see the "system progressive protection support" virus that caused all the problems sitting on the desktop. I have so far spent just a couple of minutes on the internet and no visible signs of it causing problems...yet! Well done.

Remote Registry Userinit Report

Hive </mnt/sda1/WINDOWS/system32/config/software>
(...)\Windows NT\CurrentVersion\Winlogon> Value <Userinit> of type REG_SZ, data length 48 [0x30]
C:\WINDOWS\userinit.exe
(...)\Windows NT\CurrentVersion\Winlogon> EDIT: <Userinit> of type REG_SZ with length 48 [0x30]
[ 0]: C:\WINDOWS\userinit.exe
-> newkv->len: 68
(...)\Windows NT\CurrentVersion\Winlogon> Value <Userinit> of type REG_SZ, data length 68 [0x44]
C:\WINDOWS\system32\userinit.exe,

userinit.exe search results

29a1877f2d0eacff20b6507a3c00f31b /mnt/sda3/minint/system32/userinit.exe
25.5K Mar 24 2005
a93aee1928a9d7ce3e16d24ec7380f89 /mnt/sda1/WINDOWS/system32/dllcache/userinit.exe
25.5K Apr 14 2008
a93aee1928a9d7ce3e16d24ec7380f89 /mnt/sda1/WINDOWS/system32/userinit.exe
25.5K Apr 14 2008

winlogon.exe search results

325fd6d25fc1d77c363e87b445c8b023 /mnt/sda3/minint/system32/winlogon.exe
497.0K Mar 24 2005
4e0d8c9f83b7fd82393f7d8ccc27e7ae /mnt/sda1/Program Files/Malwarebytes' Anti-Malware/Chameleon/winlogon.exe
213.6K Sep 7 16:04
ed0ef0a136dec83df69f04118870003e /mnt/sda1/WINDOWS/system32/dllcache/winlogon.exe
496.0K Apr 14 2008
ed0ef0a136dec83df69f04118870003e /mnt/sda1/WINDOWS/system32/winlogon.exe
496.0K Apr 14 2008

explorer.exe search results

12896823fb95bfb3dc9b46bcaedc9923 /mnt/sda1/WINDOWS/system32/dllcache/explorer.exe
1009.5K Apr 14 2008
12896823fb95bfb3dc9b46bcaedc9923 /mnt/sda1/WINDOWS/explorer.exe
1009.5K Apr 14 2008

#15 mark436

mark436
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:05:13 PM

Posted 24 October 2012 - 04:57 AM

I should add that the "system progressive protection support" logo on the desktop appears as a firefox symbol with a a4 white page background.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users