Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Background Picture Only For XP, Safe Mode Reboots


  • Please log in to reply
5 replies to this topic

#1 BRRABill

BRRABill

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:03 PM

Posted 22 August 2013 - 04:15 PM

I have a user who all of a sudden was getting a blank desktop with just their normal background on the screen.  No programs will run through task manager.  (Like if you run explorer.exe, nothing happens.)

 

If you reboot into Safe Mode, it loads, but then instantly reboots itself back to the blank desktop mentioned above.  Even Safe Mode command prompt.

 

What virus exhibits this type of activity?  And how can I get rid of it in XP without access to a command prompt?



BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,699 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:08:03 PM

Posted 22 August 2013 - 07:14 PM

Welcome aboard p22002758.gif

 

I'll report this topic to appropriate helpers.

Hold on there....


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 BRRABill

BRRABill
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:03 PM

Posted 23 August 2013 - 07:57 AM

Thanks.

 

Typically I would fix this if it was in front of me, but it is a remote user, and to be honest I've never seen this kind of activity before.

 

It seems almost like the FBI-virus, but no screens are presented, just the picture on the desktop.



#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,115 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:03 AM

Posted 25 August 2013 - 11:40 AM

Hello, have you verified if the explorer.exe file is in place?

 

This could be ransomware, are you able to see the running processes in the taskmanager? If so, could you list them here?


regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 BRRABill

BRRABill
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:03 PM

Posted 04 September 2013 - 10:25 AM

I finally got the computer in-hand.  Clearly had something ... MSE wouldn't run, CMD opened the closed immediately.

 

I ran ComboFix, and all the problems went away.



#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,115 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:03 AM

Posted 04 September 2013 - 11:53 AM

I'm glad to hear that resolved the problems, regardless, be careful with using combofix, its a powerful tool and can do quite some damage in some cases.


regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users