Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't get to Safe Mode, System Restore msconfig or Malwarebytes


  • Please log in to reply
5 replies to this topic

#1 jgo1247

jgo1247

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:34 PM

Posted 24 November 2013 - 07:10 PM

Running XP, SP3. Have run avast antivirus in both regular and doot scan with no results. Tried to run MalwareBytes but it hangs when trying to update definitions.

 

When I reboot and select Safe Mode it hangs while loading files.

 

Can't find files like Syetem Restore or msconfig.

 

Ran Unhide with following results:

 

Unhide by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Unhide.exe can be found at this link:
  http://www.bleepingcomputer.com/forums/topic405109.html

Program started at: 11/23/2013 02:45:10 PM
Windows Version: Windows XP

Please be patient while your files are made visible again.

Processing the A:\ drive
Finished processing the A:\ drive. 0 files processed.

Processing the C:\ drive
Finished processing the C:\ drive. 186756 files processed.

Processing the E:\ drive
Finished processing the E:\ drive. 1234 files processed.

The C:\DOCUME~1\Owner\LOCALS~1\Temp\smtmp\ folder does not exist!!
Unhide cannot restore your missing shortcuts!!
Please see this topic in order to learn how to restore default
Start Menu shortcuts: http://www.bleepingcomputer.com/forums/topic405109.html

Searching for Windows Registry changes made by FakeHDD rogues.
 - Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
 - Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
 - Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
 - Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
No registry changes detected.

Restarting Explorer.exe in order to apply changes.

Program finished at: 11/23/2013 02:54:39 PM
Execution time: 0 hours(s), 9 minute(s), and 6 seconds(s)

 

 

I posted this at the XP forum and they sent me here. Any advice as to what to do next would be appreciated.

 

John



BC AdBot (Login to Remove)

 


#2 Tiempo

Tiempo

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:34 PM

Posted 25 November 2013 - 11:19 AM

Hello John, please try this, it will create a shortcut to your system restore.

 

  1. Right-click the desktop
  2. Choose New-Shortcut
  3. For the location of the item, enter:
    %SYSTEMROOT%\System32\restore\rstrui.exe
  4. Click “Next”
  5. Enter a name for the shortcut
  6. Click “Finish” 

After that try to restore your PC. I hope this will help. Give us updates.



#3 jgo1247

jgo1247
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:34 PM

Posted 25 November 2013 - 09:26 PM

Gave it a try but no result. When I try to open the new shortcut icon a get a quick hourglass and then nothing.

 

I have also tried to download the Kaspersky AV trial version. It downloaded fine but it too won't run or update with latest definitions. All I get are error messages that Windows has encountered a problem and must shut down.

 

And now it stops me from posting to this forum. It prevents loading until it times out.


If I post right after a reboot sometimes it will go through before timeout.



#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,569 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:34 PM

Posted 25 November 2013 - 11:15 PM

Did you run RKill and immediately try MBAM... If you rebooted the machne you will need to run RKill again.

Please download Rkill by Grinler and save it to your desktop.
  • Link 1
  • Link 2
    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista, right-click on it and Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • If the tool does not run from any of the links provided, please let me know.
  • Do not reboot the computer, you will need to run the application again.
Now run MBAm, even if you cannot update it and post that log.
The log is automatically saved and can be viewed by clicking the Logs tab.
Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 jgo1247

jgo1247
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:34 PM

Posted 04 December 2013 - 02:13 PM

Thanksd for the advice but the Rootkit had encrypted my systems folder so I could dowmload files but not update them. And without the latest definition updates MBAM was useless. I took it to a professional and even he said it was a nasty one and took him longer to clean than usual. I should have seen it coming xooner as microsoft updates wouldn't load and then it failed to validate my Product key.  It would let me use FireFox and surf the Internet but that was about all. Finally,it stopped me from writing to thsi forum. That's why I didn't close the topic sooner.

 

It is fixed now but thanks for all the advice.


Edited by jgo1247, 04 December 2013 - 02:14 PM.


#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,569 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:34 PM

Posted 04 December 2013 - 11:54 PM

Thanks for the update.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users