Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Antivirus Security Pro


  • Please log in to reply
8 replies to this topic

#1 JohnBoi

JohnBoi

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:07:11 AM

Posted 06 January 2014 - 07:02 PM

I am working a computer for a friend. I have tried to do everything known to man to get this thing cleaned up.

 

The problem I am having is trying to get it to boot-up in "Safe Mode with Networking". I have do so on other computers many times and then doing Malwarbytes Anti-Malware from there.

 

It seems as though this virus automatically kick you out of safe mode as soon as it logs in.

 

Any help with this will be greatly appreciated, 

 

Thank

 

 

John



BC AdBot (Login to Remove)

 


#2 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:11 AM

Posted 07 January 2014 - 03:01 AM

Can you boot the machine into the recovery console.

 

 

 

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.


To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.


On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

 

Choose Command prompt.

 

Type the following hitting enter after each.

 

net user test /add
net localgroup administrators test /add

shutdown -r

 

Now see if you can boot the machine into the new account.

 

From the new account.....

 


Update and do a quick scan with Malwarebytes remove all that it finds and reboot.
http://www.malwarebytes.org/mbam/program/mbam-setup.exe

Post the log here,

 

 

Download, & save & then run the MS Safety scanner
Run a Full Scan
http://www.microsoft.com/security/scanner/en-us/default.aspx
Post. the result.

The safety scanner log should be called msert.txt
It should be located in the same folder as where you had msert.exe
If not there, then look for it under c:\windows

 

 

 

____________________________________________-

 

Run a scan with Eset. You will need to disable your antivirus during this scan.
http://www.eset.com/us/online-scanner/
Make sure remove found threats and scan archives is checked.
When the scan finish list found threats save to clipboard copy to notepad Post the log here.


Tell me how the machine is running now.

 

 

 

  • Please download Adware cleaner from the link below.
  • http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner
  • Save it to your desktop.
  • Right click run as admin.
  • Hit the scan button.
  • Allow completion.
  • Make sure all items are ticked.
  • Hit the clean button.
  • Even if no items are displayed to be ticked hit the clean button anyway.
  • The machine will reboot this is normal.
  • Post the log in your next reply.

 

Please download JRT from here & double click to start the program.

  1. Hit any key when prompted and allow it to run through it's process.

    H2HaYv4.png
  2. Post the log when it's finished.


#3 JohnBoi

JohnBoi
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:07:11 AM

Posted 08 January 2014 - 12:57 AM

InadequateInfirmity

 

First off, thank you for such a quick response..

 

I was able start off just as you said going all the way to "prompt". I was able to add a user and I was able to add that user to the localgroup administrators. However, it would not let me shutdown -r. I am assuming that you basiclly wanted me to restart the computer. I did restart by clicking on restart. When it booted back up, it would not let me choose an account. It would always boot up on the "Owner" account. I tried switching accounts but there was not other account to switch over too.

 

Once again thank you

 

 



#4 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:11 AM

Posted 08 January 2014 - 04:23 AM

Can you make the new account from just safemode with command prompt?

 

Are you able to do anything from within the regular account at all?

 

If so is malwarebytes installed on the machine and have you attempted to launch chameleon?

 

Hit the start button computer local disk c: Program files or program files (86) if 64 bit machine go to malwarebytes folder then sub folder named chameleon attempt to start one of those .exe or .scr  or chm .or .com files,this will launch malwarebytes in a cloaked form.



#5 JohnBoi

JohnBoi
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:07:11 AM

Posted 08 January 2014 - 07:25 PM

I can do nothing in the regular account. Nothing at all. Anything I try to open just send me a virus notification.

#6 JohnBoi

JohnBoi
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:07:11 AM

Posted 08 January 2014 - 07:28 PM

This is not my computer, there is no malware bytes on this computer. I tried to connect it to my network and run it off of my other computer but it keeps asking me for a password to access the network. There is no password

#7 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:11 AM

Posted 09 January 2014 - 02:41 AM

Alright lets get you some different help please start by reading this.

http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/

 

Then start a new thread here.

http://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-logs/

 

Since you are unable to run anything you might try FRST from a usb good luck.



#8 JohnBoi

JohnBoi
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:07:11 AM

Posted 10 January 2014 - 08:32 PM

I have tried everything. Anything I try to run just tells me that there is a virus associated with that program. I just wish there was a way to get it to boot up in safe mode, then I could download the thing from there. So are you saying there is nothing else to do??



#9 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:11 AM

Posted 10 January 2014 - 08:40 PM

You try entering the activation code offered here but you do so at your own risk,.

http://malwaretips.com/blogs/antivirus-security-pro-2014-removal/

 

 

or you start a new thread plead your case and one of the malware guys will guide you on what to do.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users