Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win Defender - Spyware? - Crashing And Log-in Problems


  • Please log in to reply
9 replies to this topic

#1 seaer

seaer

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:17 PM

Posted 17 May 2006 - 01:16 PM

Windows XP problem possibly involving Windows Defender or spyware.


A few days ago, I started getting errors on my laptop. Windows XP would give me an error prompt stating that Windows Explorer had unexpectedly encountered a problem and had to quit. I didn't seem to lose any data, but it would happen repeatedly, continually re-starting Windows, even though I could run other programs, (and sometimes correlated with a specific action, like if I tried to open Control Panels.) I re-booted and the problem went away. Then last night, the problem came back again.

Each time it restarts, I lose some windows information--like the formatting of my menubar, whether my quick launch items are displayed and their order, and the recent applications in my Start Menu.

I guessed it had to do with Windows Defender, as these problems came up when I switched to that. (The program itself also seemed to be wonky and couldn't get any updates.) After a few hours of wrangling around and waiting for Norton's Antivirus to do its thing, I uninstalled Windows Defender. I re-installed AdAware (it hasn't been able to get updates for the last week or two) and installed Spyware Blaster and Edwido Anti-Trojan. I ran all three, with up-to-date definitions. Edwido claimed to have found 248 bad files and AdAware found about three. But then they said everything was cleaned up. My computer seemed to be working fine. I wrote some emails, etc. I also downloaded Spybot Search and Destroy, which required me to restart.

When I restarted, my computer brought me to the log-in prompt and said that the information I'd entered was incorrect. But the problem is that I don't have information--it might have my name, but then I hit return. There's no password. So what should I do now?

I'm running Windows XP. I think I'm up-to-date with all the updates, except for uninstalling windows defender. I also run norton's antivirus pretty regularly and use ZoneAlarm. So, although this obviously sounds like a spyware problem, I think I'm usually pretty conscientious about checking for that. It could be that I hadn't run AdAware for the last two weeks because of that update problem. I do download files or use bittorent/limewire, but not that frequently: I usually just use my computer for word processing, Internet, and email. Also, I had a spyware/virus problem about a year ago, but completely formatted my hard drive then.

BC AdBot (Login to Remove)

 


#2 Albert Frankenstein

Albert Frankenstein

  • Members
  • 2,707 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Michigan, USA
  • Local time:04:17 PM

Posted 17 May 2006 - 01:48 PM

I do download files or use bittorent/limewire, but not that frequently

I am 99% sure that is the problem, or least the cause of the problem. P2P sites are close to the number one reason why the average user's computer gets infected.

I would boot into safe mode:
  • Restart your computer
  • Repeatedly hit the F8 key while your computer is starting
  • Choose Safe Mode when prompted
and uninstall limewire by going to:
Start > Control Panel > Add/Remove Programs.

Then run SpyBot and Adaware while still in safe mode. See if they find anything. Ewido too, while you are at it.

Safe mode often works better than real mode, because in safe mode hopefully none of the malicious software on your computer will be running. It is easier to remove it then.

My guess is your computer is heavily infected. After running the programs you already have installed, I recommend the following:

For help with removing your infection I would like to refer you to the HiJack This (HJT) forum here at BleepingComputer.com:

First: Read the Preparation Guide found HERE. It is very important that you follow ALL of the instructions found within. (There are many important steps in this guide that may clean your computer.)

Second: Post your system information along with a brief description of the problems you are having, and your HJT log in the HJT forum found HERE.

NOTE: Please, after you post your HJT log DO NOT make another post in the HJT forum until it has been responded to by a member of the HJT Team. The first thing they look for, when looking for logs to reply to, is 0 replies. If you make another post there will be 1 reply. The team member glancing over the replies might think someone is already helping you out and will not respond. So, just make your post and let it sit there until a team member responds. The volunteers who work that forum are very busy, so please be patient and wait. It can sometimes take a few days for a response. If after 5 days you still have gotten no response, then post a link to your HJT log HERE.

Third: If, after finishing your work with the folks at the HJT forum you have issues with Windows related to the removal of the infection, then come to the other forums and let us help you get your computer back to normal.

You are in good hands! Good luck!
ALBERT FRANKENSTEIN
I'M SO SMART IT'S SCARY!


Currently home chillin' with the fam and my two dogs!


#3 seaer

seaer
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:17 PM

Posted 17 May 2006 - 02:01 PM

Thanks! I think you're right that it's spyware. However, my problem now is that I can't even get into my computer because of the log-in issue. The log-in prompt pops up whether I'm in safe mode or in regular mode. Is there a way to get around it? Usually it has my name there already and I just hit return. That doesn't work here.

#4 ThorXP

ThorXP

  • Banned
  • 880 posts
  • OFFLINE
  •  
  • Local time:04:17 PM

Posted 17 May 2006 - 02:10 PM

On logging into your computer you need to go to Safe Mode so during boot up you need to tap the F8 key and when you get the black screen use the arrow keys to move to Safe Mode.

When in Safe Mode Go to Control Panel and then User Accounts. On this screen there should be a selection called Change the way users log in.

Click on this selection.

The next screen take the tick mark out of the top selection for using the Welcome Screen.

Click Ok or Apply and exit out and reboot into windows normally.

Hope fully this should get you back into Windows.

#5 seaer

seaer
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:17 PM

Posted 17 May 2006 - 02:11 PM

Hey. Thanks again. I'll definitely use this when I get to safe mode. My problem is that I can't get to safe mode because of this log-in problem.

#6 Albert Frankenstein

Albert Frankenstein

  • Members
  • 2,707 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Michigan, USA
  • Local time:04:17 PM

Posted 17 May 2006 - 02:15 PM

You must tap the F8 key during boot up. Hit it once a second until you see the boot up options screen. Choose safe mode.

If you can get into safe mode, you can create a new account, and then log into the new account, assuming the old one is corrupt. How you do this is go do:

Start > Control Panel > User Accounts > Create a new account

If you can't get into safe mode, is there data on this computer that you would like to save?
ALBERT FRANKENSTEIN
I'M SO SMART IT'S SCARY!


Currently home chillin' with the fam and my two dogs!


#7 seaer

seaer
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:17 PM

Posted 17 May 2006 - 02:20 PM

Yikes! Is it that bad?

I'll try it again tonight. What I did this morning was hit F8 to get into safe mode. While this had worked last night, this time, it gave me a user log-in prompt, which was strange, because I don't have a password and usually just hit return. I tried that this time, after putting my name in, but it said I didn't enter in the right password. So, even in safe mode, I couldn't get in. Does this mean it's time to see if some computer tech support company can save my data?

#8 Albert Frankenstein

Albert Frankenstein

  • Members
  • 2,707 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Michigan, USA
  • Local time:04:17 PM

Posted 17 May 2006 - 02:33 PM

I just want to speak to getting the data off of the hard drive. You could always remove the hard drive and install it in another computer as a 'slave' drive. The working computer should still boot up from the 'good' Master hard drive, and then you will be able to navigate (Start > My Computer) to the slave drive and recover your data. More info on how to install a second drive can be found HERE.

But of course, if you need help with this or any other procedure you can just ask for help here and we can explain it in more detail or refer to somewhere on the web where it will be explained more fully.
ALBERT FRANKENSTEIN
I'M SO SMART IT'S SCARY!


Currently home chillin' with the fam and my two dogs!


#9 seaer

seaer
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:17 PM

Posted 17 May 2006 - 02:45 PM

Thanks. That's a good idea. My only problem is that I don't have a desktop and my friends all my laptops. But that's encouraging--at least I'll have my data.

Well, as for the safe mode log-in problem, do you guys think there's a way around that? It seems like once I log-in in safe mode, I'll be able to run all those anti-spyware utilities...

Again, thanks for all your help. You guys have been really thoughtful and responsive.

#10 Albert Frankenstein

Albert Frankenstein

  • Members
  • 2,707 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Michigan, USA
  • Local time:04:17 PM

Posted 17 May 2006 - 03:10 PM

Another idea is to run System Restore at the command prompt.

Often computers that won't boot into real or safe modes will boot into safe mode with a command prompt. If yours will:

Type the following command at a command prompt, and then press ENTER:

%systemroot%\system32\restore\rstrui.exe

Follow the instructions that appear on the screen to restore your computer to an earlier state.

More info can be found HERE.
ALBERT FRANKENSTEIN
I'M SO SMART IT'S SCARY!


Currently home chillin' with the fam and my two dogs!





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users