Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus - did system restore, only boots safe mode with known config (f8)


  • This topic is locked This topic is locked
2 replies to this topic

#1 krckrc

krckrc

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:09:57 AM

Posted 21 March 2016 - 12:03 AM

Not sure what happened as I was not using the machine.  basically a hijack for fee virus was installed taking over all browsers and blocking virus network updates, etc...

Could not get MB to run, etc...

 

I was finally able to startup in repair mode and from a previous safe mode boot get FRST64 logs for Vista Home Premium.  Also ran malware via chameleon 

 

Addition.TXT file attached.  

FRST.txt is attached.

 

Not sure if these attention notes are part of the issue or not.

 

GroupPolicyUsers\S-1-5-21-2323574943-188284276-975551326-1003\User: Restriction <======= ATTENTION

GroupPolicyUsers\S-1-5-21-2323574943-188284276-975551326-1002\User: Restriction <======= ATTENTION
GroupPolicyUsers\S-1-5-21-2323574943-188284276-975551326-1001\User: Restriction <======= ATTENTION
 

System boots slow in safe + networking mode.  Normal mode boot just causes it to cycle into another reboot again, never getting into a logon screen.  

 

Ideas? 

 

Thanks...

Attached Files


Edited by Queen-Evie, 21 March 2016 - 09:38 AM.
moved from Vista to Malware Removal Logs. FRST logs are allowed only in MRL forum


BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:11:57 AM

Posted 21 March 2016 - 04:42 PM

Hello
  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.
  • Finally, please reply using the Post button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  • I will be analyzing your log. I will get back to you with instructions.
Please do the following in Safemode with networking.

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.




Can you boot into normal mode now?

Edited by fireman4it, 21 March 2016 - 04:43 PM.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:11:57 AM

Posted 25 March 2016 - 09:32 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users