Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Laptop with Windows 7 won't boot in safe mode


  • This topic is locked This topic is locked
2 replies to this topic

#1 Panderp

Panderp

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:17 PM

Posted 04 November 2016 - 10:55 AM

It'll get past  the windows logo then the screen will be black and you can move the mouse cursor around, same thing in safe mode after it gets past loading the applications. 

 

Last thing I've done with it was take the Hard Drive out and put it in a reader on my other computer, and scanned it with Malware bytes

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 11/4/2016
Scan Time: 1:49 AM
Logfile: 
Administrator: Yes
 
Version: 2.2.1.1043
Malware Database: v2016.11.04.03
Rootkit Database: v2016.10.31.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Zack
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 551888
Time Elapsed: 7 hr, 10 min, 3 sec
 
Memory: Disabled
Startup: Disabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 3
PUP.Optional.MindSpark, G:\Users\nora\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L5FS5H5U\KnowTheBible.003143c57997484caec2e9ce22f9e282.exe, Quarantined, [152e12aafaa0ef4730b61e7846be7987], 
PUP.Optional.MindSpark, G:\Users\nora\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PJST87KU\RadioRage.1b584886f58d4e1e88b98ad09930c9b4.exe, Quarantined, [e85bf3c9702aee489c4a04921ce8837d], 
PUP.Optional.MindSpark, G:\Users\nora\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZE958109\RadioRageSetup[1].exe, Quarantined, [ed56a418f5a52b0b1dc9d8be8c788080], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
This is what it came up with, also scanned it with AVG which came up with a bunch more stuff
 
"11/4/2016, 3:03:27 AM";"Potentially unwanted application Toolbar.MyWebSearch.DL.dropper, g:\Users\nora\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L5FS5H5U\KnowTheBible.003143c57997484caec2e9ce22f9e282.exe";"Resident Shield";""
 
"11/4/2016, 3:03:56 AM";"Potentially unwanted application Toolbar.MyWebSearch.DN, g:\Users\nora\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PJST87KU\RadioRage.1b584886f58d4e1e88b98ad09930c9b4.exe";"Resident Shield";""
 
"11/4/2016, 3:28:59 AM";"Virus identified Win32/Patched.JL, g:\Users\nora\AppData\LocalLow\eigqwza.dll";"Resident Shield";""
 
"11/4/2016, 4:09:39 AM";"Could be a Trojan horse JS/Exploit, g:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\16298298871993155107[1].htm";"Resident Shield";""
 
"11/4/2016, 4:16:44 AM";"Virus found XPL/Gen.CK.2869_1, g:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\main[1].htm";"Resident Shield";""
 
"11/4/2016, 4:16:44 AM";"Virus found XPL/Gen.CK.2869_1, g:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\main[2].htm";"Resident Shield";""
 
"11/4/2016, 4:16:45 AM";"Virus found XPL/Gen.CK.2869_1, g:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\main[4].htm";"Resident Shield";""
 
"11/4/2016, 4:16:45 AM";"Virus found XPL/Gen.CK.2869_1, g:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\main[5].htm";"Resident Shield";""
 
"11/4/2016, 4:16:45 AM";"Virus found XPL/Gen.CK.2869_1, g:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\main[6].htm";"Resident Shield";""
 
"11/4/2016, 4:16:45 AM";"Virus found XPL/Gen.CK.2869_1, g:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\main[7].htm";"Resident Shield";""
 
"11/4/2016, 4:16:45 AM";"Virus found XPL/Gen.CK.2869_1, g:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\main[8].htm";"Resident Shield";""
 
"11/4/2016, 4:16:45 AM";"Virus found XPL/Gen.CK.2869_1, g:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\main[9].htm";"Resident Shield";""
 
"11/4/2016, 4:45:55 AM";"Trojan horse Exploit.SWF_c.SN, g:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6896a114d0047db5679d5da0be7eb87d77ef59ed49ef942e7b74f60fb3df2ce3[1].swf";"Resident Shield";""
 
"11/4/2016, 4:46:29 AM";"Virus found JS/Agent, g:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0742880812090[1].htm";"Resident Shield";""
 
"11/4/2016, 4:52:40 AM";"Virus found JS/Agent, g:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\cd8e0a126d3c528fce042dfb7f0f725055a04712d171ad0f94f94d5173cd90d2[1].htm";"Resident Shield";""
 
"11/4/2016, 4:54:38 AM";"Could be a Trojan horse JS/Exploit, g:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\search1J0QXOND.htm";"Resident Shield";""
 
"11/4/2016, 5:14:22 AM";"Virus found XPL/Gen.CU.2921_1, g:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\remonstrating[1].htm";"Resident Shield";""
 
"11/4/2016, 5:16:10 AM";"Virus found JS/Agent, g:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9e675626486f3804603227533ab83b26f4a95a0c4f5eebbc00507558da27edc0[1].htm";"Resident Shield";""
 
"11/4/2016, 5:24:12 AM";"Could be a Trojan horse JS/Exploit, g:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5819dc1e0170d4efc21b7ba07568b4ee[1].htm";"Resident Shield";""
 
"11/4/2016, 5:26:24 AM";"Virus found XPL/Gen.CK.2869_1, g:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\shopping[3].htm";"Resident Shield";""
 
"11/4/2016, 5:31:42 AM";"Virus found XPL/Gen.CJ.2838_1, g:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ie8910[1].htm";"Resident Shield";""
 
"11/4/2016, 5:31:42 AM";"Virus found XPL/Gen.CJ.2838_1, g:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ie8910[2].htm";"Resident Shield";""
 
"11/4/2016, 5:32:12 AM";"Could be a Trojan horse JS/Exploit, g:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\apps[1].htm";"Resident Shield";""
 
"11/4/2016, 5:54:47 AM";"Could be a Trojan horse JS/Exploit, g:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\experts[1].htm";"Resident Shield";""
 
"11/4/2016, 5:54:47 AM";"Could be a Trojan horse JS/Exploit, g:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\experts[2].htm";"Resident Shield";""
 
"11/4/2016, 6:17:19 AM";"Could be a Trojan horse JS/Exploit, g:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1tkdbqx8vg[1].htm";"Resident Shield";""
 
"11/4/2016, 6:18:23 AM";"Could be a Trojan horse JS/Exploit, g:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\shopping[1].htm";"Resident Shield";""
 
"11/4/2016, 6:18:26 AM";"Virus found XPL/Gen.CK.2869_1, g:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\shopping[2].htm";"Resident Shield";""
 
"11/4/2016, 6:22:49 AM";"Virus found XPL/Gen.CG.1724_55, g:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2pc26ehfya[1].htm";"Resident Shield";""
 
"11/4/2016, 7:03:21 AM";"Could be a Trojan horse JS/Exploit, g:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\afd9e8e8e5281d82ea48cbc309aa627f[1].htm";"Resident Shield";""
 
"11/4/2016, 7:03:40 AM";"Could be a Trojan horse JS/Exploit, g:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\17dd138eb51be75fe75e433b1d372fcd[1].htm";"Resident Shield";""
 
"11/4/2016, 7:04:27 AM";"Virus found XPL/Gen.CK.2869_1, g:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\main0HW79RRA.htm";"Resident Shield";""
 
"11/4/2016, 7:08:05 AM";"Could be a Trojan horse JS/Exploit, g:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\43359028063454180314[1].htm";"Resident Shield";""
 
"11/4/2016, 7:10:11 AM";"Virus found XPL/Gen.CK.2869_1, g:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\mainAL3MGARO.htm";"Resident Shield";""
 
"11/4/2016, 7:10:21 AM";"Could be a Trojan horse JS/Exploit, g:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2C4IK3WO.htm";"Resident Shield";""
 
"11/4/2016, 7:22:00 AM";"Virus found XPL/Gen.CK.2869_1, g:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\mainYL00DNT4.htm";"Resident Shield";""
 
"11/4/2016, 7:26:44 AM";"Virus found XPL/Gen.CK.2869_1, g:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\mainFFOFMAC1.htm";"Resident Shield";""
 
"11/4/2016, 7:58:08 AM";"Could be a Trojan horse JS/Exploit, g:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\a8qt6khwk9[1].htm";"Resident Shield";""
 
 
That's about all scanning the Hard Drive gave me to work with, but the laptop still won't boot up after that. I can't run the recovery without it asking me for a password, which the my friend doesn't know because it was changed.
 
I found this topic and it helped to understand the situation a bit better, but I know some of the stuff is specifically for that persons computer.
 
Any help would be greatly appreciated :)
 
Thanks,
Zack
 
 


BC AdBot (Login to Remove)

 


#2 Panderp

Panderp
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:17 PM

Posted 04 November 2016 - 11:44 AM

Can close the topic, I've managed to figure out the issue, and resolved it



#3 Jo*

Jo*

  • Malware Response Team
  • 3,417 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:17 AM

Posted 04 November 2016 - 11:55 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users