Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pc On Strike After Getting Hit By Spyware


  • Please log in to reply
14 replies to this topic

#1 bobspicks

bobspicks

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:01:36 AM

Posted 02 November 2006 - 07:50 PM

After a sequence of events, my PC hits a system error when I try to reboot. Here are the events:
1. Got IE message box saying that an error occurred and the application will be terminated.
2. Shut down all applications after letting the OS shutdown all open IE applications.
3. Shutdown PC because it had been up for some time and then rebooted.
4. Norton Anti-Virus reported finding infected files (Downloader and Trojan.Besky come to mind, which Norton deleted) and a bubble was up stating that my PC was infected with spyware.
5. Messages starting popping up that appeared to be emails being sent via email proxy that were being blocked by Norton...I hope. Also, the tray started filling up with icons.
6. Clicked on the bubble stating my PC was infected by spyware and asking me to download the most recent software...this started Brave Sentry, which I let run.
7. Brave Sentry reported finding iSearch Toolbar, which was a serious infection.
8. Finally stopped Brave Sentry. When I clicked on Remove Infection, a window came up asking me to purchase a license. I did not purchase any and closed the window.
9. I powered down the PC, disconnected the Internet and rebooted.
10. The PC got as far as Starting Windows and then failed on a system error.

I've just now learned that Brave Sentry is malware and may be causing all of my problems. Have I irreparably harmed my PC or can I fix it?

The OS is WindowsXP.

Thanks.

Bob

BC AdBot (Login to Remove)

 


#2 TMacK

TMacK

  • Members
  • 4,672 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:B.C. Canada
  • Local time:12:36 AM

Posted 02 November 2006 - 11:43 PM

Hi bobspicks,
Follow These instructions on How to Remove Brave Sentry.
Chaos reigns within.
Reflect, repent, and reboot.
Order shall return.

aaaaaaaa a~Suzie Wagner

#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,136 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:36 AM

Posted 03 November 2006 - 07:08 AM

"What to Do When XP or 2000 Won't Boot"
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 bobspicks

bobspicks
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:01:36 AM

Posted 03 November 2006 - 04:31 PM

Thanks for the instructions. I saw them elsewhere, too, but I was unsure how to download the zip file when I can't start Windows and I get the Brave Sentry flood if I can.

Bob

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,136 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:36 AM

Posted 03 November 2006 - 04:50 PM

Download whatever files you need from another computer (family member, friend) with Internet access and and save to a USB stick or CD and then transfer them to your computer.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 bobspicks

bobspicks
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:01:36 AM

Posted 03 November 2006 - 10:29 PM

Tried restoring to Last Known Good Configuration and also running in Safe Mode, but each time I ended up with the same error:

C00021a
The Window Login Process system process terminated unexpectedly with a status of 0x80000007. The system has been restarted.

Any suggestions?

Bob

PS. I like my PC. I like my PC... :thumbsup:

#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,136 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:36 AM

Posted 04 November 2006 - 07:40 AM

Microsoft has some troubleshooting suggestions for "The Windows Logon Process system process terminated unexpectedly with a status of... in Article ID: 156669. Other information I have found regarding this error is that it means a possible hard drive or system failure is about to occur, a missing device driver dependency or faulty RAM.

Edited by quietman7, 04 November 2006 - 07:45 AM.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 bobspicks

bobspicks
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:01:36 AM

Posted 06 November 2006 - 03:11 PM

I found the article "The Ten Most Dangerous Things Users Do Online" very information. Unfortunately, I didn't see anything on troubleshooting the "Windows Logon Process". Would you be able to direct me to the right place?

Thanks.

Bob

#9 bobspicks

bobspicks
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:01:36 AM

Posted 09 November 2006 - 07:40 PM

Would you have time to just point me towards the place in the article that will help me troubleshoot the Windows logon problem?

#10 AlexLutor

AlexLutor

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:36 AM

Posted 14 November 2006 - 04:08 PM

I have the same problem on a friend's computer. I don't know anything about its history or the surfing habits of the user, but I am unable to even go into safe mode. I am starting to think of corrupt windows logon file, but before I reinstall the whole OS, it would help if someone else, including the person with the original problem, has an alternate solution. Greatly appreciated!

#11 funkyfreak

funkyfreak

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:36 AM

Posted 15 November 2006 - 11:23 AM

here ya go man!

http://support.microsoft.com/kb/156669/en-us

This might be of some help too! its how to do a system restore from the recovery console - (not for a bad typer lol) - if you read this on another PC (which is prob the case) you can create a batch file and make you typing easier.. read the whole artical and it should tell you how

http://support.microsoft.com/kb/307545

the logon issue is probably caused by the malware... you may be able to try plugging in the internet again and restarting ( leaves you open..but it might work if the malware can connect again)...just a thought.

Edited by funkyfreak, 15 November 2006 - 11:27 AM.


#12 bobspicks

bobspicks
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:01:36 AM

Posted 13 December 2006 - 09:08 PM

I finally got around to running a repair install on my PC that seems to have changed the system crash into a constant reboot - seconds after the Windows Start Up screen appears, the system automatically reboots.

I've currently got a second drive running as primary with Windows 2000 and was able to retrieve files.
Figuring that the rebooting might be caused by the malware, I ran the Brave Sentry removal tool from the Windows 2000 drive. Shortly after starting the tool, I got a Norton "Malicious Virus Warning" related to a module called GetPaths.vbs. I decided not to run the script, but was warned again about the same script except this time it was in the C:\WINNT\SYSTEM32 folder.

Should I let the script run or is this a real Norton message that should be heeded?

I should note that when I booted into Windows 2000 before running the tool, I was informed that the Norton Auto-Protect can't be enabled. Later still I was advised that Norton may be infected. Norton reported a clean system with no infections a day earlier.

This is so much fun...

Bob

#13 funkyfreak

funkyfreak

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:36 AM

Posted 14 December 2006 - 07:35 PM

Hey!

sounds like your in a reboot loop.. that may have just been caused by the repair you ran.
- try hitting f8 before the XP splash screen and choose** Disable automatic restart on system failure** if it is there.. that way you will be able to see the bluescreen instead of having it restart.

if you can't do that you can try booting to the XP cd and going into the recovery console (press R at the first screen, if you don't have an admin password then just hit enter)
-then type 'fixboot' hit enter
-type 'chkdsk /f' hit enter
-try to boot afterward.

as for the script.. found some info from google and that seems to be a safe script (norton false positive??).. it is used with smitfraud, so my guess would be that the Brave Sentry is using it too.

that might work. could be a tricky situation.
good luck!

Edited by funkyfreak, 14 December 2006 - 07:37 PM.


#14 bobspicks

bobspicks
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:01:36 AM

Posted 15 December 2006 - 02:50 PM

Thanks for the tip, funkyfreak.

I looked for the "Disable automatic restart on system failure" once before, but will check again. Alternatively, I'll try the "fixboot" procedure you suggested.

In regards to the script, I forgot to mention that it was the Smitfraud Fix removal tool that I was running when the warning about the script came up. I'll try that procedure again after doing a fixboot.

Bob

#15 bobspicks

bobspicks
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:01:36 AM

Posted 16 December 2006 - 03:40 PM

I tried the fixboot /r (/f was not available) and chkdsk features, but the result was the same - system kept rebooting.

I reinstalled Windows XP last night (with no reformat) and was finally able to get to the desktop. However, that's when wierd things started happening. I reinstalled Norton Anti-Virus and ran a LiveUpdate, but was later warned about an internal error. I uninstalled Norton and installed it again. Now when clicking on the icon, Norton briefly comes up and then disappears. I tried uninstalling it again using Add/Remove, but the control panel disappears when I click on Norton. Similar things happen with HijackThis (Windows Explorer closes when I click on the folder) and even Internet Explorer (either fails to come up or closes on its own).

All of my old files are still accessible, but under the old profile (a new one was created when I reinstalled Windows). All of the old program files are in the Program Files folder, but seemingly useless. Could it be that the registry settings were not changed when I reinstalled Windows? But how does that explain the Add/Remove control panel closing.

Do you have any suggestions?

Bob

PS. The Windows XP drive is primary and the Windows 2000 drive is connected to power, but not cabled.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users