System Security 09. I can't remove because I can't execute anything.

View previous topic View next topic Go down

System Security 09. I can't remove because I can't execute anything.

Post by space2 on 30th June 2009, 11:34 pm

Hi, I have a laptop with this virus. I have browsed through the threads with this issue and tried the recommendations, however nothing works because I can't execute the programs. I downloaded Ice Sword and was unable to execute it. I then re-named it to winlogon.exe but it did not work. I also downloaded the HiJack software and was unable to execute it. I also renamed it with no success. I also downloaded MGTOOLS but was unable to execute. Everything else is locked up. Except I can get on-line. I can't use taskmgr or access the computer through safe mode. I am so frustrated. I have never dealt with something this difficult to remove. My last resort is to clean up the laptop but I am hoping that I won't have to go that far. This virus seems to spread each time I reboot. Any help would be very appreciated. Thank you.

space2
Novice
Novice

Posts Posts : 8
Joined Joined : 2009-06-30
OS OS : XP
Points Points : 27190
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security 09. I can't remove because I can't execute anything.

Post by Belahzur on 30th June 2009, 11:36 pm

Hello.
Even though MGTools.exe won't run fully, it still drops it's load.

Is this folder present?
C:\MGTools


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: System Security 09. I can't remove because I can't execute anything.

Post by space2 on 30th June 2009, 11:37 pm

I tried to execute the program but it did not. Therefore, it did not create a folder.

space2
Novice
Novice

Posts Posts : 8
Joined Joined : 2009-06-30
OS OS : XP
Points Points : 27190
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security 09. I can't remove because I can't execute anything.

Post by space2 on 30th June 2009, 11:38 pm

The MGTOOLS.exe file is there but there is no folder. I don't mean to sound redudant.

space2
Novice
Novice

Posts Posts : 8
Joined Joined : 2009-06-30
OS OS : XP
Points Points : 27190
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security 09. I can't remove because I can't execute anything.

Post by Belahzur on 30th June 2009, 11:40 pm


  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Double click DDS.scr to run.
  • When complete, two logs will open. Save both of the report to your Desktop.
  • Copy and paste DDS.txt back here, I don't need to see attach.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: System Security 09. I can't remove because I can't execute anything.

Post by space2 on 30th June 2009, 11:44 pm

I double clicked the link 1 to run DDS.scr. It looked like it was going to begin to run. However, nothing happened.

space2
Novice
Novice

Posts Posts : 8
Joined Joined : 2009-06-30
OS OS : XP
Points Points : 27190
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security 09. I can't remove because I can't execute anything.

Post by Belahzur on 30th June 2009, 11:46 pm

Can you do the following in Safe Mode with Networking, as the computer is booting press and hold your "F8 Key" which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Networking" and press your Enter key.

Note: With some computers if you press and hold a key as the computer is booting you will get a stuck key message. If this occurs, instead of pressing and holding the "F8 key", tap the "F8 key" continuously until you get the startup menu.) Once in the start up menu, select "Safe Mode with Networking", then do the following instructions:

Please download the current version of HijackThis from [You must be registered and logged in to see this link.]

  • Double click and run the installer.
  • It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  • After installing, you should get the user agreement, press accept and Hijack This will run.
  • Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: System Security 09. I can't remove because I can't execute anything.

Post by space2 on 30th June 2009, 11:57 pm

I rebooted the computer and pressed F8 to start it in Safe Mode Networking. I got a blue screen with the following message. "A problem has been detected and windows has been shut down to prevent damage to your computer. If this is the first time you've seen this stop error screen, restart your computer. If this screen appears again, follow these steps: Check for viruses on your computer. Remove any newly installed hard drives or hard drive controllers. Check your hard drive to make sure it is properly configured and terminated. Run CHDSK /F to check for hard drive corruption, and then restart your computer. Technical information: Stop: 0x0000007B.

space2
Novice
Novice

Posts Posts : 8
Joined Joined : 2009-06-30
OS OS : XP
Points Points : 27190
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security 09. I can't remove because I can't execute anything.

Post by Belahzur on 1st July 2009, 12:01 am

Can you download the Hijack This installer, but before trying to run it, rename it to winlogon.exe.

To rename: Right click the file > Rename.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: System Security 09. I can't remove because I can't execute anything.

Post by space2 on 1st July 2009, 12:01 am

I tried that and it did not work.

space2
Novice
Novice

Posts Posts : 8
Joined Joined : 2009-06-30
OS OS : XP
Points Points : 27190
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security 09. I can't remove because I can't execute anything.

Post by space2 on 1st July 2009, 12:24 am

Now I can't even get into the windows XP gui. When I restart I get a ton of bad image error messages. I have to press "ok" to get through them. I am getting a blue screen that reads. " A problem has been detected and windows has been shut down to prevent damage to your computer. DRIVER_IRQL_NOT_LESS_OR_EQUAL" The message continues.
At the bottom it says, "Beginning dump of physical memory
Physical memory dump complete."

Do you happen to know if this is a message from the virus or the OS?

Is the computer too infected to fix? Nothing seems to work. From looking at other threads, everyone can at least send you their files through HiJack This or another software.

I feel so frustrated. I have been working on this for two days. I have to go home (I am at work.) Tomorrow I will clean it up - I think.

Thank you so much for your help.

space2
Novice
Novice

Posts Posts : 8
Joined Joined : 2009-06-30
OS OS : XP
Points Points : 27190
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security 09. I can't remove because I can't execute anything.

Post by Belahzur on 1st July 2009, 2:54 pm

If the machine cannot boot anymore, we may need to use a rescue disk. Smile

Please download this file: [You must be registered and logged in to see this link.]

  1. Insert a black CD into your CD draw.
  2. Double click the rescuecd.exe file on your Desktop.
  3. Hit the "Burn CD" button and allow it to burn, it shouldn't take too long.
  4. Next, reboot your computer, keep the CD inside the draw.
  5. Your computer should boot from the CD and boot to the Avira rescue disc.
  6. Next, see this guide here: [You must be registered and logged in to see this link.]


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: System Security 09. I can't remove because I can't execute anything.

Post by ytap2000 on 1st July 2009, 9:21 pm

Hi I am helping a family member with this virus. (System Security 2009). Here are the symptoms:

- Not able to start in safe mode (boot.ini file corrupt)
- Not able to execute any files (Sophos Rootkit, Anti-malwarebytes, CA Anti-virus, Combo Fix.) Even after naming files with .com, .pif, .scr.
- Not able to delete files associated with System Security
- Cannot acces regedit, msconfig, task manager, or command prompt

Also tried bootable Avira cd as stated above and still no success.

Any advice?

(I cannot run Hijack This or anything else so I know I am very limited)

Oh and I tried running Malwarebytes from a batch file.


Last edited by ytap2000 on 1st July 2009, 9:32 pm; edited 1 time in total (Reason for editing : add info)

ytap2000
Beginner
Beginner

Posts Posts : 1
Joined Joined : 2009-07-01
OS OS : XP Pro
Points Points : 27171
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security 09. I can't remove because I can't execute anything.

Post by Origin on 1st July 2009, 10:40 pm

Hello ytap2000, please refrain from posting in members topics and start your own.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31503
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security 09. I can't remove because I can't execute anything.

Post by space2 on 1st July 2009, 10:59 pm

Hi,

Thank you for the info re: the boot disk. I went ahead and wiped the computer clean and reinstalled the OS. After that I immediately installed an anti-virus software and ran it. After everything looked cleaned I then re-installed the Ofc suite, etc. This virus seems to spread. Everytime I booted I would see a new sympton. My advice is if you see it, immediately follow the removal instructions. DON'T WAIT!

My problem was that I did not realize what type of virus I had. I didn't know that the softare was malicious (even though it was someone else's computer.) I did the regular checks and booted the computer a few times. By that point, all of my executables were sabotaged and all of the data was compromised - I had no control over anything. Yesterday when I plugged my NIC cable (and had internet access) I heard something on the audio device. It was like commercials and elevator music. It was just bizarre.

I am so glad I came across this site. Again, thank you for your help.

space2
Novice
Novice

Posts Posts : 8
Joined Joined : 2009-06-30
OS OS : XP
Points Points : 27190
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum