More system security

View previous topic View next topic Go down

More system security

Post by bobsmith4812 on 2nd July 2009, 8:42 pm

My situation is similar to some of the others, but I can't start in safe mode, can't run hijack this (even when renamed), can't open task manager. Any other options? Thank you.

bobsmith4812
Novice
Novice

Posts Posts : 7
Joined Joined : 2009-07-02
OS OS : XP
Points Points : 27189
# Likes # Likes : 0

View user profile

Back to top Go down

Re: More system security

Post by Belahzur on 2nd July 2009, 9:00 pm

Hello.

Can you do the following in Safe Mode with Networking, as the computer is booting press and hold your "F8 Key" which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Networking" and press your Enter key.

Note: With some computers if you press and hold a key as the computer is booting you will get a stuck key message. If this occurs, instead of pressing and holding the "F8 key", tap the "F8 key" continuously until you get the startup menu.) Once in the start up menu, select "Safe Mode with Networking", then do the following instructions:

Please download the current version of HijackThis from [You must be registered and logged in to see this link.]

  • Double click and run the installer.
  • It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  • After installing, you should get the user agreement, press accept and Hijack This will run.
  • Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: More system security

Post by bobsmith4812 on 2nd July 2009, 9:02 pm

When I try to start in safe mode, I get that blue screen that tells me to restart. I can't actually get it to load in safe mode or safe mode with networking.

bobsmith4812
Novice
Novice

Posts Posts : 7
Joined Joined : 2009-07-02
OS OS : XP
Points Points : 27189
# Likes # Likes : 0

View user profile

Back to top Go down

Re: More system security

Post by Belahzur on 2nd July 2009, 9:03 pm

Hello.

Please download Ice Sword from [You must be registered and logged in to see this link.]

  1. Download the zip to your desktop and extract it.
  2. Open the Ice Sword folder and then launch IceSword.exe.
  3. Will IceSword open?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: More system security

Post by bobsmith4812 on 2nd July 2009, 9:05 pm

No, I can't get Ice Sword to open. Tried renaming it, but I still can't get it to open.

bobsmith4812
Novice
Novice

Posts Posts : 7
Joined Joined : 2009-07-02
OS OS : XP
Points Points : 27189
# Likes # Likes : 0

View user profile

Back to top Go down

Re: More system security

Post by Belahzur on 2nd July 2009, 9:06 pm

It has to be renamed to a system filename, rename it to winlogon and see if it will run.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: More system security

Post by bobsmith4812 on 2nd July 2009, 9:08 pm

No, I can't extract the files or open anything.

bobsmith4812
Novice
Novice

Posts Posts : 7
Joined Joined : 2009-07-02
OS OS : XP
Points Points : 27189
# Likes # Likes : 0

View user profile

Back to top Go down

Re: More system security

Post by Belahzur on 3rd July 2009, 12:23 am

Hello.
So you can't extract? then you'll need this renamed version I've uploaded.

[You must be registered and logged in to see this link.]


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: More system security

Post by bobsmith4812 on 3rd July 2009, 12:39 am

That worked, thanks. I'm able to open it now, where do I go from there?

bobsmith4812
Novice
Novice

Posts Posts : 7
Joined Joined : 2009-07-02
OS OS : XP
Points Points : 27189
# Likes # Likes : 0

View user profile

Back to top Go down

Re: More system security

Post by Belahzur on 3rd July 2009, 1:08 am

[*] Then look in the left hand bottom of the program and press "Registry"
[*] When the registry list opens, drag the line between the two windows so you can see which registry hive you need.
[*] Next, open the HKEY_LOCAL_MACHINE, and navigate to the following key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

[*] Now look in the right side pane for one or two run values that are just random numbers.
[*] The malicious run values will also point at something like this:

C:\Documents and settings\USERNAME\Application Data\43546\43546.exe

[*] Once you have found the value(s), right click it and press "Delete"
[*] Okay the prompt and close IceSword.
[/LIST]
Then reboot.

Tools should now work, so download Hijack This via my above instructions.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: More system security

Post by bobsmith4812 on 3rd July 2009, 2:09 am

-


Last edited by bobsmith4812 on 3rd July 2009, 12:21 pm; edited 1 time in total

bobsmith4812
Novice
Novice

Posts Posts : 7
Joined Joined : 2009-07-02
OS OS : XP
Points Points : 27189
# Likes # Likes : 0

View user profile

Back to top Go down

Re: More system security

Post by Origin on 3rd July 2009, 5:26 am

I'm afraid I have bad news.

Your system is infected with a polymorphic file infector called Virut. Virut is capable of infecting all the machine's executable files (.exe) and screensaver files (.scr). However, the problem is that the virus has a number of bugs in its code, and as a result, it may misinfect a proportion of executable files and therefore, the files are corrupted beyond repair. As of now, security experts suggest that a format and clean install, or destructive recovery if you have an OEM recovery partition, is the best way to clean the infection and it is the best and safest way to return the machine to its normal working state.

Backup all your documents and important items (personal data, work documents, etc) only. DO NOT backup any executable files (softwares) and screensavers (*.scr). It attempts to infect any accessed .exe or .scr files by appending itself to the executable.

Also, avoid backing up compressed files (zip/cab/rar) files that have .exe or .scr files inside them. Virut can penetrate and infect .exe files inside compressed files too.

Recent variants also modify htm, html, asp and php files.

Do not back up to another machine, as it may become compromised. Burn to DVD/CD, or to an external drive which has nothing else on it, and which you can format should it happen to become infected from the backups.


For more information, please see [You must be registered and logged in to see this link.]

Instructions how to format and reinstall Windows can be found [You must be registered and logged in to see this link.]


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31523
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum