Re: Got virus - now have to boot up twice (after off/on)
- From: "PA Bear [MS MVP]" <PABearMVP@xxxxxxxxx>
- Date: Tue, 11 Aug 2009 18:11:49 -0400
There is a very good chance that you are seeing the effects of a hijackware infection!
NB: If you had no anti-virus application installed or the subscription had expired *when the machine first got infected* and/or your subscription has since expired and/or the machine's not been kept fully-patched at Windows Update, don't waste your time with any of the below: Format & reinstall Windows. A Repair Install will NOT help!
1. See if you can download/run the MSRT manually: http://www.microsoft.com/security/malwareremove/default.mspx
NB: Run the FULL scan, not the QUICK scan! You may need to download the MSRT on a non-infected machine, then transfer MRT.EXE to the infected machine and rename it to SCAN.EXE before running it.
2. [WinXP ONLY!! =>] Run the Windows Live Safety Center's 'Protection' scan (only!) in Safe Mode with Networking, if need be: http://onecare.live.com/site/en-us/center/howsafe.htm
3. Run a /thorough/ check for hijackware, including posting the requested logs in an appropriate forum, not here.
Checking for/Help with Hijackware
http://aumha.net/viewtopic.php?f=30&t=4075
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/data/prevention.htm
http://inetexplorer.mvps.org/tshoot.html
http://www.mvps.org/sramesh2k/Malware_Defence.htm
http://www.elephantboycomputers.com/page2.html#Removing_Malware
**Chances are you will need to seek expert assistance in http://spywarehammer.com/simplemachinesforum/index.php?board=10.0, http://www.spywarewarrior.com/viewforum.php?f=5, http://www.dslreports.com/forum/cleanup, http://www.bluetack.co.uk/forums/index.php, http://aumha.net/viewforum.php?f=30 or other appropriate forums as well.**
If these procedures look too complex - and there is no shame in admitting this isn't your cup of tea - take the machine to a local, reputable and independent (i.e., not BigBoxStoreUSA) computer repair shop.
--
~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Client - since 2002
www.banthecheck.com
Robert wrote:
(I re-posted this here as someone in the Help & Support group suggested it.)
I have Windows XP Media Center Edition 2005, Update Rollup 2 (and all the
more recent Windows updates.)
When I turn on the computer it gets to the XP screen then freezes. I
have to turn the computer on/off. The next round I get the option to go to
safe mode, normal, or last known good configuration. Selecting last known
works, and I discovered that selecting normal also works. When I shut down
the computer I go through that again on boot-up - again I have to power
on/off and then select last good or normal.
Yesterday I got the NASTY virus that I think a lot of people got in
April or July (?). I downloaded ComboFix to fix it, which it mostly did -
this bootup problem is left. The symptoms of the virus were it replaced my
desktop background with a message in the middle saying I was infected and to
download something to fix it, my homepage was replaced with a message that
my current security settings restricted the site (the correct URL was
shown, and other pages worked), and a fake anti-virus program called
MSA.exe was running.) It also disabled opening the task manager and regedit.
What I've done:
sfc /scannow completed successfully (w/error for the 5 or so know files
in the MS knowledgebase that aren't needed for Media Center, and errors for
missing Windows Media Player files - I hadn't reinstalled the player which I
uninstalled recently for a different reason - these files are listed in the
event viewer). There were, however, a couple of windows icons named file
protection... at the bottom of the screen I couldn't maximize/open, and
there was the hourglass cursor while at the bottom of the screen. I had to
ctr-alt-del then stop explorer.exe and then start explorer again. That
cleared it up. I have also ran AVG (which was installed and running at the
time of the infection - so I replaced that with Antivir - which found many
viruses (mostly webpage gen something) and a couple trojans than AVG missed.
Additional bootup symptoms:
I tried Safe Mode, and I get a loop where it gets back to the same
bootup selection window again (safe mode, norma. last know good). I don't
know if that's what this computer did before the current problem.)
Combofix had me install the windows recovery console. The bootup goes
through that so fast I don't know if I could select it. Also, I'm getting
the XP bootup screen, not the XP Media Center bootup screen (when you get to
loading with the bar moving back and forth. Media Center is loading,
however, and TV plays fine. I see something about Media Center (black/white
text at that bootup point) and then more text and then the three options
(safe, normal, last known). Combofix had me install the Recovery Console.
That shows up first, but it goes past it quickly - I don't know if there
would be time to select it if needed. On a different computer the Recovery
Console was on there was a 5 or so second delay.
.
- Follow-Ups:
- References:
- Got virus - now have to boot up twice (after off/on)
- From: Robert
- Got virus - now have to boot up twice (after off/on)
- Prev by Date: Re: windows explorer error
- Next by Date: Re: BSOD on startup from S3 standby
- Previous by thread: Got virus - now have to boot up twice (after off/on)
- Next by thread: Re: Got virus - now have to boot up twice (after off/on)
- Index(es):
Relevant Pages
|
Loading
