Re: Got virus - now have to boot up twice (after off/on)

No Malwarebytes will not fix that. What is shown in your boot.ini lines

--
Peter

Please Reply to Newsgroup for the benefit of others
Requests for assistance by email can not and will not be acknowledged.

"Robert" <Robert@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:690E9B03-7A21-4D1E-A858-7FC136A5ACC6@xxxxxxxxxxxxxxxx
"smlunatick" wrote:

On Aug 11, 8:19 pm, Robert <Rob...@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
> (I re-posted this here as someone in the Media Center Edition said it
> shouldn't go there, but in a general XP group. I have Windows XP Media
> Center Edition 2005, Update Rollup 2 (and all the more recent Windows
> updates.)
>
> When I turn on the computer it gets to the XP screen then freezes. I
> have to turn the computer on/off. The next round I get the option to go to
> safe mode, normal, or last known good configuration. Selecting last known
> works, and I discovered that selecting normal also works. When I shut down
> the computer I go through that again on boot-up - again I have to power
> on/off and then select last good or normal.
>
> Yesterday I got the NASTY virus that I think a lot of people got in
> April or July (?). I downloaded ComboFix to fix it, which it mostly did -
> this bootup problem is left. The symptoms of the virus were it replaced my
> desktop background with a message in the middle saying I was infected and to
> download something to fix it, my homepage was replaced with a message that my
> current security settings restricted the site (the correct URL was shown, and
> other pages worked), and a fake anti-virus program called MSA.exe was
> running.) It also disabled opening the task manager and regedit.
>
> What I've done:
> sfc /scannow completed successfully (w/error for the 5 or so know files
> in the MS knowledgebase that aren't needed for Media Center, and errors for
> missing Windows Media Player files - I hadn't reinstalled the player which I
> uninstalled recently for a different reason - these files are listed in the
> event viewer). There were, however, a couple of windows icons named file
> protection... at the bottom of the screen I couldn't maximize/open, and there
> was the hourglass cursor while at the bottom of the screen. I had to
> ctr-alt-del then stop explorer.exe and then start explorer again. That
> cleared it up. I have also ran AVG (which was installed and running at the
> time of the infection - so I replaced that with Antivir - which found many
> viruses (mostly webpage gen something) and a couple trojans than AVG missed.
>
> Additional bootup symptoms:
> I tried Safe Mode, and I get a loop where it gets back to the same
> bootup selection window again (safe mode, norma. last know good). I don't
> know if that's what this computer did before the current problem.)
> Combofix had me install the windows recovery console. The bootup goes
> through that so fast I don't know if I could select it. Also, I'm getting the
> XP bootup screen, not the XP Media Center bootup screen (when you get to
> loading with the bar moving back and forth. Media Center is loading, however,
> and TV plays fine. I see something about Media Center (black/white text at
> that bootup point) and then more text and then the three options (safe,
> normal, last known). Combofix had me install the Recovery Console. That shows
> up first, but it goes past it quickly - I don't know if there would be time
> to select it if needed. On a different computer the Recovery Console was on
> there was a 5 or so second delay.

Virus is / was the "fake" XP Antivirus 2xxx system. It is a "pain" to
repair. You need to install the Malwarebytes Anti-Malware and rename
the main EXE file to a COM since the "spyware" blocks all EXEs from
running.


Antivir apparently removed it. The computer is working fine, except for the
boot issue. Will the Malwarebytes fix the bootup issue?


.

Relevant Pages
Quantcast