Infected, XP login shutdown

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by tagtech, Jan 4, 2010.

  1. tagtech

    tagtech Private E-2

    Hello:

    I have a computer that was infected with two known malware components, 1)winlogon86.exe and 2)Internet Security 2010 - comodo antivirus locked onto these and was in the process of cleaning when the machine locked up, the speaker was sprewing out an audiable tone and the machine locked up. I had no choice but to power down the machine.

    Essentially I do not know what was cleaned and what was not before the machine locked up.

    Using XP CD recovery console - I have been able to "surf" the C: drive and verified that the following files have been removed from the computer:
    /s
    41.exe
    AVR10.exe
    critical_warning.html
    winhelper86.dll
    winlogon86.exe
    winupdate86.exe

    I do not know what other files to look for or verify if they are on the machine or not. If anyone has a complete list of what I need here that would be great but my real problem seems to be logging into the machine.

    When I boot the machine in either NORMAL or SAFE mode I get to the Cntl-Alt-Del LOGON screen and when I log into the ADMINISTRATOR account with the correct password, the dialoge box goes to settings then immediatley changes and displays shutdown and reboots to the logon screen.

    The machine is a Windows XP Pro box with SP3

    Nothing I try will get me past the logon screen, everytime I log in with the proper credentials it goes to shutdown and back to a Cntl-alt-del logon screen.

    If I use the wrong log in credentials, then it tells me the password is wrong. The correct password works, and starts to log in but immediatley switches to shutdown and logs off back to the Cntl-Alt-Del logon screen.

    I can start the recovery console and the boot.ini file reads as follows:

    Total Entries in boot list: 1
    [1] "Microsoft Windows XP Professional"
    OS Load Options: /fastdetect /NoExecute=OptIn
    OS Location: C:\WINDOWS

    I feel if I can just get the machine to boot in SAFE Mode or Normal mode I can take it from there but I cannot get past this logon, shutdown, restart loop I am caught in.

    Can anyone point me in the right direction?

    Thank you

    Kobie
     
    tagtech, Jan 4, 2010
    #1
  2. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    I would advise you to post in the software forum regarding your log in problems, however, as soon as progress has been made in software then you can come back here and we can make a start on the malware removal.
     
    Kestrel13!, Jan 6, 2010
    #2

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds