Ms Config still in Selective Startup 1 of 2 with logs

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by acedgirl, Aug 18, 2008.

  1. acedgirl

    acedgirl Private E-2

    Working on son's computer after he stumbled into porn sites. Computer was having a lot of blue screen crashes

    I followed the Vista Cleaning Procedures at http://forums.majorgeeks.com/showthread.php?t=139681 Every reboot, kept getting message saying system config in selective startup. I would then manually switch it to normally by hitting ok (the apply button was grayed out).

    The various programs found the trojan horse, and browser malware...so I think every is okay; crashes have stopped...how can I be sure? (I haven't done the final steps of system restore points etc till I checked in here). And how do I get system config to go back to normal startup when it won't stay there?

    Is selective startup being controlled by some program like NOrton 360 or Spybot on my machine...and if so, how do I get it back to normal.

    Attached are logs. I'm a newbie at this so go easy on me.

    thanks a lot.
     

    Attached Files:

    acedgirl, Aug 18, 2008
    #1
  2. acedgirl

    acedgirl Private E-2

    Re: Ms Config still in Selective Startup 2 of 2 with last log

    Here's the other log.

    Thanks a lot in advance,

    Andi
     
    acedgirl, Aug 18, 2008
    #2
  3. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You didn't attach the MGLogs.zip.....also you didn't have MWB's fix the problems it found. Please run it again and have it quarantine/fix the issues.
     
    TimW, Aug 19, 2008
    #3
  4. acedgirl

    acedgirl Private E-2

    Sorry, I had posted the wrong log. Here is the corrected log showing things were quarantined and deleted. And there is also a re-run log showing no further items.

    Msconfig is still in startup mode, it doesn't highlight the apply button to let me change it.

    On the startup tab, there is nothing disabled. Same with the services, all are enabled, however there are some MS services stopped.

    Otherwise, the computer and browser are working fine (no more redirections, or blue screen crashes). So do I just need to get msconfig starting normally and then I guess I could turn back on UAC and system restore?:confused

    Thanks for your help,

    Andi
     

    Attached Files:

    acedgirl, Sep 7, 2008
    #4
  5. acedgirl

    acedgirl Private E-2

    Here is the mg logs.zip file. I've turned UAC back on.
     

    Attached Files:

    acedgirl, Sep 7, 2008
    #5
  6. acedgirl

    acedgirl Private E-2

    Re: Ms Config still in Selective Startup done some alternative scans

    Here are the logs for the alternative scans. It is still in Selective startup mode, and I saw some message emanating from the lower toolbar, I think from UAC or someother firewall that certain items were being blocked from startup, but was unable to get in that message definitively.

    These were all run in safe mode. Then I tried to rerun Avast in normal mode but it said I didn't have administrator priviliges which I do. I tried to enter in my user name and password but said they weren't correct.
     

    Attached Files:

    acedgirl, Sep 7, 2008
    #6
  7. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    ComboFix is removing things that it shouldn't.....let try doing this:


    Open NOTEPAD.exe and copy/paste the text in the code box text below into it. DO NOT include the Code: text that is outside of the code box.
    Code:
    @echo off
md C:\QooBoxBU
xcopy C:\QooBox C:\QooBoxBU /E
If exist C:\QooBox\BackEnv RD /S/Q C:\QooBox\BackEnv 2>nul
If exist C:\QooBox\lastrun RD /S/Q C:\QooBox\lastrun 2>nul
@(
echo.KILLALL::
echo.DeQuarantine::
echo.C:\QooBox\Quarantine\C
Quit::
)>%systemdrive%\cfscript.txt
Start ComboFix.exe "%systemdrive%\cfscript.txt"
exit
    • Save this as fix.bat onto your Desktop. Important!!! You must set the Save as type to All Files
    • It should have an icon like this: [​IMG]
    • Now find the Fix.bat icon on your Desktop and double click it to run it.
    • It should trigger ComboFix to run and also reboot the machine.
    • When it finishes running, 2 logs will be created
      • C:\ComboFix.txt
      • C:\DeQuarantine.txt
    • Please attach these logs. If you don't get a new ComboFix.txt log, that's okay just tell me.
    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).




    Then attach the below log:
    • C:\MGlogs.zip
     
    Last edited by a moderator: Sep 7, 2008
    TimW, Sep 7, 2008
    #7
  8. acedgirl

    acedgirl Private E-2

    I did as you requested, here are the various logs. I couldn't find C:\DeQuarantine.txt but have attached ComboFix-quarantined-files.txt


    BTW, I was able to get it to do normal startup by unchecking the load startup box under selective startup screen, and then the apply button became active so selected general startup.

    mglogs.zip to follow.

    How are we doing now? rolleyes
     

    Attached Files:

    acedgirl, Sep 8, 2008
    #8
  9. acedgirl

    acedgirl Private E-2

    mglog.zip attached.

    Thanks.

    Andi
     

    Attached Files:

    acedgirl, Sep 8, 2008
    #9
  10. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Tell me what problems you have now. Is everything ok with start ups? Is there anything that you think might be missing ( that combo quarantined)?
     
    TimW, Sep 9, 2008
    #10

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds