Only have safeboot, what steps to run?

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by rpole, Aug 26, 2009.

  1. rpole

    rpole Private E-2

    I got hit a couple days ago. Bogus AV stuff showing up, message overlaying my wallpaper saying I was infected, real AV shut down, etc. when I started up a fake scan would start and it wouldn't let me close it down w/o hitting 'continue' or something like that. I tried to avoid it but that didn't last long. now when I try to normal boot I get an Explorer.exe application error. when I close that it goes to my wallpaper and that's as far as I get. I'm able to get in in safeboot but unable to do anything. I'm trying to go through the read and run me first but I'm not sure how far I should go? I couldn't uninstall Java to reinstall the latest version. I was able to download everything, I ran CC cleaner but wasn't able to install SAS. it says windows installer service could not be accessed. the FAQ's for SAS say it can't be used in safe mode. I'm not sure if I should just keep going through the steps and do what I can? I'm sure there is an order for a reason.

    also, it's weird, 3 or 4 times in a row I was able to bring up MajorGeeks but as soon as I tried to type in the box to login everything would freeze, but then I was able to login and type (after shutting down and restarting in safeboot again)?

    Curious what I should/should not try to do so as to not make things worse.

    Thank you 100x's in advance.
     
    rpole, Aug 26, 2009
    #1
  2. rpole

    rpole Private E-2

    I read more threads and went through the rest of R&RM. All was done in safemode.

    SAS - could not run.

    mbam ran but then said I needed to reboot to remove a couple things. I did, in safemode, and it locked up early on. I shut down and started again. it worked that time but I'm not sure if mbam finished what it was suppose to or not?

    combofix - said my CA Antivirus was still running. I checked, rebooted and double checked and it everything said it was disabled but when trying again it still said it was running. I clicked ok and continued and it ran. then it said something about safeboot and gave a log then went to a blank screen so I had to restart.

    (sounds sketchy and I apologize but w/ the scans taking time I was in and out and didn't see everything).

    rootrepeal seemed to run fine.

    mgtools seemed to run fine.

    I haven't tried to reboot in normal mode, to be honest, I'm afraid to.

    again, THANKS!!!!!!!!!!!!
     

    Attached Files:

    rpole, Aug 27, 2009
    #2
  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You need to attach an MGtools log from normal boot mode. You should only run in safe boot mode when normal boot mode does not work at all. Your logs do not show any remaining problems but we need to know how things look in normal boot mode.
     
    chaslang, Aug 31, 2009
    #3
  4. rpole

    rpole Private E-2

    Here is MGTools log from a run in normal boot mode.

    thanks chaslang!!
     

    Attached Files:

    rpole, Aug 31, 2009
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome. Your logs are clean.

    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
    2. If we used Pocket Killbox during your cleanup, do the below
      • Run Pocket Killbox and select File, Cleanup, Delete All Backups
    3. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /u
        • Notes: The space between the combofix" and the /u, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
    4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
    6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    7. Go to add/remove programs and uninstall HijackThis.
    8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
    9. If you are running Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning procedures in step 3 the READ ME for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.
    10. After doing the above, you should work thru the below link:
     
    chaslang, Sep 4, 2009
    #5
  6. rpole

    rpole Private E-2

    Awesome. It's unbelievable and amazing what you guys do for people. Have a great Labor Day weekend!
     
    rpole, Sep 4, 2009
    #6
  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome. Surf safely!
     
    chaslang, Sep 8, 2009
    #7

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds