Spyware

Hey kinda haveing a bad day here. I managed to dl something not to cool. I am not able to dl the stuff such as ad aware. I have done a virus scan with Antivir, and also a scan with spy blaster s&d. I can't start up in safe mode or boot with my windows cd. I think the reason I can't boot in safe mode is because im missing my boot.ini file, thats why I tried to boot with my windows cd to replace it.

Windows xp home
pentium 4


- also i thought about installing windows on my other hd and wiping my origonal...most likely holding the spyware...but i haveing ever done anything like that >.<

 

Are you wanting to fix the spyware problem, reinstall windows or fix the boot.ini problem?

 

The spyware problem first. Just figured I would need to fix the Boot.ini. I have switched to another computer...it would seem i cant reply either. It just came to me that i can dl the stuff on this computer and install it on mine. Also i havnt tried to do any online virus scans.

 

Do you have the boot.ini file? If not, do you know how to replace it?

 

I dont have it. My understanding on how to replace it was to boot with the windows cd and repair it. But I cant boot with the windows cd either.

 

How are you logging into windows if you dont have the boot.ini file?

Have you set your BIOS to boot from CD-ROM?

 

No it boots from c:\windows.


The message it something like this:

"Invalid Boot.ini file

Loading from C:\Windows\"

 

1. Make sure the computer is set to BOOT from the CD-ROM or DVD-ROM drive in the BIOS.
(Do this by pressing F2 during the BIOS Splash Screen)

2. Insert the Windows XP CD-ROM into your CD-ROM or DVD-ROM drive, and then restart your computer.

3. When you receive the "Press any key to boot from CD" message, press a key to start your computer from the Windows XP CD-ROM.

4. When you receive the "Welcome to Setup" message, press R to start the Recovery Console.

5. If you have a dual-boot or multiple-boot computer, select the installation that you have to use from the Recovery Console.

6. When you are prompted, type the administrator password, and then press ENTER.
Note: If you do not have one, just press ENTER.

7. At the command prompt, type bootcfg /list, and then press ENTER. The entries in your current Boot.ini file appear on the screen.

8. At the command prompt, type bootcfg /rebuild, and then press ENTER.
This command scans the hard disks of the computer for Windows XP, Microsoft Windows 2000, or Microsoft Windows NT installations, and then displays the results. Follow the instructions that appear on the screen to add the Windows installations to the Boot.ini file. For example, follow these steps to add a Windows XP installation to the Boot.ini file:

a. When you receive a message that is similar to the following message, press Y:
Total Identified Windows Installs: 1

[1] C:\Windows
Add installation to boot list? (Yes/No/All)

b. You receive a message that is similar to the following message:

Enter Load Identifier
This is the name of the operating system. When you receive this message, type the name of your operating system, and then press ENTER. This is either Microsoft Windows XP Professional or Microsoft Windows XP Home Edition.

c. You receive a message that is similar to the following:

Enter OS Load options
When you receive this message, type /fastdetect, and then press ENTER.

Note: The instructions that appear on your screen may be different, depending on the configuration of your computer.

9. Type exit, and then press ENTER to quit Recovery Console.


Let me know if you have ANY problems with these instructions. After you have completed the above we will address the malware issues.

 

Yes this is the meathod I tried. When the computer starts to boot from the cd it first scans some files, then when it continues the pc freezes up.

 

Can you get into windows, safe or regular mode?

If so, go into Control Panel, click on System. Select the Advanced Tab, under "Startup & Recovery" click Settings. Where it says "Time to display list of Operating Systems" change it from 30 seconds to 1 second. Reboot and download the programs below.

Hijack This 1.99.1

Ad-Aware SE
Ad-aware SE referencefile SE1R71 19.10.2005

Spybot S&D
Spybot Search and Destroy Detection Update 10\17\05

Ewido Security Suite
Ewido-signatures-full-10-19-05

 

Ok done. The files are downloaded, any order you want me to install and run them?

Edit - also I still couldnt dl them on my computer...had to burn em to a cd and now I can transfer them to my pc.

 

Yes, first I would like a HJT log from normal mode if possible, if you cant then safe mode will work.

 

Inline log attached!

Ok what next?

 

Very sorry for the double post, the edit option was unavialble to me (even after the five min waiting). Feel free to combine this post with my previous one if necissary.

Seems todays work has ended, I will also call it a day. Two things before I go, I don't know if they will help. When I try to connect to msn messenger it says it has a proxy error. Second, I can boot up in window's normal mode but no other (safe mode\safe mode w/..stuff), even with the windows cd.

Thanks a bunch for helping today.

 

Please download the following items:

Pocket KillBox

L2MeFix Tool

Generic Detection Tool - NT/2000/XP


Please move the L2MeFix Tool to your Desktop and DoubleClick l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix Folder on your Desktop. DoubleClick l2mfix.bat and type 2 and ENTER to select option #2 for Run Fix. Then, press any key to Reboot your machine.
Your computer will go crazy for a bit, but just let it run. It should eventually spit out a log in Notepad. Please attach that log along with a fresh HJT log.

Please don't run any other files in the L2MFix folder.