Crazy Trojan/Malware or what not... only run on safe mode

Hey I have been reading these forums for a long time now and i usually find solutions but just recently i got the most stubborn/debilitating virus ever. I decided to post a thread cuse u guys are my last hope before I reformat!

I read the entire malware removal guide and unfortunately I ran into problems straight out of the gate. A bit of background on this virus... Basically I can't login to normal mode because the screen stays black with a white cursor and doesn't load. However, occasionally the desktop loads but when i try to execute anything the computer get extremely slow and freezes. I run fine in safe mode but I also have an issue with Tune Up 2012 which prevents me from doing things here and there even in safe mode. I ran a Kaspersky rescue disk and it said the virus was manifested from the Java folders but couldn't be deleted so I deleted Java manually and it didn't fix anything. Now my computer is shot beyond belief. Here are my issues with the malware guide...

1. I am running in safe mode which doesn't let me download java which I deleted like an idiot because I thought the virus was there. Since I don't have Java I couldn't download Hitman from the mirror.

2. Also Rogue Killer doesn't work because it can't find my C: drive and when i scan it literally takes 2 seconds and comes up with a bs log.

I also can't attach this log because apparently vBulletin needs Java?.. so i can't click any of the forum options..

Ugh i need your help bad guys... gimme some good news

 

Welcome to MajorGeeks, coolm200

Just wanted to clarify a few things as it may confuse other readers:
None of the tools we ask you to scan with require Java. Also we request that you uninstall old versions of Java anyway as they are exploited often. If you must use Java, make sure you are running the very latest version obtained from here.

__

Your problems do not sound malware related and typically something from Java cache folders alone wouldn't be preventing you from logging in normally.

http://img600.imageshack.us/img600/2693/mgtools.gif Let me know exactly what happens when you try to run MGtools from either Safe Mode or Normal Mode. Refer to this guide: Using MGtools

 

Thanks thisisu. I ran MGtools and it ran well as far as I could tell. In the middle of the scan a pop up for Trend Micro hijackthis appeared and asked me to accepts some license agreement but i disagreed cuse I didn't really know if it was part of MG or not. Also it said one DLL application couldn't be recovered/processed or something so I terminated it.

Attached the logs to the post.

Btw I can't install Java because the Java installer relies on Windows Installer which I can't run in safe mode.. just sayin

 

I'm not seeing any malware in your logs but to answer your concern, HiJackThis is part of MGtools.

Attach this log: C:\Users\Max\Desktop\RKreport[1].txt

http://img196.imageshack.us/img196/3557/tdsskiller.gif Now read and follow these directions: TDSSKiller - How to run

 

Rogue Killer can't locate my C drive for some odd reason and the log it gave me is based off of a 17 or so second scan but here it is

 

RogueKiller is working properly. It isn't supposed to be a long scan and it is listing files on your C: drive. This log is clean as well.

I still would like to see the TDSSKiller log when you get a chance

 

Well I ran TDSSkiller and got 8 unsigned threats which I told the program to skip. Here's the log.

 

Your logs so far are all clean.

Are you familiar with bootrec commands? You may want to try bootrec /fixboot to add a new bootsector. Yours may be corrupted.

More information on this can be sought at in our Software forum.

__

If you are not having any other malware related problems, it is time to do our final steps:

• Any programs we had you download and/or install can be removed at this time.
• If we had you download and run ComboFix, here is how to uninstall it:
  • Press and hold the Windows key http://i1106.photobucket.com/albums/h363/debojyotidas/Windows_Logo_key.gif and then press the letter R on your keyboard.
  • This opens the Run dialog box.
  • Copy and paste the below text inside the text-field:
    • "%userprofile%\desktop\ComboFix" /uninstall
  • Now press ENTER
  • ComboFix will extract its files one last time and you should receive a notification that ComboFix has been uninstalled shortly after.
• You can re-enable your Disk Emulation software at this time via DeFogger.
• If we had you create or download a registry patch or "fix" script, these can be deleted at this time.
• Go into the C:\MGtools folder and run the MGclean.bat file to remove additional traces of our tools.
• Now we will toggle System Restore to remove any infected system restore points.
  • Read this: How to Disable And Enable System Restore
• Lastly, here is a guide to protect you from future infections: How to Protect yourself from malware!
• Be safe

 

With all due respect you didn't help me with my issue at all. I boot to normal mode and my desktop pops up but everything is extremely unresponsive and slow. It takes me over an hour just to load my web browsers home page and all other programs just never start. This lead me to believe that I do have malware. If you could help me out further or tell someone who might know more about the issue I would appreciate it. Also could a bad partition cause this?.. because i was messing around with my partitions not long before my comp started to act up...

 

Hello,

I am sorry to hear that you feel that I have not helped you at all. I have reviewed all of your logs which includes your partition table that you were concerned about and there are no problems shown.

Code:

  Volume 0     E                       DVD-ROM         0 B  No Media           
  Volume 1         RECOVERY     NTFS   Partition     14 GB  Healthy    System  
  Volume 2     C   OS           NTFS   Partition    451 GB  Healthy    Boot    
  Volume 3     D   DATAPART1    NTFS   Partition    368 GB  Healthy     

What I was referring to with the bootrec commands is that this may address a corrupted boot sector. Basically, I believe your computer problem is related to data corruption which is not caused by malware.

Since I do not believe your problem is malware related, I referred you to the Software forum as there are people there that deal with non-malware related issues.

I will have someone else review your logs if that will make you feel more confident that your logs exhibit no malware related behavior.

 

Code:

Locating all files created in C:\
d-sh--w                 0 2012-06-21 23:47:07  C:\found.000

Another reason why I believe data corruption is the problem here. These type of folders are only present on computers that had corrupted files on them after running a chkdsk. The corrupted files are placed in folders like these in the systemroot.

 

Thanks I trust your judgment. How would I go about getting help with my corrupted data.

 

Hello,

Go here: http://support.microsoft.com/kb/927392

Scroll down to /FixBoot

The command you will be running from Command Prompt while in System Recovery Options is:

• bootrec /fixboot

 

My computer didn't come with a system recovery disk so I'm not sure how I would go about doing that.

 

Try this method (no disc required).

To enter System Recovery Options from the Advanced Boot Options:

• Restart the computer.
• As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
• Use the arrow keys to select the Repair your computer menu item.
• Choose your language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account and click Next.

 

I tried this but it doesn't work because as soon as I hit repair computer, it loads to normal mode. Once i log into my account in normal mode I can't do anything like usual :confused

 

I was afraid of that. In this case, you will need a disc to access System Recovery Options.

If you are able to boot into Safe Mode with Command Prompt, you can try these commands to see if they help but we still will not be able to run the bootrec commands from here.

• chkdsk c: /r
• sfc /scannow

__

Afterwards, install this while in a Safe Mode: Puran Defrag Free Edition
After it is installed, open the application and select your C: drive => Boot Time Defrag => Restart>Defrag>Restart

__

Most of these tasks can take a few hours, please be patient.

 

I tried both chkdsk and /sfc yesterday. /sfc came back clean both times I ran it and chkdsk didn't solve much. I'll check back in when the defrag finishes but I think the only way to fix my computer now is to do a factory restore. Unfortunately Ctrl+F11 isn't working for me and the f8 option as you know isn't working... suxmen :major

 

Agreed this is why having boot CDs is so important, unfortunately Dell and the rest of the big name brands do not provide their customers with them.

Another way force it to boot to the Recovery partition is by using a boot CD like the following (it's free): GParted Live
From here you can set the "RECOVERY" partition as Active so this tells your computer to boot from this partition instead of the others.
Save changes and reboot without the disc and it should force the computer to boot into the RECOVERY partition.

 

Dell.. u screwed me again -__-

I have a thing in my maintenance folder that says "create a system repair disk". Do you think that would have the Dell Data Safe Restore on it?

 

I do not think so. I believe this refers to making a system repair disc so you can access System Recovery Options.

 

Hey just checking in...

I got an operating disk CD from Dell and I'm going to reformat my comp so if you have any suggestions for how I should go about that let me know

Thanks for all the help brother

 

You're welcome.
Back up any important data (music, pictures, documents, videos, etc) before you reformat the computer
Be safe.