Boot to Bluescreen, no desktop

Discussion in 'Malware Help (A Specialist Will Reply)' started by aabillthecat, Oct 21, 2008.

  1. aabillthecat

    aabillthecat Private E-2

    I have started the malware removal guide. I am writing from the non-infected computer. It has been a chore as I have no desktop and must run everything out of task manager. I got as far as running SuperAntispyware which found 16 infections. Several versions of Vundo, and Media-Codec. I got as far as clicking OK in the scan summary. As soon as I hit "next" the screen went black and the computer re-booted. I have no internet connection in normal mode. I am going to go to the infected computer and try and send the SuperAnti spyware log files from safe mode. I just wanted to get the thread started. Thank you so much for any help you can provide. Bill
     
    aabillthecat, Oct 21, 2008
    #1
  2. aabillthecat

    aabillthecat Private E-2

    I have been able to achieve limited desktop by forcing explorer to run through task manager. It cycles continously and uses 99% CPU. I have stopped the explorer process as my computer runs too slowly to accomplish anymore of this. Also, luckily for now, I have internet in normal mode. I am attaching superantispyware log file. Will press on with next step of malware removal guide. Thanks, Bill
     

    Attached Files:

    aabillthecat, Oct 21, 2008
    #2
  3. aabillthecat

    aabillthecat Private E-2

    Thank you, thank you, thank you!!!! I now have a functional computer that seems to be working normally. Except, it's not letting me update my WinXP using the Microsoft update module. ie. I'm being prompted by the little yellow shield in the tray to update. It connects and tries, but lists about a dozen things it "failed to update". Also, when I boot I get the prompt to boot in recovery console. Not a big deal but it would be nice to boot normally. I have attached the remaining three log files having completed the entire read me first section. Again thank you so much. Bill
     

    Attached Files:

    aabillthecat, Oct 21, 2008
    #3
  4. aabillthecat

    aabillthecat Private E-2

    Also, if it will help anyone else with this problem, I found out how to stop the 99% cpu usage prob while working through this prob. When I first started the read me first checklist it took 10 hours to simply un-install my old version of java. I came to find that if I did "restart" the computer out of task manager, the computer would boot back up with the high cpu usage, making it all but impossible to do the rest of the list. Instead, I used the power button on the front of the computer to turn it off, then back on. I still didn't have a desktop for most of the rest of the procedures, but at least I had full processing power and was able to finish in good order. Bill
     
    aabillthecat, Oct 21, 2008
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    I see from your logs that you had not updated SAS before running it. Please run it now and get updates, then run a new scan and attach the new log. Also run MBAM and update it to the new version and run a new scan and also attach this new log. Your other logs are all clean and I just want to make sure that updated versions of these scans do not find anything else (or at least cleanup any minor remaining issues).

    Is your copy of Spyware Doctor a paid version or free version? Does it include their antivirus or is it only the antispyware program?

    Uninstall Spybot - Search & Destroy 1.4 which is the old version.

    You will need to address your Windows Update issues in the Software Forum as there can be many reasons why it is not updating. Sometimes adding update.microsoft.com to the Trusted Zone helps although we do not normally want to add anything to the TZ unless really required.
     
    chaslang, Oct 23, 2008
    #5
  6. aabillthecat

    aabillthecat Private E-2

    Thank you again Chaslang for all your help. I have done as you requested and have attached the new logs. My Spyware Doctor is a paid version with the antivirus engine installed and running. I hadn't used it in quite sometime. I forgot I had it. I have updated and started it. I disabled Nod 32, (don't want two antivirus progs running at same time. Now, though, my PC tools personal firewall won't run??? thank you again for all your help!!! Bill
     

    Attached Files:

    aabillthecat, Oct 23, 2008
    #6
  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Sorry Bill. Some how your thread just slipped by without me seeing it needed attention.

    You need uninstall NOD32 not disable it. Please do this now if you have not already done so.

    Your PC Tools firewall was not running because you disabled it using Spybot or similar. I saw the below in your logs:
    Stop disabling all of these and then uninstall NOD32.


    Now if you are still have problems, please explain exactly what they are.
     
    Last edited: Nov 4, 2008
    chaslang, Oct 31, 2008
    #7
  8. aabillthecat

    aabillthecat Private E-2

    Thank you again very much chaslang. I un-installed nod32 with no problem. For that matter I also un-installed PCTools firewall and installed Comodo instead. Everything is working great. Do I need to un-install combofix or any of the other progs I ran during the malware removal process? Not a big deal. They're fine where they are and my computer is running great. Again, I thank you enough for all your efforts on this absolutely fantastic site.
     
    aabillthecat, Nov 4, 2008
    #8
  9. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome. :)

    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommed you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
    3. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /u
        • Notes: The space between the combofix" and the /u, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
      • Delete the C:\combofix folder from combofix (if it exists)
    4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
    6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    7. Go to add/remove programs and uninstall HijackThis.
    8. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
    9. If you are running Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning steps in the READ ME for your Window version and see the steps to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.
    10. After doing the above, you should work thru the below link:
     
    chaslang, Nov 4, 2008
    #9

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds