Can't boot in safe mode--can't run any executables. Please help me!

Discussion in 'Malware Help (A Specialist Will Reply)' started by gloeck, Aug 27, 2009.

  1. gloeck

    gloeck Private E-2

    Hi,
    Here is my situation. I read through the instructions prior to posting, but I can't complete any of the steps. PC Antispyware 2010 installed itself on my laptop. It changed my wallpaper to display a Warning message. Now I can start my computer in normal mode, but not in any variety of safe mode. I can't run task manager, or any executables. I can't remove programs. I can't even view properties on My Computer to turn system restore off. I've posted at a couple of sites to see if anyone has heard of this type of infection, but I haven't gotten any responses. I wish I had more info, but I can't produce an HJT log, I can't run ComboFix or Malwarebytes. Does anyone have any ideas about what I could try to do? Any help would be greatly appreciated.
    thanks,
    Matt
     
    gloeck, Aug 27, 2009
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    Note a HijackThis log would be of no use whatsoever.

    These infections use many different names for fake antivirus programs. They change all the time. The latest versions are replacing at least one required Windows system file with a fake copy and that file needs to be restored from a good backup. This however cannot be down while Windows is running. Thus you need to be able to run some specialty tools or you will need a bootable Windows CD to boot to the Recovery Console, or you will need to create a 3rd part CD that you can boot from and use it to restore the file. The files typically being infected (at least right now) are one of the below.

    C:\windows\system32\eventlog.dll
    C:\windows\system32\netlogon.dll
    C:\windows\system32\scecli.dll

    The infected copy is currently 60,928 bytes in size but that could change any day.

    Most of the time, users are able to run the below and get us the log from MGtools since it will frequently run even when other programs do not. So give the below procedure a try:

    Using MGtools
     
    chaslang, Aug 30, 2009
    #2

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds