Combofix damage ... help needed

spywarevictim77 · Aug 13, 2008

I got maleware infection on my PC, with a bluescreen and message "Windows Script Host", and it says "Can not find script file "C:\Documents and Settings\Owner\Local Settings\Temp\.tt2.tmp.vbs"

I was following procedures in "READ THIS FIRST" thread step by step and doing all antispyware etc, but at combofix step, PC got hung and after rebooting, I can's log in. As soon as I type my password on the logon screen, it begins logging but then suddenly logs out. I tried logging in repeatedly, but no luck.

Please help, just want to mention that I did recovery console installation alrite, and that option is asked while booting.

Thanks,

spywarevictim77 · Aug 14, 2008

Can someone plz suggest me a solution. Thanks a lot .........

chaslang · Aug 15, 2008

Can you boot in safe mode and login? If not, we will need to use the Recovery Console to try and restore the registy.

spywarevictim77 · Aug 15, 2008

Hi there, not even safe mode, not regular safe mode or safe mode with command prompt. Plz suggest what to do next.

Thanks,

chaslang · Aug 15, 2008

Okay we may be able to make your PC bootable again by using the reocovery console to restore the registry to a backup that was created by ComboFix using Erunt.

Reboot the PC and when you see the screen with the selection for the Recovery Console, move the cursor to select it and hit enter. This should noot the machine to the recovery console.

You must enter which Windows installation to log onto. Type 1 and press enter. This will select the C:\Windows installation.

At the command prompt ( c:\Windows> ), type the black bold print part of each of the below lines (one at a time) each followed by the <ENTER> key. The bold purple part text just shows what your command prompt will be changing to as commands are entered.

C:\Windows>CD ERDNT\SUBS

C:\Windows\ERDNT\subs> BATCH ERDNT.CON

C:\Windows\ERDNT\subs> EXIT

After the last command the machine should reboot to Windows.

Did this work?

spywarevictim77 · Aug 16, 2008

there was no SUBS inside ERDNT, rather HIV_BACKUP. I tried the "batch erdnt.con" there, several messages come saying "1 files copied" and then after exit, if reboots windows.

Like before, windows boots just fine. On the login screen, as soon as i enter my password, it says "loading your personal settings" and desktop starts to appear but immediately it disappears and login screen reappears saying "logging off" and "saving your settings" "closing network connection" etc. Even after multiple login attempts, both my user account and administrator account(safe mode), I can not get past login screen.

chaslang · Aug 17, 2008

Okay then you will have to use the Recovery Console to restore to a restore point from before running ComboFix. This should be the highest numbered restore point and the most recent. You will need to use the below procedure to do this:

How to recover from a corrupted registry that prevents Windows XP from starting

Log in or Sign up

Combofix damage ... help needed

spywarevictim77 Private E-2

spywarevictim77 Private E-2

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

spywarevictim77 Private E-2

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

spywarevictim77 Private E-2

chaslang MajorGeeks Admin - Master Malware Expert Staff Member