need advice: working on removing malware

Discussion in 'Malware Help (A Specialist Will Reply)' started by cvharper, Jan 28, 2007.

  1. cvharper

    cvharper Private E-2

    I have been having some problems I think might be due to malware. Symptoms include; 1) extremely slow boot-up and shutdown, 2) FPROT RealTime protector screen gives following message (see screen shot) 3) occasionally get HIPOINT ltd screen asking for permission to install. I'm currently going thru the READ & RUN ME FIRST. malware removal guide, but am wondering if I should be doing something else instead?
     

    Attached Files:

    cvharper, Jan 28, 2007
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Majorgeeks!

    The reason it is named READ & RUN ME FIRST is because it needs to be done first?;)
     
    chaslang, Jan 28, 2007
    #2
  3. cvharper

    cvharper Private E-2

    Thanks! That's just what I'm doing. But, need major help! Began to work on 5: Cleaning Malware, and set up to boot in in safe mode. Now, when it starts in safe mode, I cannot log in, and a can't change it back either. What do I do now?
     
    cvharper, Jan 28, 2007
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    • Why can't you log in? You need to describe in greated detail exactly what you are doing and what happens?
    • What user account name did you have in normal boot mode?
    • Is it the same account name that you are trying to logon to in safe mode?
    • Or are you logging into the Administrator account which only appears in safe mode?
    • Don't you know the Administrator password? Didn't you set one up when you installed your OS or when you first configured your PC if the OS came pre-installed?
    • If you did not setup an Administrator account password, it could just be blank (meaning no password). But on the other hand, not having your Administrator account password protected can allow malware to take control of your PC and they can set their own password which will lock you out.
    • What Windows OS are you running (98, ME, 2K, XP and which service pack level if using 2K or XP)? Do you have your bootable Windows CD?
     
    chaslang, Jan 28, 2007
    #4
  5. cvharper

    cvharper Private E-2

    1) The pc is a dell inspiron 8500 laptop with XP professional service pack 2
    2) To set up in safe mode I was logged in with my normal user name and password. I ran ms config and set the boot.ini tab to safe mode. When the pc restarted in safe mode, it sent me to the Windows Log In screen. I used the same username and password as i always use to log on. I got the cannot log on reply, try again.
    3) I thought I was the administrator on this PC, but maybe I'm not. Anyway, when I was unable to log on in my usual way, I tried to log on as "Administrator" and left the pw blank, but that did not work either.
    4) I do not think I have the original bootable cd, but I'll look to see if I can find it.
    5) Any other ideas?
     
    cvharper, Jan 28, 2007
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Yes and No! Did you try using a Use Last Known Good Configuration option if it is available as a choice.

    You need your CD (which the numbskulls at Dell probably did not give you or required you to purchase it as an option) or you will have to borrow a WinXP SP2 CD from someone.

    Since you are locked out, you are going to have to boot to the recovery console to run a procedure to change your boot.ini file back to the state where safeboot mode is not enable.

    If you cannot log into your account or to the Administrator account, it sounds like you don't know the passwords or that something has changed them. Do you remember ever setting the Administrator account password.

    Your only other alternative would possibly be to make the CD mentioned in the below link and then use it to Delete passwords for the accounts (do not change the passwords! Delete them!).

    http://home.eunet.no/~pnordahl/ntpasswd/


    However making this CD and using it may be outside the range of your capabilities.
     
    chaslang, Jan 29, 2007
    #6
  7. cvharper

    cvharper Private E-2

    I did find the xp cd, but it is from the original installation, before my sp2 upgrade. I will try to use it and see if I can get to the recovery console. I did not get a Use Last Good Known Configuration option. I don't ever rememer setting the administrator account password. I will also check out the link you suggested to see if I think I can get though it. Thanks. I'll keep you posted.
     
    cvharper, Jan 29, 2007
    #7
  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    See this link for additional info on the below steps: 10 things you can do when Windows XP won't boot

    If you can boot to the Recovery Console, we want to use step 5 from the above link. And the exact command you want to enter at the command prompt is below (there is a space inbetween bootcfg and /rebuild).

    bootcfg /rebuild

    As the instructions in the link specify, this completely re-creates the Boot.ini file. The user must confirm each step

    This should remove the /Safeboot option that is forcing you into safe mode.

    Once you can boot again. The first thing that you should do, is change the passwords for your account and for the Administrator account. Also make sure the Guest account is disabled. DO NOT use msconfig to boot in safe mode from now on. Try only using the tapping of F8 key method to get into safe mode.
     
    chaslang, Jan 29, 2007
    #8

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds