novice here, After running combo-fix cant get password login

i found i had a zeroacesss rootkit and after much looking around found the combo-fix and ran that. it confirmed i had the zero access and went througfh the prompts and it requested a restart which i dd.
NOW i cant even get the login screen to type the passowrd to even get to the desktop. its locked out completely. it wont system restore. it wont do anything.

is my laptop a paper wieght now? its totally locked and my work is in it of course. Worse is its a borrowed laptop of a friend. This all appeared while running through googles search pages, i hadnt even clicked on any yet.

so IDK. im lost. i dont know how to format it from this point either since it baiscally does nothing.
any ideas?

 

Hi and welcome to Major Geeks, radj2006!

I need some more information, answer the following:

• What Operating System is the infected laptop running? (Windows XP, Vista, 7)
• What exactly is the problem you are having when you try to start Windows? Look below to see examples:
  • I get all the way to the Windows logon screen, but as soon as I enter my password, it logs me in saying "Loading your personal settings", and then it says "Saving your personal settings" and immediately logs me out. So now I'm stuck at the Logon screen.
  • The only screen I get is "Windows XP could not start because the following file is missing or corrupt: \WINDOWS\SYSTEM32\CONFIG\SYSTEM"
  • I see the Windows logo but afterwards, the PC automatically reboots and it keeps doing that over and over!
  • When I start up, I get a Blue Screen Of Death and the PC just stays there until I force shutdown.
• Can you get into Safe Mode? Starting your computer in Safe mode
  • Using the same method above, instead of choosing Safe Mode, what happens if you choose "Last Known Good Configuration (last known settings that worked)"
• Do you have the Windows CDs that came with the laptop? We may need to use the Recovery console to revert back to settings before ComboFix was run if you aren't able to get into Safe Mode or if Last Known Good Configuration.

 

the system is a windows vista, it boots fine all the way to the - type in my pasword to get into the desktop but it wont let me enter any charaters. so until i can get past the typed in login its stuck. I dont know what else to tell you and no i dont have any cds for it.

i can get it to start in a mode that shows the system stats like whats inside the computer and stuff. but no safe mode becasue again i need a password to get to the desktop. I have the password thats not the issue, its the fact it wont let my type one in.

 

Thank you for clearing that up for me

What "start mode" are you referring to?

-----

Can you tell me if C:\WINDOWS\system32\drivers\i8042prt.sys exists?

• Do you know which service pack Windows Vista is running?
  • SP0, SP1, SP2?
• Do you know whether it is a x86 (32-bit) or a x64 (64-bit) Operating System?
• Do you have a USB Keyboard you can plug into the laptop for the time being?

 

sine i last was here we gave up and its in the repair shop being data transfer saved and reformatted, i hope we can load back in the dreamweaver programs and psd p7 files i was working on without reinstalling the stupid root kit. As it is I really dont know where i picked it up. Is it something that activates the instant you get it or does it hide araound a while like a few weeks or months and then activate? cause there hardly is anything i downloadat except for only software from cnet or watching movies on you-tube. any ideas?

 

Ok, thanks for the heads up.

If they are any good they will make sure the rootkit isn't present before giving you the machine back. Are they going to install the Dreamweaver program for you, or do you have the setup files/CDs at home and plan on doing it yourself?

Its effects are immediate. The rootkit itself is very stealth as it uses very low resources. However, any type of application that tries to access its Alternate Data Steam (ADS) process will be shutdown and blocked from opening up again. In every instance I have seen so far, this rootkit is also packed into the FakeAV software OpenCloud and Online Guard.

There seems to be very many sources of this infection as it running rampant on so many forums right now.
One article I found interesting was the following: ZeroAccess malware served via Google Alerts

Best regards

 

ipicked up my zero access in just google looking for forum software to purchase. (v bulliten) no sooner did I open the 2nd google related search page-- (NOT a link.) the dam thing popped up anmd froze everything.