PC won't start XP - only boots to bg screen

Hi,
I'm sorry I can't provide you with the PC specs. The PC in question is my kids computer and it is an emachine with XP installed.

Here is the deal. The PC will not start beyond the background screen. No icons, no start bar, no nothing other than the background screen. I have looked at a couple of files throrugh the Task Manager.

Yes it does come up over the BG screen by doing the three finger salute, Cntrl, Alt, Del. Can look at file names through TM but can not run anything. Nothing will start.

Can someone please help?

Thanks,
David

 

Can you boot into Safe Mode?

What internet connection do you have, Cable? DSL? Dialup?

 

The computer will boot to safe mode but it will NOT let me access anything nor can I see any icons or the start bar. Just the bg screen which is a nice picture of our dog but... I'd rather get the kids their computer back.

We have DSL and I have a wireless net set up with linksys which has a built in firewall. But the popup virus got through on the same pc last year about this same time.

The other thing I can tell you is that while browsing with the Task manager I saw a file called T.inx which I understand is some kind of Malware I think.

Thanks,
David

 

Can you run anything such as a online scan or antispy program?

Try this....go into Task Manager and click on "New Task" under the applications tab and enter "explorer" and let me know if things load.

If they do not then enter "iexplore" and see if an Internet windows opens. If it does try to run the below online scans.

Bit Defender

Panda Activescan

If you can run these scans, attach the logs to your next post.

 

Hi,
I'm back. Had to go to dinner with friends.

I tried to start windows explorer through the TM but it would not load. Same goes for IE no load. Just a very quick flash of the screen and then nothing.

David

 

Oh I was able to view some photos on the I drive with TM. No programs live on that drive though only photos and videos. That's a drive we use only for family photos and videos. I also tried to access the cd drive to run a program that way but could not do it. Seems that whatever is controlling the pc has a lock on anything that will start a program. If I put the computers restore cd in the cd drive it will boot to that and I can go to safe mode that way but all I get is the A: prompt and it will not let me change drives. There is no BG with that method either just the old black screen with the old dos prompt. Sometimes I wish we could go back to that. Life was simpler then.
D

 

Get on another computer and download the following files. Save these files to your desktop and once your have downloaded both of them Extract the contents of the lpt647.zip file. Once you have extracted all files from the ZIP file burn this entire folder to a CD or copy the folder to a USB jump drive.

Sysclean Package

lpt647.zip

On the infected machine, Boot to Safe Mode w/ Networking, try to login to windows. Get into TM, End every process you can including explorere.exe if it's listed. Under the applications tab select "New Task". When the box comes up select "browse" and then change the location under "look in". Point this to the location where the files you downloaded are and select the file "sysclean.com".

Let me know how this works out, if possible attach the log.

 

Good morning,

Okay that did not work.

1. Task Manager won't let me shut down all the processes. In fact when I try to shut down one of them the system pops up an error message about "System shut down initiated by NT AUTHORITY. System must now restart due to RPC termination unexpectedly."

2. Task Manager has the following processes running when I open it:
taskmgr. exe - admin - 02 - 3,872K
svchost.exe - local system - 00 - 1960K
svchost.exe - network - 00 - 2008K
svchost.exe - system - 00 - 10,200K
svchost.exe - system - 00 - 2876K
lass.exe - system - 00 - 1028K
services.exe - system - 00 - 3104K
csrss.exe - system - 00 - 2752K
smss.exe - system - 00 - 464K
system - system - 00 - 216K
system idel process - system - 98 - 20K

I'm pretty sure that the TM wants to shut down/restart when I get to the 2nd or 3rd svchost.exe pgm. TM shuts off as soon as I end the taskmgr.exe program which of course is itself.

3. I tried to access the sysclean.com program without shutting down all the processes through TM. I get a brief flash of what looks like an IE window but I can be sure because it's gone before my eyes can even focus on it.


A historical fact that my daughter reminded me of last night before going to bed was that when this problem first started a windows error message appeared on the screen.

That message read: "Your SQL Server installation is either corrupt or has been tampered with (could not open SQLEVN70.RLL) Please unistall then re-run setup to correct the problem. OK button displayed"

That was the last time we saw anything on that pc cause from that moment on what has been discribed thus far has been happening. No windows, no icons, no desktop, no nothing but background screen.

 

I apologize, I should have been more clear on my instructions. What I meant was to close all processes under your username, for example "Admin" was the username, close all processes running under Admin. It's ok though, no biggie.

So you was not able to run the scan?

If possible I need you to download the following items to a CD. Once you have burned them to the CD, install them using Task Manager. When you click "New Task", locate the installation file and run it. This should let you install the application. Once installed, try to update, if you can't just run the scan per the threads below. Try to run Spy Sweeper first and then Ewido if possible.

• Running Spy Sweeper...
  
  
• Running Ewido Security Suite ...

 

Hi,
Sorry for the long delay. Vacaton got in the way.

Okay I tried both ewdio and spy sweeper. Two things happened:

1. Ewido found and quarentined over 70 files.
2. I could not capture a list to list here, sorry.
3. Spy Sweeper could not be run. It just would not work at all

As a side note, I had to run ewido from the task manager. I could not install it on the sick pc and as I said, spy sweeper would not run at all.

PC is still sick.... it starts up, goes through the xp home edition screen, then to the long in screen, my kids are three and they each have their own login/user screen, then it goes to the bg screen with no windows task bar or desktop itcons.

Something has taken over my kids pc and whatever it is it is REAL nasty. I did discover something in the files called Brave Sentry which I learned is a Trojan program of some sort. Ewido did not quarentine it. I just deleted all the files in that directory and then removed the folder. I know that doesn't help much but it made me feel better. Like I was actually doing something.

I'm one step away from using the restore disc that came with the pc to just get it working again. Only thing stopping me right now is that I can not locate that disc. My daughter did something with it and ... well nuf said.

David