Computer Support Forum

OK I've got the Privacy protect malware & no safe mode

Question: OK I've got the Privacy protect malware & no safe mode

Hi Folks, Yes I've got the privacy protection Malware, currently running windows XP on a dell laptop and I cannot start up in the safe mode, no Internet start up or execution of any programs allowed. Looks like I can strip documents & information off but thats about it. Can anyone share my options to cure this problem?

Thanks in advance - L

Relevance 100%
Preferred Solution: OK I've got the Privacy protect malware & no safe mode

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: OK I've got the Privacy protect malware & no safe mode

Hello LarsLind,I moved this to Am I Infected.For the connection try these...Please click Start > Run, type inetcpl.cpl in the runbox and press enter.Click the Connections tab and click the LAN settings option.Verify if "Use a proxy..." is checked, if so, UNcheck it and click OK/OK to exit.Now check if the internet is working again.ORGo to Start ... Run and type in cmdA dos Window will appear.Type in the dos window: netsh winsock resetClick on the enter key.Reboot your system to complete the process..Please follow our Removal Guide here Remove Privacy Protection (Uninstall Guide) .After reading how the malware is misleading you ...You will move to the Automated Removal InstructionsAfter you completed that, post your scan log here,let me know how things are.The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.Also the other tool log.. A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).Copy and paste the contents of that file in your next reply.

1 more replies
Relevance 72.16%

Hello,

I've got a peculiar and suspicious problem, but an expert in the Malware Removal forum found no infection on my computer (see the thread here.)

One of the symptoms I'm seeing is that the Malwarebytes' Anti-Malware (MBAM) installer will not complete without errors in Windows XP Pro SP3 after a normal boot. After acknowledging the errors during the install routine (which are always the same, a screenshot is attached to this thread), the installer seems to finish. However, the second symptom is that MBAM then will not run due to the same pop-up error message. It's a Visual C++ Runtime Library error that says, "This application has requested the Runtime to terminate in an unusual way. Please contact the application's support team for more information." Please see the screenshot in this Malware Removal thread.

I know that normally, some malware will disallow running the normal filename for MBAM, so the first thing I tried was renaming the file to something else, including using different file extension such as .com, .bat, .scr, and .pif. None of these renaming attempts worked. This is where I started to observe really strange behavior. After uninstalling my first MBAM install attempt, I found that I could install MBAM when booted to Safe Mode (after changing the registry to allow this and starting the installer service in Safe Mode). After the install I could also run MBAM in safe mode. I then rebooted to normal mode, and MBAM sti... Read more

Answer:Malwarebytes' Anti-Malware Runs in Safe Mode, but not in Safe Mode With Networking

Re: Malwarebytes' Anti-Malware Runs in Safe Mode, but not in Safe Mode With Networkin

I just found the solution to this issue in Malwarebytes' own forums here. Apparently this is a known bug.


Thanks,

krellkraver
 

1 more replies
Relevance 71.34%

a friend of mine is having a bit trouble with her teenage son who knows his way around a computer.she has put a password on but he goes into safe mode to get round this.i know how to password protect safe mode but will he be able to get round that, if so how do i stop him.is there any free software that i can use.was going to use administrator password but you can use a generator to get round this.

Answer:help to password protect safe mode etc

Hide the mouse.

10 more replies
Relevance 70.52%

My 16 year old has found a way to make himself an administrator and he also has no problems cracking my user/administrator passwords. I believe he achieves this by entering Safe Mode at start up and I would like to keep him out of safe mode to see if this cures the issue. I just installed Window Vista and purchased a new gateway desk top.
 

Answer:Disable or password protect Safe Mode

Take his front door key off him, and shut the door behind him on his way out.

Chop all his fingers off.

Tie some string round his nuts, and keep it short.

or

Hire him out to Microsoft, they is in short supply of new id10t errors.



 

7 more replies
Relevance 70.52%

Does anyone know if there is a utility that can password protect the ability to boot into safe mode?
The underlying issue is that if you boot into safemode with networking the internet filtering program I have doesn't load. If there is some way to make sure this loads even in safe mode that would work just as well.
 

More replies
Relevance 65.19%

whenver i start the system in normal mode it shuts down after a few second (or atleast until the avg antispyware program detects the malware and asks me what i want to do with it then it shuts off and gives me a blue screen of death) but whenver i boot it on safe mode it will never find it so i am not able to get rid of it, is there a solution to this problem
 

Answer:malware can't be found in safe mode and the system shuts off in normal mode

Welcome to Majorgeeks!

Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, renaming, running, and posting HijackThis logs as attachments.
Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
Make sure you check version numbers and get all updates.
Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:
Downloading, Installing, and Running HijackThis​Make sure you also rename HijackThis.exe as suggested in the procedures. Use analyse.exe for the new name. This is very important due to some new infections going around.​
When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too:
CounterSpy - only for Windows XP, 2K, & NT users
AVG Antispyware log - ONLY IF NEEDED you were not able to run CounterSpy. - only for Windows XP, 2K, & NT users
Bitdefender - from step 6
Panda Scan - from step 6
runkeys.txt - the log from GetRunKey.bat
newfiles.txt - the log from ShowNew.bat
HijackThis

NOTE: You can o... Read more

5 more replies
Relevance 64.78%

Just a general question:1. When doing a routine scan for viruses and malware, etc. (and just generally speaking), is it better to scan in safe mode or regular mode? 2. If you scan in safe mode, is there anything that wouldn't show up (that you could potentially miss) that *would* show up in regular mode? 3. Or is safe mode just better all around, and everything is covered (plus more) that you'd find with scanning in regular mode?(I'm referring to scanning with AVG A/V, AVG Anti-Spyware, SpyBot (old version), and Ad-Aware SE.)Thanks!

Answer:Better To Scan In Safe Mode Or Regular Mode For Virus/malware?

Safe Mode is a troubleshooting mode designed to start Windows with minimal drivers and running processes to diagnose problems with your computer. This means some of the programs that normally run when Windows starts will not run.The Windows operating system protects files when they are being accessed by an application or a program. Malware writers create programs that can insert itself and hide in these protected areas when the files are being used. Using "Safe Mode" reduces the number of modules requesting files to only the essentials to make your computer functional. This in turn reduces the number of hiding places for malware, making it easier to find and delete the offending files. Using your anti-virus and anti-malware tools, in "Safe Mode" also speeds up the scanning process. Read "Beginners Guides: Windows XP Safe Mode Explained" and "What is 'Safe Mode' used for and why?"

4 more replies
Relevance 64.78%

I'm new to this forum and not a very sophisticated user, but help would be appreciated. I am running Windows XP (Build 2600.xpsp_sp2_gdr.080814-1233: Service Pack2). My computer froze and I had to hold power button to shut down. Shortly before I froze a window popped open to tell me that windows security firewall had been changed to off. I switched it back to on, but then the computer froze up a few minutes later. When I try to boot in normal mode I can log-in, but about 3 seconds after I see my desktop the screen goes black and I need to hold the power button down to turn off. I am only able to boot in safe mode. I have run spybot and adaware in safe mode and they find 'Virtumonde'. Spybot also finds 'MicrosoftWindowsSecurityCenter_disabled'. I correct/fix these problems in the software, but when I reboot nothing has changed and when I run them again (in safe mode) they find the exact same problems.

I tried following the directions on 'Read and Run me First', but don't get far because I can only boot in safe mode... I can't use the program uninstall that is part of the control panel to get rid of the Java updates of which I have a few - this seems to be because I am in safe mode. Also, it sounds like steps 2 and 3 also require to be booted in normal mode. Is it possible to complete 'read and run me first' in safe mode?

Any advice on how to proceed from here would be appreciated. thank you.
 ... Read more

Answer:Can't boot in normal mode - Malware removal Safe Mode?

I decided to finish running the scans that were suggested in Safe Mode with the exception of Super AntiSpyware which I could not install in safe mode. After completing, I was able to boot in normal mode and so far it is working. I have attached the logs for you to look at and let me know if there are any other fixes I should undertake. Thanks for a great site!
 

6 more replies
Relevance 61.91%

if you are connected to a network wirely or wirelessly, through a server so you have to have a password and username to access the internet through that main server (a computer with windows server installed on it that can allow ur MAC address to access the internet) what actually the network administrator can know about you? can they steal your passwords and sniff your chat conversations? can they see your desktop as your working on your computer? what if I had a software installed to encrypt my connection like PGP desktop 9.8.1 ... how to prevent him from stealing my info. and know the websites I'm accessing... please help me protect my privacy! Thanks in advance
 

Answer:Please help me protect my privacy

9 more replies
Relevance 61.91%

Windows 10 privacy problems: Here?s how bad they are, and how to plug them. This is a CNN report.

Answer:Protect your privacy....

that was a good read

5 more replies
Relevance 61.91%

How to Fight Back Against Congresss Attack on FCC Privacy Rules

TThis is merely an intro into keeping your ISP from gathering and selling your information.

Answer:Protect Your Privacy

Here's a good resource for selecting a VPN that's trustworthy
https://thatoneprivacysite.net/vpn-comparison-chart/
.

23 more replies
Relevance 61.09%

Bitdefender is one of the worldwide leaders in computer security. With an advanced protection, fast performance and easy management, it is one of the top security programs in the anti-malware industry.Bitdefender provides
different protection levels, from Antivirus to Total Protection and mobile devices.

Bitdefender Antivirus Plus is the entry level protection program and formerly named product of the year. It provides the fastest speed and high protection with a single click.
Bitdefender Internet Security is a powerful and complete security program that protects from all kind of threats. It is good for you and your family with the integrated parental control and the two-way firewall.
Bitdefender Total Security is the ultimate protection suite that provides the maximum protection and system optimization as well as device anti-theft and file encryption features.

Answer:Antivirus Protect Your PC & Privacy

SPAM. FE informed

1 more replies
Relevance 61.09%

I've created a guide about How to Protect Your Online Privacy.

Please check it out and leave any feedback in the comments section of the site.

Thanks.
 

Answer:How to Protect Your Online Privacy

Translation: For above post!

thank,good tips. Advanced Security to usethe Tor Browser Bundle and all is well
 

2 more replies
Relevance 61.09%

with facebook and google and pretty much everything down to autozone trying to gather personal information about you to keep track of everything you do.

how do you manage you rprivacy without being an obsessed conspiracy nut?

i mean i go to parts store they want to know where i live my email and what food i ate last sunday...

More replies
Relevance 61.09%

Hi All

It seems this is a very technical forum but I will post my concern anyway. Hoping someone could help...

I'm quite sure that our IT officer is spying on my computer: checking my emails and chats on messenger and skype,etc. Is it possible to stop him?
once I was back from leave and he had to change the operating systems. When I came back and started my computer, Y!Messenger started automatically and I was connected!
Today I was connected to Yahoo and then my computer logged me off for no reason.
Is there somewhere in the system he can find my passwords? Can I do something to protect my intimacy?
thanks for support...

oxforddd
 

Answer:How can I protect privacy at work

I'm afraid we cannot help you with effectively circumventing company policies

we do not know what the IT policy is at your company , and if they allow personal use under certain conditions and with certain restraints.

Also you should not be allowed to install any programs onto the PC without company permission anyway.

so closing post
 

1 more replies
Relevance 61.09%

TRY Ghostsurf and u'll regret for not using since u first learned how to use ur computer!

"By surfing the Web you are exposed to hackers, bombarded by advertisements and subjected to spyware. Everything you do and download online can be watched.
GhostSurf 2005 Platinum protects your privacy and prevents Internet pests from spoiling your online experience. GhostSurf ensures your safety online by providing an anonymous, encrypted Internet connection, as well as stopping spyware, eliminating ads and erasing your tracks. "

http://www.digitalriver.com/dr/v2/ec...P=0&CACHE_ID=0

Answer:The best software to protect your privacy?

Yea I used ghostsurf, it's cool, but the downside is you have to pay for it. I prefer using a free proxy to surf the internet. And if I need protection from hackers/ads/spyware I would use corresponding software to battle them.

1 more replies
Relevance 61.09%

I was just sent the following guide by one of my old schoolmate on how to disable features in Windows 10 that hurt your privacy.

Fix Windows 10 Prvacy

By default, Windows sends a lot of your information to their servers sometimes without asking you to opt-in. Follow this guide to fix Windows 10 and restore your privacy.Click to expand...
 

Answer:How to Protect your privacy in Windows 10

Installing Win 10 I have to set the customized settings twice with a reboot in between.
anyone experienced this one ?
look like a Bug
 

7 more replies
Relevance 61.09%

RE: Tutorial "How to use CleanUp! to protect your privacy"http://www.bleepingcomputer.com/tutorials/how-to-use-cleanup/I tried twice to download and install CleanUp! but both times got an error. The file size is not correct. The tutorial was written in 2004. Apparently something has gone wacko since then.

Answer:How To Use Cleanup! To Protect Your Privacy

The link worked for me.File size is 311 KB.If that link doesn't work for you, try downloading it from here:CleanUp!Please read all cautions, and warnings, before using.

18 more replies
Relevance 61.09%

Get These Tools :
1: Disconnect Search
2: Disconnect
3: Ghostery
4: VPN with no logging message me and ill tell you if they really do I post on HF too
5: HTTPS Everywhere
 

Answer:Protect your privacy online

1. DuckDuckGo or StartPage
2. Ghostery
3. None
4. Private Internet Access
5. HTTPS Everywhere

.....And I still think Privacy doesn't exist on the internet.
 

39 more replies
Relevance 60.68%
Question: Safe Mode Malware

By the way all...This forum is the best and I have read dozens and dozens looking for an answer.

I have had the virus for several days now. I cannot connect to the internet. Malwarebytes finds the same two hijackers everytime I get it to run. Most programs are disabled. I cannot restore because its switched off and switches its self off. No bootrescue disk will run. taskmanager is disabled and everytime malwarebytes runs it is disabled again on startup so I have to change it once more. Sometimes it takes half an hour to boot up so constantly resetting it is a nightmare. Windows defender is disabled since my genuine windows is now labelled a fake. I have scanned countless thousands of files looking for the virus. Deleted the same ones over and over again but nothing has worked. Is it time to boot and nuke, something else I found on a forum.
My computer expertise is very limited. I have tried all the things on every forum I have trawled through. My infection is total and nothing anybody else has done works.

Answer:Safe Mode Malware

Hello, first of all, could you post me an MBAM log so I can see what keeps getting detected?

1 more replies
Relevance 60.68%

Hi

I would be grateful for your help please.

AMD Athlon 3800 64 x 2 dual 2.0GHz 960Mb RAM
Win XP Home Service pack 3
AVG9 free & Zonealarm

Few days ago pop up for Antimalware Doctor; scanned with SAS & MBAM but had to stop process to delete one of the files found. PC clear after that.

However, next day Google redirects even when not using Google search. Discovered proxy in Firefox and fixed. (Options, advanced, network, connection)

Ran SAS last night; nothing found. Was going to run MBAM but too tired so decided to leave till morning. Today can only start in safe mode. Tried to change it in msconfig but no deal. Ran SAS & MBAM - nothing found but I know the file "newsecureapp70700" is there but doesn't show up. It's showing in startup in msconfig.

Can't run Combo fix because I can't disable AVG9 in safe mode. Believe me I tried and can't uninstall it either.

I'm running Spybot S & D as a desperate measure.

Please can someone help? Using another PC to post this.
Regards

Carol
 

Answer:Can only run in safe mode - have malware

Ran SAS last night; nothing found.Click to expand...

I need to see the log from it regardless. Also the log from MBAM.




Can't run Combo fix because I can't disable AVG9 in safe mode. Believe me I tried and can't uninstall it either.Click to expand...

Just run it anyway, and then also run MGTools.exe

Attach those 4 requested logs.
 

13 more replies
Relevance 60.27%

1.How can I prevent the other PC to connect or to share/view/access my files.

2. Is it if you don't know what the password of the other PC you can't access that PC (Guess account is disabled). Even if the both PC run an Admin account.

To sum it up, How can both PC both access the internet freely without accessing each other drives/account/files (a privacy issue).
 

Answer:[HELP] How to protect my privacy from ROUTER access

Hi hysoak and welcome to MGs.

To prevent access of files, you can right click any file and choose Security and Sharing and make sure the file has no check mark to share it and no file share name entered.
The 2 computers can be put in different workgroups under computer name/network identification under System properties.
Also, you can make sure the user account is password protected and guard the password. As an administrator account, you can change it (if it is known now) and keep the changed password secret.
 

1 more replies
Relevance 60.27%

10 tips to protect your privacy on Facebook.

How to block prying eyes from your profile, photos and posts

Related: Make Your Facebook Account Private.

-- Tom
 

Answer:10 tips to protect your privacy on Facebook

Tip #1 don't have a Facebook account.

.
 

1 more replies
Relevance 60.27%

Okay, so I'm starting research for my next article. It's going to be about How to Protect your Online Privacy.

Please let me know what you think of my steps. I'm going for more of a paranoid perspective than a combination of usability and privacy. (I know they're after me, oh no, there they are.) :google:
I know cookies should be disabled globally and allowed on a site-per-site basis.

I am also blocking flash globally and allowing it on a site-per-site basis. I believe this will protect against flash cookies.

I'm using an ad-blocker. This should block many of the ads that would report information back.

I also know about using Anonymous Surfing Services (like those discussed here) to mask your IP.

I will also advise blocking all scripts globally and allowing them on a site-per-site basis. This should block all types of super-cookies (including Evercookies). Thus I don't think I need to advise blocking flash any more as if scripts are disabled flash cookies shouldn't be able to be set. Please let me know if I'm wrong.

Can you please comment on my ideas and let me know if something I'm going to recommend isn't enough (or adds nothing in terms of privacy)? Also, please leave any other suggestions you may have that I haven't mentioned.

(I'll update this post as I am given new information.)

Thank you.
 

Answer:I need input on how to protect online privacy

Use encryption where possible, do not reveal personal information, block third party cookies, delete cookies when you close the browser?
 

15 more replies
Relevance 60.27%

If you're going to use Facebook, you must be aware of your privacy settings. Here are the essential tips you need to know...
Read More
 

Answer:Facebook Privacy: 8 Ways to Protect Yourself

I got my Facebook profile locked down so mine is really hidden.
 

4 more replies
Relevance 59.86%

A friend of mine asked me to take a quick look at his computer just before he went on holiday as he has picked up a nasty little bit of malware. Bascily its locked us out of the computer completely. On boot up the system (Win XP) goes through all the normal things and we can see the desktop etc. but right at the end of the process we get a full screen with some guff about illegal activity being found etc. and to get it released then we have to pay 100 using bitcash as a 'fine' to get it unlocked.

OK I thought just boot into safe mode and run the usual anti-vius, adware, or Spybot but it comes up even in safe mode. I cannot run any other program or get to the run command or anything as this programme just sites there. CTRL-ALT-DEL brings up the usual screen but if you try and run task manager it doesn't so its disabled that as well.

I tried booting into safe mode with command prompt but thta just hangs. Any ideas how I can stop this bloody thing loading or get to a point where I can access windows ?
 

Answer:Locked Out by Malware - even from safe mode

Hello shaygate,

Interesting one. I wonder if you can boot the machine from CD? If so try this:

Download Peazip to the desktop
Run and install the programme
As it installs this page will show, deselect the AVG ticks
Press decline and it will then install cleanly



Download the following files to the desktop .. Right click the links and select save as...then select desktop

Rufus

OTLPE_standard

Right click OTLPE on your desktop and select ..Open as archive


Select OTLPE standard



Click Extract, ensure that desktop is selected



Insert the USB stick Then run Rufus

Select the ISO file on the desktop via the ISO icon.

Press Start Burn
Once the USB has burnt then

Download Farbar Recovery Scan Tool and save it to the flash drive.

Reboot your infected system using the boot USB you just created.
Note : If you do not know how to set your computer to boot from USB follow the steps here
As the Programme needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads
Your system should now display a Reatogo desktop.
Locate the flash drive and run FSRT
The tool will start to run.

When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

 

1 more replies
Relevance 59.86%

Please help!

I have a lot of problems here,
I had pop ups and scratchy noises when I moved my mouse and settings being changed around , Im using Malware bites, Super Antispyware and Spybot and nothing was detected, even in safe mode.
I did a Panda scan and it picked up a trojan and malware which Nod 32 did not, I can not remove Nod32 fully so I can not reinstall a new antivirus.
Thanks

Answer:no antiviruIn safe mode now with s and a lot of malware

try and get through this-

http://www.techsupportforum.com/secu...oval-help.html

1 more replies
Relevance 59.86%

Ok, I am having several problems, but the fact that I cannot load windows now is the most important one. I have to say what happened first though.I was (and am) having trouble with this Antivirus System Pro virus that is going around. I tried many things, including Malware Bytes (which was not allowed to run by the virus) and I also tried removing it manually (deleted the iehelper.dll and the registry entries), but the problem persisted. I tried restarting in the Safe Mode by pressing F8 as usual, but it did not work. It would start in the normal mode however.But here I made a mistake I guess. In order to get into the Safe Mode, I went to msconfig and chose the /safeboot option under the BOOT section. Now, the computer tries to boot in the Safe Mode, but it cannot, and when I choose the "normal startup", it again tries to the Safe Mode and obviously fails. I can get into some manner of "command prompts" (by going to the "HDD recovery" mode and it gives me a prompt). But I don't know how to remove the *censored* /safeboot option from there so I can at least start in the normal mode. Can someone please help?

Answer:Malware and Safe Mode problems, PLEASE HELP!

Do u have a windows CD? If u do boot from it and try Recovery Console. If u don't see if u can borrow one.Follow this linkhttp://www.computerhope.com/issues/ch000465.htmRead this article for some very good information. It might be that u just need to: Misconfiguration with the boot.ini file Corrupt boot sector / master boot recordWrite back and let us know.

1 more replies
Relevance 59.86%

My son's netbook which is running Windows 7 has the malware Virus Protection. I cannot boot the computer without it loading, and I cannot boot the computer into any safe mode (safe mode, safe mode with networking) without the malware running. How can I get the computer to boot up into some mode to start running any of the malware removals?
 

Answer:Malware has hijacked safe mode

You did not directly say that you could not run any programs. Can you run any of the below:

Task Manager
MSconfig
Regedit
Is Windows Defender running on this PC?
Have you tried running each of the tools in the below. Don't assume none will run if one does not run. Try them all including MGtools

READ & RUN ME FIRST. Malware Removal Guide
 

1 more replies
Relevance 59.86%

Hi guys. I just joined this site and this is my first post. My desktop has been infected with Malware/Viruses and won't boot in any mode (safe, safe + networking, last good setting, or normal mode). The closest thing I get is when i go to safe mode and i get a total black screen with no start button or taskbar and on each of the four corners says "safe mode". However, I cannot do anything else on the screen. (Using laptop right now due to desktop being down)

After some research on the web I found that I could try the Avira Rescue CD and would hopefully remove the malware/virus. It's been almost a week but if memory suits me right, the virus was called Cleanup Antivirus. I also was experiencing google redirects. I have already finished most of the steps on the following Avira rescue cd instructions website:

http://forum.avira.com/wbb/index.php?page=Thread&threadID=82163

I am currently stuck on step 7 part 2&3. The reason for this is because in the command line, I type exactly what is instructed but the only thing it does is in the next line says:

"Devices" (text is in a neon greenish-blue font) (This is when i type in "ls /mnt")
When i type in " /mnt " it then says "/bin/ash: /mnt: Permission denied"

Not sure what to do because I have already restarted my computer and tried all modes including safe and normal but am still unable to get my normal computer settings.

I would get my log files with Hijack ... Read more

More replies
Relevance 59.45%

Hi,My Computer which has Win Xp Sp3 is behaving like it is in safe mode , eventhough it is in normal mode .I noticed this because ,1. Avira Antivir Guard and Update cannot be launched bcz Scheduler is not running.2 . I tried to start scheduler ( under services.msc ) , but can't start it bcz of error 1084 ( safe mode situation ) .3 . I can't use Windows Update , bcz of error Error number: 0x8007043C ( same safe mode condition )4 . I ensured that BITS was set to automatic , but it can't run bcz of 1084 error.I have scanned with Malwarebytes, Spybot S&D , SuperAnti Spyware ( in real safe mode) - No DetectionHere is the dds log ,DDS (Ver_09-09-24.01) - NTFSx86 NETWORK Run by Administrator at 16:45:23.03 on Mon 09/28/2009Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_12Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.112 [GMT 5.5:30]AV: ZoneAlarm Security Suite Antivirus *On-access scanning disabled* (Outdated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}AV: AntiVir Desktop *On-access scanning enabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}FW: ZoneAlarm Security Suite Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\system32\svchost.exe -k netsvcsC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Avira\AntiVir Desktop�... Read more

Answer:Safe Mode Error, WinXpSp3 behaves like it is in safe mode even in normal mode

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Relevance 59.45%

A couple days ago my laptop, a 7 year old Compaq Presario X1030US, running WinXP, began restarting itself after about 1 to 2 minutes. It booted up normally and I could browse & check email as normal but after a couple minutes it would restart/reboot. Then I could browse & work for another 2 minutes. Restarted in Safe Mode and problem goes away (until I go back to regular mode). Here is my HJT log:Logfile created: 2/9/2011 14:34:05Ad-Aware version: 9.0.2Extended engine: 3Extended engine version: 3.1.2770User performing scan: Phillip*********************** Definitions database information ***********************Lavasoft definition file: 150.270Genotype definition file version: UnknownExtended engine definition file: 8364.0******************************** Scan results: *********************************Scan profile name: Smart Scan (ID: smart)Objects scanned: 29059Objects detected: 75Type Detected==========================Processes.......: 0Registry entries: 0Hostfile entries: 0Files...........: 0Folders.........: 0LSPs............: 0Cookies.........: 72Browser hijacks.: 0MRU objects.....: 0Uncategorized...: 3Removed items:Description: http://www.infospace.com/info/people.htm Family Name: Possible Browser Hijack attempt Engine: 1 Clean status: Success Item ID: 0 Family ID: 538Description: http://www.infospace.com/_1_4NH4UK702CMT5H4__info/wp/index.htm?ver=25809 Family Name: Possible Browser Hijack attempt Engine: 1 Clean s... Read more

Answer:Possible malware--continuous reboot--OK in Safe Mode

I started a thread at 7:44PM yesterday, for this problem, but I didn't include the requested files. I'm sorry about that. I reread the instructions and hopefully will include the correct files this time. You can look at that thread for extra, possibly helpful, info. Close it when you wish.I can log in and work/read email, etc, for a minute or two then sys. reboots/restarts. This started last week when I took the laptop (Compaq Presario running WinXP) with me on vacation. I can work forever in Safe Mode.Thanks,Phil
 ark.txt   959bytes
  5 downloadsDDS log:DDS (Ver_10-12-12.02) - NTFSx86 NETWORK Run by Phillip at 19:19:45.26 on Wed 02/09/2011Internet Explorer: 8.0.6001.18702Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1431 [GMT -10:00]AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Lavasoft\Ad-Aware\AAWService.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Lavasoft\Ad-Aware\AAWTray.exeC:\WINDOWS\system32\NOTEPAD.EXEC:\WINDOWS\system32\NOTEPAD.EXEC:\WINDOW... Read more

4 more replies
Relevance 59.45%

I have a dell laptop the is infected with the ukash malware.
Only boots up to a rcmp (police) screen saying that it needs me to pay to unlock the computer.
I am unable to boot into safe mode, needs password that I don't have, this is in the computer not caused by ukash.
I have removed the hard drive and have connected it to my desktop computer via a sata to usb connector.
My thought was to work on the hard drive from my desktop.
I am unable to access the drive, it says that it needs to format the drive.
 

More replies
Relevance 59.45%

Hello. I work at an office that has a computer that somehow got some malware on it called moneypac and it doesn't allow me to use my computer, go to task manager or any of the normal solutions. Usually I just mosey along to safe mode and fix up the computer with a malware remover like malwarebytes, but this new malware does not allow me to boot in safe mode. As soon as I log in the computer force reboots. I noticed another user on this forum had the same problem and the problem was helped using some logs from Farbar Recovery Scan Tool while booting to an OTLPE CD. In the interest of saving time I have already performed the a scan as well as a search for services.exe and I have those logs ready should they be required (this was before I read the forum guidelines). I would be very grateful if you informed me on how to proceed. Thank you.

Answer:Moneypac malware won't allow booting in safe mode

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer. 1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.2. The fixes are specific to your problem and should only be used for this issue on this machine.3. If you don't know or understand something, please don't hesitate to ask.4. Please DO NOT run any other tools or scans while I am helping you.5. It is important that you reply to this thread. Do not start a new topic.6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.7. Absence of symptoms does not mean that everything is clear.If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line. *************************************************************************Please post those logs and tell me how you performed the scans.

8 more replies
Relevance 59.45%

Hi there,

I've had my attention drawn to my sister in laws computer that appears to be causing major problems. it won't open IE or FF but will run Chrome. when trying to place the computer into safe mode the power cuts and it reverts back to booting up. this happens at all versions of safe mode.

I've run an avast boot scan and found several files infected with Win32:rootkit-gen. I've also run malware antibytes with no luck. i'm out of ideas :S


DDS (Ver_2011-07-14.01) - NTFS_x86
Internet Explorer: 7.0.5730.13
Run by Kathrin Wallace at 20:24:21 on 2011-07-17
Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.2039.1212 [GMT 1:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ================
.
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe
C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImage\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenge... Read more

Answer:Unknown Malware preventing safe mode?

Hello and welcome to TSF Virus & Malware support. My name is Taylor and I'll be helping you with your fix.

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem as soon as possible.

You may wish to subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Please be patient with me during this time.

9 more replies
Relevance 59.45%

Referred from here: http://www.bleepingcomputer.com/forums/t/275732/help-removing-proquotaexe-from-system-tray/ ~ OBGood Afternoon BC,I have just recently starting getting this issue where I can't update any programs that require internet access to reach their servers. Some programs I've tried are Malwarebytes, SuperAnti Spyware, Windows Defender and even games like World of Warcraft for any patches, etc. The last thing I did prior to this was tried cleaning some junk files using ATF Cleaner but I can't say for sure that's the reason this issue has appeared. I followed the steps shown in the Prep Guide and as requested I am providing you with the scannings log I took today. Appreciate any time you take to look into my situation. Many Thanks!DDS (Ver_09-12-01.01) - NTFSx86 Run by PC at 11:28:30.37 on Tue 12/15/2009Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_17Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2413 [GMT -5:00]============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\WINDOWS\System32\svchost.exe -k HTTPFilterC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\IoctlSvc.exeC:\Program Files\Windows Defender\MSASCui.exeC:\WINDOWS\... Read more

Answer:Can only update in Safe Mode...is this a virus? malware?

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Relevance 59.45%

I get BSOD when I attempt to boot into safe mode, but can boot into normal mode win xp. Stop code 0x0000000A (0xF799A354,0x000000FF,0x00000001,0x804E2E51). It always hangs up at drivers/mup.sys. I have not installed any new hardware or software other than suggested malware detectors and cleaners, along with new version of McAfee (which I uninstalled a couple of days ago) and Web Root Security Complete which I am running now.

I cleaned up various malware infections a couple of months ago which involved using safebootkey to access safe boot. Computer seemed to be normal then except was unable to boot into safe mode after cleanup. I then suffered another infection a couple of weeks ago which I cleaned up with MBAM but still unable to boot safe mode. A BC adviser had me send various logs and did some further cleaning with ComboFix and scripts, then declared me clean and suggested I post in Windows forum for help with safe boot problem (http://www.bleepingcomputer.com/forums/topic356014.html/page__pid__2000208#entry2000208).

I have used chkdsk and found no errors on boot disk. I am afraid to use MSCONFIG to force boot in safe mode for fear I will not be able to boot normally.

Any suggestions?

Answer:Can't boot safe mode after cleaning up malware

Where did you get malware removal assistance?

more replies
Relevance 59.45%

Alright,
So I booted up into safe mode and it did take a bit. But once I got it running, I couldnt run any scanning/removal tools. I have one of this " Must scan your computer, its infected " malware thingys. Its icon is the windows shield, ya know to make it look legit haha.

ANyways, I thought in safemode you could scan and open tools. Did they find a way to not allow that now? I cannot open and scan, When I open it, it just closes automatically.

Any idea on what to do or where to start?
 

Answer:Question on malware removal in safe mode...

I was doing more reading online and someone said to use norton power eraser.. Doubt it will work, but Im going to see if I can get that to scan.
 

6 more replies
Relevance 59.45%

i was previously working with BOOPME in another forum in trying to clear up an infected PC. The post is called (AntiSpy2011Setup(4).exe - TR/Vilsel.badd and Java/Exdoer.BJ). I followed all of the steps i was asked to do but it seems to have only made the situation worse. Initially I could boot up the computer and run the internet but any attempt at running AV software failed. The virus would block any attempts to update my AV apps and if i attempted to run the AVs the virus would terminate the scan and power down my laptop. That was 2 days ago. Right now i'm at a point where I can only boot up in safe mode. If i try to boot in normal mode i get a black screen and a little scroll bar at the bottom the page. My O/S is Vista SP2. I can access the internet. I was asked to run Old timer and post the logs here.********here is OTL**************OTL logfile created on: 5/11/2011 11:08:33 PM - Run 1OTL by OldTimer - Version 3.2.22.3 Folder = G:\64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstationInternet Explorer (Version = 7.0.6002.18005)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 82.00% Memory free8.00 Gb Paging File | 7.00 Gb Available in Paging File | 93.00% Paging File freePaging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C: ... Read more

Answer:malware only allowing boot up in safe mode

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Please take note:If you have since resolved the original problem you were having, we would appreciate you letting us know. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
If you are unsure about any of these characteristics just post what you can and we will guide you.Please tell us if you have your original Windows CD/DVD available.If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply'... Read more

2 more replies
Relevance 59.45%

About 2 months ago I switched my laptop from Vista to XP and went to update my display drivers today from what turned out to be an untrustworthy site and was just overrun with malware. Never dealt with anything this over the top. I have symantec endpoint that has caught and supposedly removed several viruses. I have run spybot, superantispyware, malwarebytes anti-spyware all several times and they all supposedly remove everything everytime, but I will immediately scan after the last scan completes and the same viruses pop up.

I've tried launching in safe mode to try an wipe them out that way, but it won't let me. It just reboots when it should be loading. I've tried last known good configuration to no avail. Similar to when i try to run in safe mode. Any help or ideas at this point would be greatly appreciated. It's a personal laptop, but I use it for work and have a lot of info on here I really can't afford to lose at this point...so please, help!

More replies
Relevance 59.45%

I have been dealing with what i think is a Malware issue.  I have not been allowed to get into the Windows 7 most of the time.  It has taken me through Startup Repair and i had no luck with it.  Once on the windows, i try to click on anything, it just spins. 
 
Can someone help?
 
I have run Farbar Recovery Scan software and got the following:
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-01-2014
Ran by SYSTEM on MININT-JG79J06 on 03-01-2014 18:44:12
Running from G:\
WIN_7 (X64) OS Language: English(US)
Boot Mode: Recovery
Attention: Could not load system hive.
Attention: System hive is missing.
==================== Registry (Whitelisted) ==================
ATTENTION: Software hive is missing.
ATTENTION: Software hive is not loaded.
HKLM\...\Winlogon: [Userinit]
HKLM-x32\...\Winlogon: [Userinit]  [x]
HKLM\...\Winlogon: [Shell]  [ ] () <=== ATTENTION
HKLM-x32\...\Winlogon: [Shell]  [ ] () <=== ATTENTION
HKLM\...\InprocServer32: [Default-wbemess]  ATTENTION! ====> ZeroAccess?
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox]  ATTENTION! ====> ZeroAccess?
==================== Services (Whitelisted) =================
==================== Drivers (Whitelisted) ====================
========================== Drivers MD5 =======================
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
=========... Read more

Answer:Boot Loop, no safe mode - Malware or something

Did i not do this correctly?

45 more replies
Relevance 59.45%

Hi guys, I'm a long time lurker, first time poster. I've found the forums to be extremely informative here for a very long time and I appreciate everything you guys do.

Neither windows nor safe mode load up after a severe malware infection on a Windows XP SP3 pc.

Unfortunately, I am unable to run any apps in the "Read this first" thread because of this issue.

This occurred on my friend's computer and she asked me to fix it for her; usually I'm good with this, but this issue has me stumped.

- She was browsing a website (she doesn't remember which) when she suddenly got pop-ups and program installation notifications; the classic sign of a malware infection. Unfortunately, she either clicked "OK" on these pop-ups or clicked the X icons in them.
- She was notified that one or maybe two "Anti Virus" programs had been installed in her computer. She went into Add/Remove Programs and uninstalled these two new entries.
- When she rebooted her computer, she got a Windows Stop Error/BSOD just after the normal Windows XP loading screen.
- When she tried to log into "Last known settings that worked" or "Safe mode", these give her BSODs as well.

Here are the Stop Errors:

When trying to log onto Windows XP normally and "Last known good configuration":
(Windows XP screen and loading bar show for a few seconds, and then...)

Quote:




A problem has been detected and windows has been shut do... Read more

Answer:No safe mode or windows after malware infection

Bumping for reply.

Additional/revised details;

- The infection started while she was browsing Encyclopedia Dramatica.
- While the infection was saturating her desktop with pop-up windows, her desktop became a red screen (all desktop icons were gone), her taskbar was still present but the infection presented itself as a new icon on the taskbar (a red shield).
- During this process, she attempted to run a legitimate anti-malware program (probably Malware Bytes' Anti-Malware) which detected several infected entries.
- The malware pop-ups were covering her entire screen so she was forced to click into one of the windows to try to move it which asked her to reboot her system.....the rest is history. :(

After that point, she's been unable to access her desktop or safe mode and the Stop Errors are as detailed above.

She needs access to her computer ASAP so the sooner we can get it basic shape the better...

1 more replies
Relevance 59.45%

Hello my name is Austin,
 
As many other posters this past month, my father recently got infected with the Antivirus Security Pro Malware. I built this computer 8 months ago for my father, so I'm almost responsible for anything wrong with it. I'm a novice at most programming lingo, but I am really good at following processes, as it's what I do for a living. I WILL be donating to the person helping, my father needs his computer to do work this weekend. So before we start this process, I want to say "Thank You" in advance.
 
Any way, I tried doing the bleepingcomputer.com solution for the malware, but I have not been able to enter safe mode (shuts down soon after log in).
 
I read a post today on the first step of run the frst.exe file in the infected computer. Please let me know if you prefer for me to paste the report results within my post or attach the file. Here are the text results:
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by SYSTEM on MININT-IPBE6V6 on 18-10-2013 17:10:41
Running from H:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery
 
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [MSC] - "C:\Program Files\Microsoft Security Client\msse... Read more

Answer:Antivirus Security Pro Malware - No Safe Mode

Justsalsa,
 
 
to BC Forums!!
 
Thanks for the FRST report. I am presuming it was run from a USB pen drive.
 
Let's see if the following works for you to remove the Antivirus Security Pro Malware ...

  Please open Notepad (Start > All Programs > Accessories > Notepad)
Copy the entire contents of the code box below
Save it to the USB pen drive, and name it: fixlist.txt
 
start
HKLM\...\Run: [MSC] - "C:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey
HKLM-x32\...\Run: [] - [x]
S2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{c2c37fed-cd7d-2662-80ff-1651ebb34c7f}\   \...\???\{c2c37fed-cd7d-2662-80ff-1651ebb34c7f}\GoogleUpdate.exe"
C:\Users\RichardRice\AppData\Local\Google\Desktop\Install
C:\Program Files (x86)\Google\Desktop\Install
C:\ProgramData\pvqdkqkjvbllroblbxh.reg
end

Once again, run FRST64 as you did before.
When the tool opens click Yes to disclaimer.
Now, press the Fix button, just once, and wait.
 
When done, FRST produces Fixlog.txt on the USB pen drive.
 
>> Please provide the Fixlog.txt on your reply.
 
 
  If (which I doubt) the computer is still under the 'spell' of the Antivirus Security Pro Malware, look for its shortcut on your Desktop .
Next, go to Control Panel > Folder Options
Click the View tab
Select/check: Show hidden files, folders and drives
Click: Apply > OK
 
Right click on the Antivirus Security Pro icon on... Read more

3 more replies
Relevance 59.45%

My Windows XP laptop seems to be infected with malware and a possible rootkit at this point.First noticed the issue when the machine wouldn't boot up to the login screen.Went to safe mode and ran AVG. Didn't find anything. Ran superantispyware, and was able to update it(unlike avg which doesn't update from safe mode) but it found nil as well.Booted to safe mode with networking and noticed trying to go to google brought up 'kevinsmoneytree'. (frack you kevin)ok, sufficiently freaked out at this point. Manually cut off networking by switching off the wifi hardware button.Ran task manager but didn't see anything weird. I'm worried about my data now so I pull out the external hard drive.Windows backup doesn't work in safe mode. OK, so I manually start copying stuff to the external drive. I notice a folderI haven't seen before. c:\windows\pchealth . Explorer doesn't show much in it but I'm not trusting explorer at this point.I run cmd and drill down into a few of the pchealth folders and there are tons and tons of files in there (xml files). It's got a binaries folder with a dll in it. I finish copying critical files and unplug the external drive. I try to delete the pchealth folder but I cannot,something has the dll loaded. I run process explorer and search for the dll, pchsvc.dll. I find it running in a services.exe process. I kill that process, computer bluescreens. Cr*p. I boot from a XP CD into sys... Read more

Answer:PC Health malware or ? can only boot to safe mode

bump

1 more replies
Relevance 59.45%

I am running XP-sp2.

I can't boot to normal mode. BSOD, message eds with:

*** STOP: 0x0000008E (0xc0000005, oxE1917B95, 0xBACEF350, 0x00000000)

When booted to safe mode there is a system try pop-up with various messages and larg poos with sypware warnngs, all directed to window-privacy-protection.com

I have tried spybot search and destroy several times and smitfraud fix several time. Same problem.

Any assistance will be appreciated.

Answer:Can Only Boot To Safe Mode - Malware Problem

Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on Download_mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen, click on the Show Results button t... Read more

5 more replies
Relevance 59.45%

As stated above, I'm a novice. The laptop in question is an older Gateway running Vista that my daughter uses for homeschool. The malware (rootkit??) would not go away with malwarebytes, and since detecting and "Fixing" it with AVG, the cursor is locked and I do not know where to go from here. Thank you so much for your assistance, and again, I apologize if I am not describing this well.

(I was unable to run the OTL or aswMBR, as I cannot get into her laptop.)
 

Answer:Malware - Cursor Frozen (even in Safe Mode)

I should have been clearer on this. I can get into safe mode by f8, but once I get into safe mode the cursor is still frozen.
 

4 more replies
Relevance 59.45%

A few days ago, began experiencing slow ie explorer 7 issues-screen grayed out, links wouldn't work, etc. Ran usual anti-virus programs: eset, etc. Some showed no problem, others wouldn't finish running. I could not reboot in safe mode.  Can you help me? 

Answer:Virus/Malware-Won't boot in safe mode

Please download TDSSKiller from here and save it to your DesktopDoubleclick on TDSSKiller.exe to run the application, then click on Change parameters


Check Loaded Modules  and Detect TDLFS file system.  Do not check Verify file digital signatures (even though it is checked in the example)If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now


Click Start Scan and allow the scan process to run

If threats are detected select Skip for all of them unless I instruct you otherwiseClick Continue


Click Reboot computerPlease post the contents of  TDSSKiller.[Version]_[Date]_[Time]_log.txt found in your root directory (typically c:\)in your reply===================================================aswMBR--------------------Download aswMBR and save it to your desktop.
Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily. They will interfere and may cause unexpected results.If you need help to disable your protection programs see here and here.Double click the aswMBR.exe file to run it. Please allow when you are asked to download AVAST antivirus engine defs.Wait until the AV update is done, then click on the Scan button to start. The program will launch a scan.

When done, you will see Scan finished successfully. Please click on Save log and save the file to your desktop.

Please post the contents of the log in your next reply.NOTE:  aswMBR will create M... Read more

45 more replies
Relevance 59.45%

I have a driver in my system32 folder core.sys that my virus protection is telling me is malware. However, I cannot delete in normal mode because it is being used by a background program. I also cannot enter safe mode and read that the malware may be preventing the boot into safe mode. What do I do?
 

Answer:Malware infected. Safe Mode does not work.

Welcome to Majorgeeks!

Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.
Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
Make sure you check version numbers and get all updates.
Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:
Downloading, Installing, and Running HijackThis​Make sure you also rename HijackThis.exe as suggested in the procedures. Use analyse.exe for the new name. This is very important due to some new infections going around.​
When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too:
CounterSpy
AVG Antispyware log - ONLY IF NEEDED you were not able to run CounterSpy
Bitdefender - from step 6
Panda Scan - from step 6
runkeys.txt - the log from GetRunKey.bat
newfiles.txt - the log from ShowNew.bat
HijackThis

NOTE: You can only attach 3 files in a single message so it will require that you use two messages to attach ... Read more

13 more replies
Relevance 59.45%

I get BSOD when I attempt to boot into safe mode, but can boot into normal mode win xp. Stop code 0x0000000A

DDS (Ver_10-10-21.02) - FAT32x86
Run by John Stacer at 13:54:51.26 on Sun 10/24/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1279.769 [GMT -5:00]

AV: McAfee Anti-Virus and Anti-Spyware *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

D:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
D:\WINDOWS\System32\svchost.exe -k netsvcs
D:\Program Files\Ahead\InCD\InCDsrv.exe
D:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
SVCHOST.EXE
SVCHOST.EXE
D:\WINDOWS\system32\spoolsv.exe
SVCHOST.EXE
D:\WINDOWS\Explorer.EXE
D:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\WINDOWS\system32\cisvc.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\WINDOWS\system32\LxrJD31s.exe
D:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\WINDOWS\system32\mfevtps.exe
D:\WINDOWS\sy... Read more

Answer:Can't boot in safe mode after removing malware

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:

msconfig
safebootminimal
activex
drivers32
netsvcs
%SYSTEMDRIVE%\*.exe
/m... Read more

28 more replies
Relevance 59.45%

Hi, I was told that I should run my anti spyware etc.. in safe mode as it will be more effective. I tried with spybot and it found nothing new, so I was just wondering if I should use safe mode regularly, or only use it for stubborn malware as I see threads recommending it for specific problems.

I would be grateful for any advice

cheers.
 

Answer:Solved: malware removal in safe mode

7 more replies
Relevance 59.45%

Hi guys, Not sure what happened here but basically all of a sudden i cannot run any spyware tools, i assumed this was some form of malware and tried to boot into safe mode, but this freezes while loading and wont continue. In addition i cannot install any other programs including Spybot S&D. There are also random issues when browsing, i am re-routed to various random sites when using search engines. For example everytime i click any link on Google i wind up somewhere totally different.I stupidly was running with no firewall or antivirus for a short period after a fresh XP install, hence this happening (doh!).Any advice for me?I can post a Hijack This log if it would help. ThanksEdit: Moved topic from XP to the more appropriate forum. ~ Animal

Answer:Cannot run safe mode or any spyware tools - Malware?

Hello,due to the issue with safe mode it is probably best to post the HJT log. go here HijackThis Logs and Virus/Trojan/Spyware/Malware Removal ,click New Topic,give it a relevant Title Gnd post that complete log.Let me know if it went OK.

2 more replies
Relevance 59.45%

Is it better to scan for virus, malware ect by scanning in safe mode?

Answer:Virus malware scanning safe mode

Yes.

2 more replies
Relevance 59.45%

Hi

is it better to run programs like SUPERAntiSpyware/SpyBot/Malwarebytes in safe mode ? e.g: will they catch more "bad guys" if I run them in safe mode ?

it doesn't say that here, or did I miss it ?

same question about anti virus programs - should I try to run scans in safe mode ?


thanks
Linda
 

Answer:runing spyware/malware in safe mode?

No...you should try to run them all in normal mode.....we only tell you to run them in safe mode if you can not do them in normal mode.
 

1 more replies
Relevance 59.45%

Hey I have been reading these forums for a long time now and i usually find solutions but just recently i got the most stubborn/debilitating virus ever. I decided to post a thread cuse u guys are my last hope before I reformat!

I read the entire malware removal guide and unfortunately I ran into problems straight out of the gate. A bit of background on this virus... Basically I can't login to normal mode because the screen stays black with a white cursor and doesn't load. However, occasionally the desktop loads but when i try to execute anything the computer get extremely slow and freezes. I run fine in safe mode but I also have an issue with Tune Up 2012 which prevents me from doing things here and there even in safe mode. I ran a Kaspersky rescue disk and it said the virus was manifested from the Java folders but couldn't be deleted so I deleted Java manually and it didn't fix anything. Now my computer is shot beyond belief. Here are my issues with the malware guide...

1. I am running in safe mode which doesn't let me download java which I deleted like an idiot because I thought the virus was there. Since I don't have Java I couldn't download Hitman from the mirror.

2. Also Rogue Killer doesn't work because it can't find my C: drive and when i scan it literally takes 2 seconds and comes up with a bs log.

I also can't attach this log because apparently vBulletin needs Java?.. so i can't click any of the forum... Read more

Answer:Crazy Trojan/Malware or what not... only run on safe mode

Welcome to MajorGeeks, coolm200

Just wanted to clarify a few things as it may confuse other readers:
None of the tools we ask you to scan with require Java. Also we request that you uninstall old versions of Java anyway as they are exploited often. If you must use Java, make sure you are running the very latest version obtained from here.

__

Your problems do not sound malware related and typically something from Java cache folders alone wouldn't be preventing you from logging in normally.

Let me know exactly what happens when you try to run MGtools from either Safe Mode or Normal Mode. Refer to this guide: Using MGtools
 

22 more replies
Relevance 59.45%

Hi. I just found out that I can?t boot the computer in safe mode. Pressing F8 won?t do anything, it just keeps running in Normal Mode. Windows itself seems to be running fine. I?ve already uninstalled Nero InCD as I read it might have interfered with the booting process. It didnt work. I have Norton Internet Security, Lavasoft Software, Unhackme, running and they don?t detect anything. I was hoping anyone could help me "decoding" this Hijackthis log, before I try anything harsher, such as reinstalling windows. Please help me on this one, if you see why I can?t enter Safe Mode andhow to repair it, let me know. Thanx in advance PauloLogfile of Trend Micro HijackThis v2.0.2Scan saved at 19:01:01, on 18-07-2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\SYSTEM32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Programas\Ficheiros comuns\Symantec Shared\ccProxy.exeC:\Programas\Ficheiros comuns\Symantec Shared\ccSetMgr.exeC:\Programas\Norton Internet Security\ISSVC.exeC:\Programas\Ficheiros comuns\Symantec Shared ... Read more

Answer:Cannot Enter Safe Mode, Suspicion Of Malware.can You Please Help?

Hello HellsBells81We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. We aim to provide the valuable service known to come from BC to every member we can, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay. Please download Deckard's System Scanner (DSS) and save to your Desktop.alternate download siteDSS will do the following:Create a new System Restore point in Windows XP and Vista.Clean your Temporary Files, Downloaded Program Files, Internet Cache Files, and empty the Recycle Bin on all drives.Check some important areas of your system and produce a report for an analyst to review.Automatically run HijackThis. It will also install and place a shortcut to HijackThis on your desktop if you do not already have it installed. So if HijackThis is not installed and DSS prompts you to download it, please answer yes.You must be logged onto an account with administrator privilege... Read more

3 more replies
Relevance 59.45%

HI,

I can't restart in safe mode. I know that I have malware/spyware. It appears as 3 icons on my desktop Error Cleaner, Privacy Protector and Spyware Protection - all with the url /shandler.php?id=502&aid=138&pn=5&sand=0&sg=2.

Does anyone know what files I must specfically look for in the registry to remove this trojan?

Thanks in advance.

Answer:Malware, Spyware - Can't Restart In Safe Mode

Some types of malware can delete or alter the safeboot key in the registry resulting in the inability to reboot into safe mode.Go to Start ? Run and type: regeditClick OK.On the left side, click to highlight My Computer at the top.Go up to File ? Export Make sure in that window there is a tick next to "All" under Export Branch.
Leave the "Save As Type" as "Registration Files".
Under "Filename" put RegBackup.Choose to save it to C:\Click save and then go to File ? Exit.Download SafeBootKeyRepair.exe by sUBs and save to your desktop.Double-click on it and follow the instructions.When finished, reboot and see if you can access safe mode.Then, if your using Win XP or 2000, do this:Please print out and follow the generic instructions for using "SmitfraudFix". Make sure you scroll down to Clean and perform the steps where you reboot in "Safe Mode" and run option #2.-- If you have downloaded SmitfraudFix previously, please delete that version and download it again as the tool is frequently updated!-- If the tool fails to launch from the Desktop, please move smitfraudFix.exe to the root of the system drive (usually C:\), and run it from there.If you still cannot use safe mode, then run the tool in normal mode.Please download RogueRemover and save to you Desktop. (compatible with Windows 2000, NT, XP, Vista)Double-click on rr-free-setup.exe to install in C:\Program Files\RogueRemover and follow the pro... Read more

7 more replies
Relevance 59.45%

My parents have the OpenCloud Malware on their computer:
http://www.bleepingcomputer.com/virus-removal/remove-opencloud-security

However, when they try to load into Safe Mode they get a BSOD.

I've found a few threads of other people getting BSODs when trying to load into Safe Mode with the OpenCloud Malware.

Any tips for getting past the BSOD to run the linked instructions?

Answer:BSOD on Safe Mode - OpenCloud Malware

Hello,Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.Orange Blossom

22 more replies
Relevance 59.45%

The following file was loaded while in safe mode, because the viruses I have do not allow notepad to open, presumably for this reason exactly. I could only get this information from hijackthis while in safe mode, and then they wouldn't let me on this website either (404 error), so I am on another computer right now so that I can access this website. Most websites related to tech support and anti-spyware software are blocked right now. Because its in safe mode, all of the information may not be there, but any suggestions are GREATLY appreciated.

Download the original attachment
Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 1:52:15 AM, on 5/20/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Safe mode


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\xwusuhzh.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...suk&channel=us

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Pa... Read more

Answer:Tons of malware, log booted in safe mode

Hello facepalm.jpg and welcome,

Considering the issues you stated, and the fact it has been a week since you first posted, please let me know if you still require assistance.

1 more replies
Relevance 59.45%

I noticed b.exe some time ago would give me these random pop ups with audio. I would just sendthe process putting off a malwarebytes run until I "had time". Finally a few days ago, my entire computer shut down. Program by program. I have not been able to boot into Normal mode since. When I try, I get the black screen. I can boot into safe mode but not with networking as I cannot connect online. I am using another computer to download the things I need to a zip drive and implementing them to the affected computer.

I am a graphic designer and I absolutely must get rid of this virus as it is tremendously slowing down my productivity.

I have read a lot of posts but as instructed by the help forum, I didn't want to take any of the advice given to a specific person.

I have run the dds and have my two logs. I couldn't however run the gmer, it is just unresponsive on my computer as is the ability to run malwarebytes or anything that appears to try to fix the problem.

ANY help is greatly appreciated.

Answer:Malware (b.exe)- Can't Run Malwarebytes - Can only boot in Safe Mode

hi and welcome to TSF your first stop should be our security forum where a trained analyst can take you through the removal of your virus http://www.techsupportforum.com/f50/...lp-305963.html

4 more replies
Relevance 59.45%

Didn't find bad drivers preventing safe boot so I'm back here hoping to find cause. Below is link to thread in XP forum:

http://www.bleepingcomputer.com/forums/topic359879.html/page__st__60__gopid__2082635#entry2082635

NTBTlog is last entry in that thread.

Answer:More can't boot safe mode after malware cleanup

For reference, previous topics, same issue faced by jstacer:Posted 11 September 2010 - 10:38 AM .... boopmehttp://www.bleepingcomputer.com/forums/topic346542.htmlPosted 19 October 2010 - 04:06 AM ...... boopme & Didier Stevenshttp://www.bleepingcomputer.com/forums/topic354506.htmlPosted 25 October 2010 - 06:18 AM .... myrti http://www.bleepingcomputer.com/forums/topic356014.htmlCan't boot safe mode after cleaning up malwarePosted 12 November 2010 - 05:18 AM ... in XP forum ... cryptodan & AustrAlienhttp://www.bleepingcomputer.com/forums/topic359879.html***************************Please do the following: Empty your temp folders using TFC (Temporary File Cleaner) in Safe ModePlease download TFC by Old Timer and save it to your desktop.
alternate download linkRun TFC:
Save any unsaved work. (TFC will close ALL open programs including your browser!)Double-click on TFC.exe to run it. (If you are using Vista, right-click on the file and choose "Run As Administrator".)Click the Start button to begin the cleaning process and let it run uninterrupted to completion.Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway allowing Windows to load normally to ensure a complete clean. Scan with SUPERAntiSpyware <<< I am assuming that SAS is still installed on your machineOpen SAS and update the definitions before scanning by selecting "Check for Updates".
(If you encounter any ... Read more

9 more replies
Relevance 59.45%

Hi. I just found out that I can?t boot the computer in safe mode. Pressing F8 won?t do anything, it just keeps running in Normal Mode. Windows itself seems to be running fine. I was hoping anyone could help me "decoding" this Hijackthis log, before I try anything harsher, such as reinstalling windows. Please help me on this one, if you see why I can?t enter Safe Mode andhow to repair it, let me know. Thanks, NikmarkLogfile of Trend Micro HijackThis v2.0.2Scan saved at 8:26:37 PM, on 10/26/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16735)Boot mode: NormalRunning processes:D:\WINDOWS\System32\smss.exeD:\WINDOWS\system32\winlogon.exeD:\WINDOWS\system32\services.exeD:\WINDOWS\system32\lsass.exeD:\WINDOWS\system32\svchost.exeD:\WINDOWS\System32\svchost.exeD:\WINDOWS\system32\svchost.exeD:\WINDOWS\system32\spoolsv.exeD:\WINDOWS\Explorer.EXED:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeD:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exeD:\PROGRA~1\AVG\AVG8\avgwdsvc.exeD:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exeD:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exeD:\WINDOWS\system32\nvsvc32.exeD:\PRO... Read more

Answer:Cannot Enter Safe Mode, Suspicion Of Malware

Hello Nikmark and welcome to BC My name is SNOWHITE and I will be helping you with your Malware problem. Sorry for the late reply, but as you can see we handle more than our fair share of logs. If you still have problems please follow these steps :Download random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)Download gmer.zip and save to your desktop.alternate download site 1alternate download site 2Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.When you have done this, disconnect from the Internet and close all running programs.
There is a small chance this application may crash your computer so save any work you have open.Double-click on Gmer.exe to start the program.Allow the gmer.sys driver to load if asked.If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.Click on "Settings", then check the first five settings:
*System Protection and Tracing
*Processes
*Save created processes to the log
*Drivers
*Save loaded drivers to the logYou will be prompted to restart your computer. Please do so.Run Gmer again and click on the Rootkit tab.Look at the right hand side (... Read more

11 more replies
Relevance 59.45%

Computer is running very very slow, but will boot and run. so slow i can't run malware cleaner. 5-10 minutes to open program.

I tried to boot in safe mode, but after I select safe, it just boot to normal.

how can I get into safe to try and run malware cleaners.

any other suggestions.

Thanks,
 

Answer:Computer too slow to run malware, no safe mode

Welcome to Major Geeks!





paterson said:





5-10 minutes to open program.Click to expand...

Then you will just have to wait. We don't even know if you are having malware problems and will not know until you run our cleaning procedure.

Please read ALL of this message including the notes before doing anything.

Please follow the instructions in the below link:

READ & RUN ME FIRST. Malware Removal Guide
and attach the requested logs when you finish these instructions.

**** If something does not run, write down the info to explain to us later but keep on going. ****
Do not assume that because one step does not work that they all will not. MGtools will frequently run even when all other tools will not.
After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!
Helpful Notes:
If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:

Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware and Malwarebytes ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to ... Read more

3 more replies
Relevance 59.45%

After downloading a program, AVG reported that it blocked an attempted attack and deleted the file. However, I started getting more AVG alerts. I ran Malwarebytes, but it crashed halfway (blue screen of death). When it restarted, I got to just before the login screen and it stopped with only the mouse on the screen. I rebooted into safe mode, and it worked, and ran Malwarebytes and Spybot, both of which removed multiple "threats". I also removed Windows Antivirus 2009 files and registry entries, but I still get browser redirects on Firefox. When I ran AVG, it froze my computer halfway through scanning an iTunes localization file. I ran Malwarebytes and it also froze halfway, though I don't know which file it got stuck on. Sybot, however, found nothing else. I still cannot boot normally, even if I only use services and programs used in safe mode through msconfig. I ran rootrepeal but it also gave me a blue screen, right after clicking "Scan". I ran HijackThis but I don't know if anything will show up because I can only run it in safe mode.

Answer:Unknown malware, only starts in safe mode

Hello fetchcomms,Sorry about the delay. If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.Thanks,tea

3 more replies
Relevance 59.45%

Hi:

Thanks for any help you can be.

My friend's pc is a Dell Inspiron 1525 laptop with the 'blue screen of death'. It won't let her in to Safe Mode - I said I'll print-off directives, if you could please help her get into Command Prompts, with instructions, from there.

She's a student, needs her pc but doesn't have the budget to have it re-formatted.

You're a great group of people and I'm sure glad you're here.

We aren't techy, but I've followed your anti-malware before and it worked for my son.

Many thanks.

Ann G.
 

Answer:Malware-No access to Safe Mode - Dell pc

Our procedures do not need to be run in safe boot mode. Just follow them as written. Safe Boot is only used when normal boot mode does not work. If your only problem is getting BSOD when trying to boot in safe mode, you may have to post in the Software Forum. However you can first check for malware with the below.


Please follow the instructions in the below link and attach the requested logs when you finish these instructions.
READ & RUN ME FIRST. Malware Removal Guide

If something does not run, write down the info to explain to us later but keep on going.

Do not assume that because one step does not work that they all will not.
Notes:
If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode. You can run steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:

Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools on another PC and burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.

 

1 more replies
Relevance 58.63%

How can I tell if I have malware problems or hardware failure?
I am in safe mode now and cannot remove any malware because the computer will reboot over and over.
I have swapped out my simms cards thinking one is bad, but computer still reboots.
Any help would be great.
Jaypegg
 

Answer:Cannot remove malware in safe mode, computer reboots.

I have moved your thread to the software forum as you will need to be able to get your system to boot to a stable state before we can do any malware cleaning. Once you can do so, you can start a new thread in the malware forum after doing the READ & RUN ME FIRST. Malware Removal Guide
 

1 more replies
Relevance 58.63%

My wife's computer had a Trojan and other things that were messing it up. I thought I got them out but they seem to be back, or she got new ones that are similar. First one seemed to be from a program called "Protection Systems" that may have come from "My Web Search", which may have come with "Gamevance32". Protection Systems was trying to convince us we had many viruses and we should download their program (and pay to activate it) to clean these up. It used windows that looked remarkably like real Windows, but there was no mention of Microsoft or any copyright info at all. It also kept saying I had no AV software. Well, I used my Norton and Comcast Anti-Spyware, that I didn't have, to remove them. My Web Search was automatically blocking any attempt to change my default web search engine. Gamevance32 was making over 900K changes in my computer on each Startup (according to my Norton History). Something also disabled the Task Manager via Administrator, and also has disabled the Safe Mode Startup.
Things were good for several days, but last night a new set started. A program called "Personal Anti-Virus" also trying to get us to buy it so it could clean out stuff it said we had. It had installed itself in the C:/Programs/ directory without Windows knowing about it. And added itself to the Startup list in MSCONFIG. I disabled the Startup and rebooted. Then I was able to delete the program. However, my Norton keeps tell... Read more

Answer:Malware disabled Task Manager, Safe Mode, and wants us to buy AV!

This computer is now infected with Police Pro and nothing is allowed to work. None of the applications in the computer work except Police Pro, Internet Explorer, and Flock. All anti-virus, anti-spyware, downloaded fix programs (FindyKill) are blocked and will not run. Neither will the Run First stuff. No Regedit, no Msconfig, no Task Manager, no Safe Mode, etc.... So where can I go from here? I can download anything, but as soon as I click "Run", it is blocked. A window pops up from the toolbar saying this file is infected and cannot run. I am sending this from my computer. These seem to be popping up every three days.
 

27 more replies
Relevance 58.63%

Yesterday I was on Facebook and my internet connection suddenly went out. I could not connect and when I restarted my Zone Alarm would not start and Microsoft Security Essentials were turned off. Suspecting a virus I ran MBAM but it found nothing. I ran Rogue Killer and it found something and I foolishly deleted it as it told me to. However I am now able to connect to the internet but only in safe mode with networking. In normal mode the internet connects but only for a short while (after the computer is done booting all the programs I'm assuming). I ran Rogue before it found:

Registry Entries: 1
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND

After the "fix" it was no longer there. But now RogueKiller will no longer complete a scan. It stays stuck on Searching Updated Registrys or something.

I did everything from here: http://forums.majorgeeks.com/showthread.php?t=139681 and am attaching the logs for those and RogueKiller before I did the "fix".

Please help if you can. Thanks
 

Answer:Malware removed? Can only connect to internet in Safe Mode

Re run Hitman and have it delete Potential Unwanted Programs.

Also... Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Attach JRT.txt to your next message.

And...
Run this and attach the results.

Using ESET's Online Scanner

Can you now connect in normal mode?
 

10 more replies
Relevance 58.63%

I was recently called to help a friend with a spyware attack. The visible threat was a version of the Internet Security Suite 2010.

Safe-Mode was disabled, taskmanager was disabled, the installed AV/Firewal/Spyware product was "running" but had obviously been compromised (Trend Micro Internet Security Suite).

MBAM was having trouble getting installed, even after re-naming the file (I see now that your 'site has added an "mbam.exe" download). I had previously found a link to your ComboFix app, and had downloaded it (I see now that you guys have added a lot of warnings about using it). I ran ComboFix and it worked superbly (Thanks!). And I will be getting MBAM running on it to double-check the cleaning process, as ComboFix reported rootkit issues.

Upon returning to your site I now see all the warnings about using ComboFix. I'll certainly be a lot more circumspect about using it in the future. But after all that I have a few questions.

1. What issues are you seeing as a result of ComboFix being run on Windows XP systems?
2. Is Vista more tempermental than XP for a ComboFix attempt?
3. If the threat worked-around the installed Trend Micro Internet Security Suite in the first place, is that software any good now, post-infection? Or does it have to be replaced/re-installed to have any chance of being effective again?
4. Are you seeing any problems with AVG 9.0 / ZoneAlarm/ Ad-Aware/ MBAM (free)?
5. Do you recommend doubling/tripling-... Read more

Answer:Malware suite disables safe-mode & MBAM

Forgot to ask: Are you seeing any issues with using USB drives to install the fix-it tools? Can the USB drive be compromised itself?

I used to burn CD's of the tools, figuring it was a safe method to use to install the tools, but with the updates coming so fast, I was going CD's like mad, and the USB drive is so dang handy...

1 more replies
Relevance 58.63%

I used Malwarebytes 1.41 and Norton 360 to clean numerous infections including trojan.dropper and infostealer.gambass. Internet was working but the virus kept redirecting internet explorer to maliciouscodeblock.com. Malwarebytes got rid of it but now the internet only works in safe mode.
I will paste 2 sets of logs. First taken during safe mode scans the next 2 while XP is regularly loaded.
DDS (Ver_09-10-26.01) - NTFSx86 NETWORK
Run by ibm at 20:02:26.94 on Wed 11/18/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.214 [GMT -5:00]

AV: Norton 360 *On-access scanning enabled* (Updated) {A5F1BC7C-EA33-4247-961C-0217208396C4}
FW: Norton 360 *enabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\ibm\Desktop\dds.scr

============== Pseudo HJT Report ===============

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\le... Read more

Answer:Some Malware caused internet to work only in Safe Mode

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No inp... Read more

2 more replies
Relevance 58.63%

I have a scenario where I will want to boot into safe mode (FBI Virus) and run Malware Bytes from a USB drive. My concern is that in Safe Mode I will not be able to execute the install because of the limited functionality. Will this work?

Answer:Installing Malware Bytes from USB Drive in Safe Mode

Hi and welcome to SevenForums!

Don't know, haven't tried. But Malwarebytes have a special program for this kind of scenario: Malwarebytes | Chameleon - Free Malware Removal Tool

"Malwarebytes Chameleon technologies gets Malwarebytes Anti-Malware installed and running when blocked by malicious programs."

9 more replies
Relevance 58.63%

Hi anyone.
I have a Dell Dimension 2400 running XP home edition. I am now running safe mode after downloading service pack 3.
Had the blue screen run. I have run the diagnostics in the BIOS and everything passed.
Cannot download and run SuperAntiv. as the computer just reboots whenever it feels like.
Cannot run Combo fix either.
Ran Killbox to delete temporary files.
Ran CCcleaner and cleaned everything out.
Ran Malwarebytes and cleaned out everything there.
Including some scan files and actually hoping I have a way out of this loop hole. I cannot upload from exporer so I will post files later from Firefox
Cheers Jan
 

Answer:Bluescreen, now must work in safe mode. Malware or bad computer?

I have enclosed my Hijackthis log and Malwarebytes log. I did find some malware which has been removed.
Thanks Jan
 

2 more replies
Relevance 58.63%

Hello,

First I'd like to say good job to all you dedicating your time into helping out others. Services like these don't come free outside so thanks so much!

Well, I'm almost certain I have a malware/spyware on my laptop. Visiting this website with ads, Avast picked up a potential virus and it seemed like it blocked it however afterwards, my laptop wasn't the same. I've been noticing web browsing was slower, each page I went to would freeze for 15 seconds or so. Then I tried browsing my own computer and I can't do that at all. If I try to open up "My Documents," the computer would just end up freezing and I would have to restart.

I also tried doing an Avast scan however it wouldn't finish since the computer would freeze in the process. So I'm having to do EVERYTHING in safe mode.

Tried:
- Using Ad-Aware
- SUPER AntiSpyware
- CCleaner

Computer Spec:
- Windows XP
- 105 GB HDD (58GB used)
- 1 GB Ram

I did/used those in safe mode though so not sure if it would work fully. Please help me out with this issue, Thanks in advance!


DDS (Ver_09-02-01.01) - NTFSx86 MINIMAL
Run by Alex at 19:55:10.85 on Wed 03/04/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.789 [GMT -8:00]

AV: avast! antivirus 4.8.1335 [VPS 090304-0] *On-access scanning enabled* (Updated)
AV: PC-cillin Internet Security - Virus Protection *On-access scanning enabled* (Outdated)
FW: PC-cillin Internet Securit... Read more

Answer:Running Safe Mode // Suspected Malware Issue

Thought I might bump this thread, it's been just about 72 hours. Here's hoping to get help, if not, I will have to go with re-format however I'm afraid of losing important applications and whatnot.

So, 'normal' mode is unstable and basically unusable and I can only use Safe Mode. Currently I'm using another computer to access the net.

15 more replies
Relevance 58.63%

Hi, I caught the Vista Home Security malware on my PC and am getting desperate. I tried to change the registry, I tried to go into safe mode but nothing works.In safe mode, everytime I try to launch IE or any malware removal software I have, the same process launches: xxt.exe, and prevents the program to start.I have tried to download anti malware programs to my flash drive but the only healthy computer I have at home other than mine is a Mac.What to do? Any advice will be appreciated.Fanny

Answer:Vista security malware: SAFE MODE WON'T WORK!

Here are techniques used to get MBAM working, you can use these on any program.Malwarebytes' Anti-Malware ( MBAM )http://www.softpedia.com/get/Antivi...http://www.softpedia.com/progScreen...http://www.malwarebytes.org/mbam.phphttp://www.spywareinfoforum.com/ind...http://www.bleepingcomputer.com/vir...Forumhttp://www.malwarebytes.org/forums/Error codeshttp://forums.malwarebytes.org/inde...Common Issues, Questions, and their Solutions, Frequently Asked Questions.http://forums.malwarebytes.org/inde...http://www.spywareinfoforum.com/ind...VIPRE Rescue Programhttp://vipre.malwarebytes.org/http://live.sunbeltsoftware.com/Try it in Safe mode with Networking.If it won't run, rename the downloaded mbam-setup.exe file to mb.exe to help work around certain malware that will block it from being run.If it still will not run.1: Go to Control Panel > Programs and Features and uninstall Malwarebytes.Next redownload Malwarebytes but rename it before you download it to your desktop. As you are in the process of downloading when you get to the point that the "enter name of file to save to" box appears, in the "filename" slot, rename mbam-setup.exe to something.exe, then click Save.If it installed but will not run, navigate to this folder:2: C:\Programs Files\Malwarebytes' AntiMalwareAt the top of the page, Tools > Folder Options > View, click > Show hidden files and folders and untick > Hide extensions for known file types.How to see hidden files in Windowshttp://www.bleepingcomputer.com/tut...... Read more

4 more replies
Relevance 58.63%

Hi,

Vista SP2, had a Malware attack and the Laptop shutdown.

I can no longer reboot into normal mode BSOD just after Ctrl Alt &Del apprears and it will only let me reboot into safe mode.

When I run Malwarebytes in Safe mode it finds Adware.MyWebsearch Registry entries, but on each reboot they are stll there.

When starting in Normal Mode I get a BSOD STOP:0x0000008e error just after the Ctrl, Alt & Del screen comes up.

Tried last known good from F8 and still the same.

Any ideas?

Answer:BSOD on normal startup, Safe mode OK, after Malware

With the information you have provided I believe you will need help from the malware removal team. Please make sure that you read the information about getting started first.Then start a new thread HERE and include or required logs.Including a link to this thread will be helpful. Good luck and be patient. Help is on the way!

2 more replies
Relevance 58.63%

simple question, is it technically possible for malware to hide itself such that even in windows safe mode it is not detectable by scanners? 

Answer:question about whether malware can hide itself from scans even in safe mode

Simple answer...
 
Yes, many malware instances can only be identified manually, by the right person who knows what they are looking for.

4 more replies
Relevance 58.63%

Hi,

I've got a little problem (why else would someone post here).

I am stuck in safe mode (thought it doesn't say safe mode in the corners)

Malwareantibytes & superantispyware seem to have taken care of the causes, but now I am left in safe mode and have no internet connection. I guess this falls under the heading of "what do I do".

As usual, I need this fixed right this second! (just kidding, this machine usually just sits. It was infected/attacked buy just being connected and not being used.)

If its not to inconvenient, I would like to know not just what to do, but why and what expected results should be.

Please let me know what info you need to help me sort through this "little challenge".

oops forgot: XP Pro, Intel p4 2.8, 1gig ram, intel pro onboard network card. More? just ask.

tia,

I fully accept responsibility for this machine going down, and have a sense of humor about it. I just cannot take computer problems that seriously, its just not the end of the world, but I know when I am licked!

Andy

Answer:Stuck in safe mode, Viruses/malware removed (I think)

Right click on the C drive in Explorer and go Properties > Tools > Check Now (under Error Checking). Check both boxes then click "Start Now". A message will pop up saying that Error Checking will run after you restart the computer. Restart the computer and Error Checking will run automatically after the restart. After it?s finished it will restart into Windows automatically.

9 more replies
Relevance 58.63%

Hello guys,I am just wondering whether can you guys help me to get rid of this pest? I think it's called Razespyware. I am not sure but that's the one that keep popping up. Not to mention a dozen of others. I think i have more than 1 malware cause i remembered i search with spybot before and it returned with 6 identified spware. Help .. I can't seem to get rid of it and worst of all, I CAN'T boot in safe mode. I tried to go in but something like 'mlti//ard ..disk .. dunno what partition' came out instead. I can boot in normally but i can't access another program or another website other than RAZESPYWARE !!!! But luckily for me, i have downloaded HijackThis earlier on and i am posting my log here. Please teach me what to do. Million of thanks in advance :DLogfile of HijackThis v1.99.1Scan saved at 7:19:03 AM, on 12/1/2005Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBB... Read more

Answer:Terrible Malware - Razespyware? Xp Won't Start In Safe Mode

Hello,I have bad news for you. Your system is badly compromised. Razespyware is only a small detail if I compare with the rest what is going on on your system.You don't have only several variants of stubborn spyware/adware present, You also have several trojans/viruses/worms/backdoors present as well which already damaged a lot, collected your passwords and other personal info... your system is no longer trustworthy and you infect other systems as well.I think none of your scanners are up to date.So you really need to decide what to do here. If we clean this up, I can't promise we could restore all the damage it already caused. I can't promise we'll be able to find and clean everything, because this type of malware hides deeply in your system, so I can't promise you'll be able to trust your system again afterwards.So the decision is yours, but if I were you, I would reformat my system and reinstall windows. Please update immediately to Service Pack2, because I see you're still having Service Pack1 installed, which leaves your system vulnerable.So, what do you decide?

2 more replies
Relevance 58.22%

I'm at my wits end here. I'm infected with at least Virtuomonde and Smitfraud. Here is what's happening.

All antivirus and HJT that I've tried (spybot, HJT, Avast, etc) start to run and then die. When I try to restart I get a dialog box that says, cannot access, file, drive, path--you may have insufficient rights.

clicking on browser links redirects to a random page.

booting in safe mode gives me a quick BSD and then starts over

Active desktop has died--I deleted an html "warning" image from the recovery console on a Win XP CD.

Can ANYBODY help or am I doomed to reformatting?

Currently running Win XP Home Edition--SP-3

Thanks so much!

Chuck

Answer:Malware Blocks All Antivirus and Stops Safe Mode Boot

You have the new rootkit that's out thereWe Need to check for Rootkits with RootRepealDownload RootRepeal from the following location and save it to your desktop.Direct Download (Recommended)Primary MirrorSecondary MirrorSecondary MirrorSecondary MirrorZip Mirrors (Recommended if you have a slower connection or if the Direct Download mirror is down)
Primary MirrorSecondary MirrorSecondary MirrorRar Mirrors - Only if you know what a RAR is and can extract it.
Primary MirrorSecondary MirrorSecondary MirrorExtract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).Open on your desktop.Click the tab.Click the button.Check all seven boxes: Push OkCheck the box for your main system drive (Usually C:), and press Ok.Allow RootRepeal to run a scan of your system. This may take some time.Once the scan completes, push the button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.-----------------If the scan doesn't run or won't complete, just select Drivers to scan

1 more replies
Relevance 58.22%

Hi. I'm afraid I botched my system by using multiple malware programs and then finding that I was unable to connect to the internet (but still can see the router). I have an acer laptop with win8.1 installed. I am able to connect to the net in safe mode with networking but not in ordinary user mode. I've tried some things based on other posts, but I've been out of the tech world for too long to figure this out. I'm hoping to get some help so I don't have to do a reset and go back to start.

The system has been working great for over a year, but last week i began having some random audio stuff play with no apparent reason. So I figured it was malware and I began loading malware sw and doing scans. In the heat of the moment, I did whatever the malware sw said to do. Then, poof, no internet. Later uninstalled the malware scan sw but still no net in normal mode.

I am using the ethernet adapter to connect to my router, but I have the same problem using the wifi adapter. I figure that since this thing works in safe mode, there must be a way to solve the problem without a complete reset. Tried to restore an older backup and the backup file was unreadable. Yipes! I'm pulling out all my hair! Thanks for any help you can give!

Here is my ipconfig from normal mode:

Windows IP Configuration

Host Name . . . . . . . . . . . . : acerlt
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS ... Read more

Answer:Solved: Can Connect to internet only in safe mode Win 8.1 - after some malware remova

8 more replies
Relevance 58.22%

I picked up Vista Home Security malware today, and have been unable to remove it. It runs in safe mode as well and prevents any program to open. It also made "Internet options" disappear from the control panel.

I did manage to run RKill but it did not find anything and failed to disable the malware in order for me to run my anti malware programs.

I tried launching anti-malware programs (malwarebytes, spybot) from a flash drive, to no avail.

Looking at my task manager, everytime I try to launch a program, the following malware process launches itself: xxt.exe.

Please help, I am getting desperate!

Fanny

Answer:Vista Home Security malware still running in safe mode

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

2 more replies
Relevance 58.22%

This all started when computer would lock up after about 5-10 mins of use. I figured it was a virus since our virus protection lapsed(go figure). So first thing I did was run hijackthis and I will post the log from that. Then downloaded Malwarebytes and did a scan and removed all that with no luck on the computer working any better. So I figured it was time to start safe mode. Well, that just got me in to more trouble. I now boot up to safe mode with the cmd.exe screen. I have tried F8, F6, F12 and esc. They all get me to the same screen of starting in safe mode or windows normally. Anything I choose gets me back to the command prompt in safe mode.

One last thing, this is a Gateway Netbook without a cd rom.

Log is as follows:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:07:13 AM, on 11/7/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxedcoms... Read more

Answer:Probably Virus, No Malware, Stuck in Safe Mode with Command Prompt

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/426806 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

63 more replies
Relevance 58.22%

Hello helpful people of Bleeping Computer!
My younger sister has managed to get her computer infected with the uKash Metropolitan Police malware, nasty little bugger that it is. I've been reading all the guides I can find and trying all their suggestions but it comes down to one issue in the end.
I cant access safe mode, I don't know if it's the virus or something else but whenever I log into safe mode (with or without networking/command prompt) the moment the desktop loads the computer shuts down and reboots into normal mode where the virus instantly locks the computer down. I've exhausted all my malware fighting knowledge and now I turn to you, the experts.
Please, any advice is gladly welcomed and hugely appreciated.

Answer:uKash Metropolitan Police Malware, Safe Mode Locked Out

Hello and welcome.
What is the Operating System?

Can you run these in Normal mode?

5 more replies
Relevance 58.22%

Hello Vista Smart Community,
I have a problem with a stupid malware virus on my Window Vista laptop (x32). This is the typical malware virus (system tools) that pops multiple windows telling me that my PC is infected with viruses and then is asking me to pay them (ransom scam). In the past I was able to fix the issue by going to safe mode and then fixing the proxy on my IE and then downloading legitimates virus killer. This time, is a little harder for me to kill this virus. This time the virus is not allowing me to open IE at all in safe mode and is using ?Window Vista security center? as the name versus the other know names. Can someone please help me figure out how to kill this Malware when I cannot access IE?

Answer:Malware virus on Window Vista won't let me open IE on safe mode?

Hello welcome to the for um.
Please could you tell us exactly what you can and cannot do?
Do you have malwarebytes downloaded, can you do a full scan?
Please let us know your exact state.

11 more replies
Relevance 58.22%

I would be very grateful for anyone who can give me some advice or guidance with this problem.
 

Answer:Have Total PC Defender malware infection and Safe Mode won't work

To get you started here is a program that will repair Windows Safe Mode- http://www.sergiwa.com/modules/mydownloads/singlefile.php?cid=2&lid=26

Download

How to use- http://www.ghacks.net/2011/07/17/windows-safe-mode-fixer-repair-safe-mode/

Good luck.
 

29 more replies
Relevance 58.22%

Ok, so on a different board (I think I am the victim of terrible advice), I went through all of the malware steps with some people and I think I was pretty successful (and I d/l Firefox); however, after turning my computer off, I can no longer restart in "Normal Mode". I just get that terrifying blue screen.

(It should be noted that I also "tried" to wipe out IE from my computer, but I don't think it worked)

Here is what it says is my problem:

*** STOP: 0x0000008E (0xC000009A, 0x86EB7641, 0xF698D8EC, 0x00000000)

I have tried to restore my system, but it won't allow me to in Safe Mode, and it says that it is turned off anyway.

Someone told me to reboot in "Diagnostic Mode" after typing msconfig in "Run" while in Safe Mode. When I did that, the exact same thing happened, and I got this message:

*** STOP: 0x0000008E (0xC0000005, 0x86EAF05A, 0xAAC79C98, 0x00000000)

I have since went back and set it back to normal getting the original message. I have googled these numbers, but to little avail. The best I can come up with is that I am having RAM issues and space issues; however, I currently have 16 free gigs... So I don't understand.

Any help would be greatly appreciated b/c I would really like to get around wiping out my harddrive (reformatting). I have a Gateway (with the restore disc) from Jan. '05. Pentium 4 Processor 530. Processor speed is 3Ghz, 800MHz FSB, 1MB L2 Cache, 200Gig HD, 7200RPM RAM, 1024 MB DDR Dual ... Read more

Answer:After Cleaning my System of Malware, I Can No Longer Run XP Home Outside of Safe Mode

Maybe, the MALWARE that you have clean up was the source of your problem....

The Malware was intact with the system files, and when you clean it and delete, you also deleted the important files of your system

3 more replies
Relevance 58.22%

My laptop has been infected by malware/spyware. This is the first time i have joined any forum so look forward to your help. I have been working in safe mode since 2 days and need immediate help as this is my company laptop and i need access to programs that i cant get in safe mode.
Below is the HJT log report and attached is DDS. I could not run GMER in safe mode, let me know what to do. I also see that their is an "iexplore" process running in task manager which is a Trojan, as it launches itself after regular intervals even after i kill the process.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:25:25 PM, on 3/31/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\amit\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\amit\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\amit\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\amit\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\taskmgr... Read more

Answer:infected by malware/spyware.. running PC in safe mode since 2 days..need help

Hello and Welcome to TSF.


Quote:




this is my company laptop




We are sorry but this forum is intended for the home user.

Please contact your company's IT department for help and best of luck with your issues.

This thread shall now be closed.

------------------------------------------------------

1 more replies
Relevance 58.22%

ok i am working on a laptop for a friend of mine. he has gotten somekind of malware on it.. i had once before removed some stuff from it.. and told him it wasn't completely clean and what to do about it.. but it would seem he has been back on the internet unprotected since then..

at the moment when i log into regular mode i get a bluescreen listing a 0x000000f7 stop error.. but it gives no details.. also the bluescreen never takes longer than 30 seconds to occur so no way to do any trouble shooting there..

when i try to log into safe mode the screen barely changes at all before i get the same bluescreen as before..

the computer is a stock hp pavilion dv1000.. i do not know the exact specs of the computer other than it is running XP home SP2.. the guy im working on it for isnt at all technically savvy so it probably has just whatever was standard at the time he bought it...

any help would be greatly appreciated..

thankx in adv.
 

Answer:Malware trouble cant login to safe mode without a bluescree after 5 seconds

update: ok found some articles elsewhere online (thx google) and ive decided my friends laptop is victum to a buffer overrun attack... however im not having any luck discovering the driver thats over-running its buffer... any ideas as to a way to figure this out?

thx for any help or suggestions or thoughts
 

30 more replies
Relevance 58.22%

On 4/2 I recieved an error report from AVG. I dont remeber what it said but I figured it was bad so I tried to run adaware. Adaware was unresponisve and my system slowed to a near halt. I restarted and it would not boot. A blue screen flashed right after the Windows process bar and it cycles to the screen where I have the safe mode options. From there safe mode works and I still have a net connection. I tired recording the bluescreen with my phone and it says something about uninstalling any virus protection software. Its hard to see. It might be in a log somewhere but I dont know how to get to it.


I have ran through a ton of trouble shooting. I did a system restore. Adware was still unresponsive and it wont reinstall. When I try to install it I just get the option to uninstall it. I ran just about every free virus removal that I could install in safe mode. I ran spybot, asquared, Malwarebytes, unhack me, Advanced system care, and a couple registry cleaners I dont remember.

I still have symptoms in safe mode. I was receiving the MC- 30 day popup (below) every now and then but I havent seen it lately. Also I didnt have any other MC 30 day symptoms.





I still have popups from random sites. They usally happen after google searches.

I might happen on 10% of searches. below are two of the links that have popped up.

kdirectory.co.uk/results.asp?qry=ntuser.dat%20in%20use%20by%20another%20process&rfid=lka4_60962-5620


ww.mydealchoices.com/searchb.php?... Read more

Answer:Can only boot in safe mode after malware attack still getting browser popups.

Hi

Please do the following:

Please download exeHelper to your desktop.
Double-click on exeHelper.com to run the fix.
A black window should pop up, press any key to close once the fix is completed.
Post the contents of log.txt (Will be created in the directory where you ran exeHelper.com)
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).


NEXT





Download DDS and save it to your desktop from here or here.



Disable any script blocker, and then double click dds to run the tool. When done, DDS will open two (2) logs:DDS.txt
Attach.txt

Save both reports to your desktop.
---------------------------------------------------------------------------------------------

Download GMER Rootkit Scanner from here to your desktop. Rename it to a .com extension. You may need to ensure file extensions are viewable.

Go to My Computer->Tools->Folder Options->View tab:
* make sure there is no checkmark beside Hide file extensions for known file types


* Click Yes to confirm and then click OK.Double click the renamed .com file.
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO, then use the following settings for a more complete scan.

Click the image to enlarge it
In the... Read more

19 more replies
Relevance 58.22%

Hello
 
My pc is dual boot Vista64/WinXP with a HD controller card & 4 HDs. I use ESET NOD32 in both OS. Vista is infected but the XP not.
I can boot Vista into any safe-mode without the virus appearing, I have run a full scans using ESET, Malwarebytes, HitmanPro, TDSSKiller & used Combofix (with ESET disabled) but found nothing.
I have now disabled the internet connection on Vista by uninstalling the driver for the wireless adapter.
I can't run DDS except in safemode but I'm guessing that won't help if the virus isn't active when DDS is run?
XP can 'see' the drive that Vista is installed on, if that's any use.
 
Any assistance would be hugely appreciated.
 
Thanks
Gordy

Answer:UK PCeU virus present but no malware found in Safe Mode

Hello Gordy I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", t... Read more

24 more replies
Relevance 58.22%

Hello, my Windows XP Home Edition Compaq computer is running into some issues.

I currently scanned with Home Trend's online scanning system and used Anti Vir's up to date free anti virus program, and it is able to detect the trojans, but can't delete them. They always pop up back with the same names, Trojan/system32/JkkIyrsm and a few more

Can anyone seem to help me? I have tried to look at other threads, however, none has helped so far. What bugs me the most is that when ever I open the Internet explorer browser, it automatically pops up another window with lots of ads. It is as if the mouse is clicking by it self!

Please would anyone help us me, I am fairly new to this. Thanks a bunch!
 

Answer:Malware/Trojan System32 Won't Delete - Unable to Safe Mode

Welcome to Major Geeks!


Please follow the instructions in the READ & RUN ME FIRST link given futher down and attach the requested logs when you finish these instructions.
If you have problems where no tools seem to run, please try following the steps given in the below and then continue on no matter what you find. You only need to try the TDSSserv steps if having problems getting scans in the Read & Run Me First.

TDSSserv Non-Plug & Play Driver Disable

If something does not run, write down the info to explain to us later but keep on going.
Do not assume that because one step does not work that they all will not.
READ & RUN ME FIRST. Malware Removal Guide


Helpful Notes:

If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode. You can run steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:
Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware, Malwarebytes and Spybot ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.
To avoid addtional delay in gettin... Read more

1 more replies
Relevance 58.22%

Hi Members,I have a computer that was redirecting google searches and I couldn't find hat was causing it. Today it Blue Screened on start-up after the install of the microsoft defender update. I was able to unistall that update, but now it blue screens when loading safe mode, but not when i boot normally. Sounds to me like some type of malware after googleing the stop code: 0x0000007e (0xC00000005, 0x80537009, 0xf789e508, 0xf789e204). I noticed some suspect entries in the log. Can you help?ThanksuamuserLogfile of Trend Micro HijackThis v2.0.2Scan saved at 2:19:29 PM, on 2/11/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exeC:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exeC:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exeC:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exeC:\Program Files\McAfee\MPF\MPFSrv.exeC:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exeC:\WINDOWS\system32\nvsvc32.exeC:\... Read more

Answer:Malware-Safe Mode Blue Screen & Google redirect

Is there no one to help with my issue?===========Hello While we understand your frustration at having to wait, please note that Bleeping Computer deals with several hundred requests for assistance such as yours on a daily basis. As a result, our backlog is quite large as are other comparable sites that help others with malware issues. Although our HJT Team members work on hundreds of requests each day, they are all volunteers who work logs when they can and are able to do so. No one is paid by Bleeping Computer for their assistance to our members.Further, our malware removal staff is comprised of team members with various levels of skill and expertise to deal with thousands of malware variants, some more complex than others. Although we try to take DDS/HJT logs in order (starting with the oldest), it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are using, since they use another. In either case, neither of us want someone to assist you who is not familiar with your issue and attempt to fix it.We ask that once you have posted your log and are waiting, please DO NOT "bump" your thread or make further replies until it has been respon... Read more

3 more replies