| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 93211 | 2008-09-08 02:29:00 | Virus and/or Spyware corrupted windows... | GR8Metal (14133) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 703390 | 2008-09-08 02:29:00 | Hi all, A lady dropped off her computer to me to fix. She says she opened an email attachment (It was one of those flight confirmation bookings zip files..... don't ask me why she opened it in the first place!) and said "NOD32 popped up with a Red Box that said something about quarantine".......... hmmm, funny that! :) When I boot up the PC (XP Pro Sp2), it fails to display the desktop. It displays the desktop background but not icons or task bar etc. I can press ctrl-alt-del to run task manager but when I try to run a new task to launch explorer, it displays an error saying that it cannot find the file (even if I browse to it). I tried rebooting the PC into safe mode but that didn't work either, it didn't even display the "Windows is running in safe mode....." message. I tried running a windows xp pro repair by booting off a XP Pro disk and selecting R to repair existing windows install but to no avail.... Any ideas what this malware has done to this PC? Cheers. |
GR8Metal (14133) | ||
| 703391 | 2008-09-08 02:41:00 | Try slaving the drive in another computer and scanning it. | stormdragon (6013) | ||
| 703392 | 2008-09-08 02:42:00 | Could be / do anything. Connect it to a working system and scan it with Avast/NOD32, post a hijackthis log, and do a scan with Malwarebytes / Trojan remover |
Speedy Gonzales (78) | ||
| 703393 | 2008-09-08 06:41:00 | Got a customers PC here today the exact same thing - it changed the userinit.exe file. As stormdragon suggested, slave the drive, from that PC rerun Nod32 as well as from my sig, Malwarebytes, Spyware Terminator in full scan mode (Right click the drive scan with ????) - ?? being the malware programs. Once cleaned, ( 1st clean) put the drive back in the original PC, rerun all the scans with Nod32 & all the anti-malware programs in my sig and well as trojan remover from Speedy. You may also need to run combofix - I had to since it had hidden several files that the others missed. Current counts - viruses -18 Spyware -1106 and counting. PS: hijackthis doesn't show all the infections on the PC I'm working on. Combofix got 18 Hijack didn't show. PSS: use Combofix at your own risk - know how to reverse the "cleaning" it does if it all turns to custard. Had that happen Friday. |
wainuitech (129) | ||
| 703394 | 2008-09-08 09:44:00 | Got a customers PC here today the exact same thing - it changed the userinit.exe file. As stormdragon suggested, slave the drive, from that PC rerun Nod32 as well as from my sig, Malwarebytes, Spyware Terminator in full scan mode (Right click the drive scan with ????) - ?? being the malware programs. Once cleaned, ( 1st clean) put the drive back in the original PC, rerun all the scans with Nod32 & all the anti-malware programs in my sig and well as trojan remover from Speedy. You may also need to run combofix - I had to since it had hidden several files that the others missed. Current counts - viruses -18 Spyware -1106 and counting. PS: hijackthis doesn't show all the infections on the PC I'm working on. Combofix got 18 Hijack didn't show. PSS: use Combofix at your own risk - know how to reverse the "cleaning" it does if it all turns to custard. Had that happen Friday. Yeah I had one on Saturday that messed up userinit.exe and rundll32.exe as well; couldn't open system properties or task manager etc. Malwarebytes and HJT got rid of it in safe mode though. It was a trojan of some description I think. :thumbs: |
nofam (9009) | ||
| 703395 | 2008-09-08 22:47:00 | Current counts - viruses -18 Spyware -1106 and counting. That would include tracking cookies right? My record so far is 1069. But that was an easy one, the most screwed up, hijacked thing I had only had a 100 odd. |
pctek (84) | ||
| 703396 | 2008-09-08 22:57:00 | Hey a similar thing happened to my laptop. Just turned it on today and found that I couldn't open anything as I didn't have any permissions. How can I slave the drive of a laptop? Any hints on this? |
NewOrcOrder (14157) | ||
| 703397 | 2008-09-08 22:58:00 | Hey a similar thing happened to my laptop. Just turned it on today and found that I couldn't open anything as I didn't have any permissions. How can I slave the drive of a laptop? Any hints on this? Remove it if you can, and depending on what kind of hdd it is, if its SATA, you'll need a desktop with SATA connections on it Or if its got a restore partition on it, restore it |
Speedy Gonzales (78) | ||
| 703398 | 2008-09-08 23:02:00 | This is a pretty old laptop can't remove hard disk. I had to press the power button until it shut down coz I don't have the permission to shut it down either. | NewOrcOrder (14157) | ||
| 703399 | 2008-09-08 23:20:00 | You cant do much then. Or if it boots into safe mode (depending on what version of Windows is on it). Boot into safe mode / network option. Get Malwarebytes / trojan remover in my sig below. Install update both. Then scan Then select all options under utilities in Trojan remover |
Speedy Gonzales (78) | ||
| 1 2 | |||||