Articles

trojan and blank safe mode

October 8, 2005 at 22:35:28
Specs: Windows XP SP2, Pent 4/512mb

Hi, I have the dreaded trojan vundo also (C:\Windows\sys32.jkkjk.dll). Unfortunately i also have another big problem. While following the symantec removal instructions, I unchecked system restore, disabled norton and the firewall and booted up into safe mode and instead of the usual F8 method I decided to do run - msconfig - boot.ini - safeboot. The computer now only boots up in safemode with a completely blank screen (apart from the 4 safe mode tags and the microsoft windows xp sign). It doesnt matter what option I choose from the advanced option menu I still get a blank screen. I cannot do anything - there are no icons no taskbars no start button or anything. if i do cont/alt/del i get the task manager which has the following processes running. No applications show.
taskmgr.exe
svchost.exe
svchost.exe
svchost.exe
lsass.exe
services.exe
winlogon.exe
csrss.exe
smss.exe
System
System Idle Process

Please somebody help, I have exhausted my small brain trying to work this out.



See More: trojan and blank safe mode

Report •


#1
October 9, 2005 at 07:58:55

Hmm,
try going to task manager, then file->new task. Type explorer and hit ok. If that doesnt work type explorer.exe. It lloks like explorer(which is like your desktop, icons, folders, etc) is not starting...lemme know if that works.

--j

This is my signature.


Report •

#2
October 9, 2005 at 11:18:33

Did you try the Last Known Good Configuration ?

If any advice helps, please post back as it might help others.


Report •

#3
October 14, 2005 at 21:14:51

I just went through having that problem. I hit F8 and chose "Start Windows Normally". Some how it booted me into safe mode and everything came up.

Report •

Related Solutions

#4
October 17, 2005 at 22:28:23

Hi Leesa, Is your problem fixed. I had the same Trojan and followed the same steps you did and have now the same problem, blank screen on safe mode and cant get back to normal.
Can anyone please help me
and also how do you get to task manager

Thanks in advance


Report •

#5
October 18, 2005 at 06:48:56

This same thing happened to me last night. Safe mode but just blank screen. Leesa, did you get your problem fixed? If so, please let me know how. Jay

Report •

#6
October 20, 2005 at 22:32:33


Hi,
sorry it took so long to reply and you are probably all fixed by now but if you arent i have posted a reply of exactly how i got out of the safe mode problem (step no. 4), and out of the trojan problem however i hear there is a new download at symantec that fixes the problem quickly and easily. So why not try that first.


1. Download VundoFix.exe and SpySweeper from the internet and save to your desktop
2. Restart computer and boot into safe mode by tapping F8 when computer is starting up.
3. Choose SafeMode and enter
4. If you are left with a blank screen then Cont-Alt-Delete. Select file tab, then New Task (run) Select browse - choose VundoFix.exe and run the program, when this finishes run SpySweeper and delete all traces that it identifies
OR If you have a normal safemode screen then just double click the icons on your desktop that you need.
5.restart machine and run spysweeper again and then your antivirus software.
6. If machine is free from trojan then you are very lucky if not try NancyJo's fix substituting your file name and your fix program. Just follow her instructions to the letter and I am sure you will get there.


NancyJo's fix
1. Write down the name of the file. On one system it was mljjg.dll; the other was pmkjj.dll. My files were in the c:\windows\system32 folder; both XP systems
2. Download and save to the desktop the VundoFix.exe program. Get it from http://www.atribune.org/downloads/VundoFix.exe. Double-click VundoFix.exe to extract the files. This will create a VundoFix folder on your desktop.
3. Reboot your computer into Safe Mode. Do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.
4. Show all hidden files. Do this by: Right-click on start button, left-click Explore. Click Tools, then Folder Options. Click the tab labeled View. Scroll down to Hidden Files and Folder. Click the radio button that says Show Hidden Files and Folders; also, click to uncheck Hide Extensions for known file types.
5. UNREGISTER THE MALIGNANT FILE SO IT CAN BE DELETED. To do this click Start, Run. Type "command" or "cmd" in the box and click OK to open a DOS window. Change directories to c:\windows\system32. Do this by typing "cd c:\windows\system32" without the quotes. Then unregister the file. Do this by typing "regsvr32 {name of malignant file} /u". My entry was "regsvr32 mljjg.dll /u". Note: there is a space betw the end of the filename and the /u. You should see a window confirming it was successfully unregistered. If it says it can't find the file, make sure you have unhidden files.
6. Delete the malignant file using VundoFix. Double click to open the VundoFix folder and doubleclick on KillVundo.bat.
You will first be presented with a warning and a list of forums to seek help at.
it should look like this
VundoFix V2.1 by Atri
By pressing enter you agree that you are using this at your own risk
Please seek assistance at one of the following forums:
http://www.atribune.org/forums
http://www.247fixes.com/forums
http://www.geekstogo.com/forum
http://forums.net-integration.net
At this point press enter one time.
Next you will see:
Type in the filepath as instructed by the forum staff
Then Press Enter, Then F6, Then Enter Again to continue with the fix.
At this point please type the following file path (make sure to enter it exactly as below!): "C:\WINDOWS\System32\{malignant file.dll}" Mine was C:\WINDOWS\System32\mljjg.dll

Press Enter, then press the F6 key, then press Enter one more time to continue with the fix.
Next you will see:
Please type in the second filepath as instructed by the forum staff
Then Press Enter, Then F6, Then Enter Again to continue with the fix.
At this point please type the following file path (make sure to enter it exactly as below!): C:\WINDOWS\System32\{reversename of the malignant file.*} Mine was C:\WINDOWS\System32\gjjlm.*

Press Enter, then press the F6 key, then press Enter one more time to continue with the fix.

The fix will run then HijackThis will open.
In HijackThis, please place a check next to the following items and click FIX CHECKED:
O2 - BHO: MSEvents Object - {52B1DFC7-AAFC-4362-B103-868B0683C697} - C:\WINDOWS\System32\mljjg.dll
O20 - Winlogon Notify: mljjg - C:\WINDOWS\System32\mljjg.dll

After you have fixed these items, close Hijackthis and Press any key to Force a reboot of your computer.
Pressing any key will cause a "Blue Screen of Death" this is normal, do not worry!

7. Turn system restore off and back on. To this by clicking Start, Control Panel. Double click System. Click System Restore tab. Click to turn off System Restore on all drives. Restart your system. Re-enter Control Panel and click to uncheck the box to restart System Restore.

8. Once your machine reboots run a virus scan to remove any detected remnants.

NOTE: one of the two systems wasn't able to find HijackThis. I had used the program on that system before so I manually ran it and deleted out the two entries recommended above. If you need it, it can be downloaded from here: http://www.download.com/3000-8022-10227353.html





Report •


Ask Question