can't even start in safe mode

Dell / DIMENSION 4600
July 6, 2009 at 18:41:52
Specs: Windows XP Pro SP3
Sudden attack with warnings from "windows" that "windows" had detected a security problem, these windows I Xed out and they would pop up again twice a minute.

Desktop showed, "Your're (sic) computer is infected..." etc, etc, with more language over the entire desktop

Started running SpyBot, blue screen appeared and memory dumped to disk--I was too stupid to think to note error message number. Restarted and ran Spybot after updating.

- Virus allowed 2 restarts in safe mode.
- Would NOT allow launch of AVG, saying it was infected.
-Would not allow a launch of Firefox, saying it was infected.

Did update AdAware and SpyBot, NO results on STANDARD scans on either.

Now keyboard is completely disabled and I can't even restart in safe mode, can't even log into WinXP.

Short of taking it to my neighborhood pc guy, who never seems to bill less than $97 (I'm unemployed right now)...ANY IDEAS, PLEASE? ...Thank you!


See More: cant even start in safe mode

Report •


#1
July 6, 2009 at 18:46:04
Note: I can help you remove malware manually. Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible. First Track this topic. Then follow:

1) Can you please post your AVZ log:
Note: Run AVZ in windows normal mode. If avz.exe doesn't start, then try to rename the file avz.exe to something else and try to run it again. Make sure you have your web browser open in background before following the steps below.

i) To create the log file, download AVZ by clicking HERE. Please save this file to your desktop or "My Documents" folder.

ii) Next, unpack the file to a new folder using the Compressed (zipped) folders wizard built into Windows XP/Vista, or a zip utility of your choice.

iii) Once you have unpacked the contents of the zip archive, please launch the file AVZ.exe by double clicking on it or right clicking and selecting Open.
Note: If you are running Windows vista launch AVZ.exe by right clicking and selecting Run as Administrator.

You should now see the main window of the AVZ utility. Please navigate to File->Custom Scripts. Copy the script below by using the keyboard shortcut CTRL+C or the corresponding option via right click.

begin
ExecuteAVUpdateEx( 'http://avz.virusinfo.info/avz_up/', 1, '','','');
ExecuteStdScr(3);
RebootWindows(true);
end.


Paste the script into the execution window by using CTRL+V keyboard shortcut, or the "paste" option via the right click menu. Click on Run to run the script, the PC will reboot. After the reboot the LOG subfolder is created in the folder with AVZ, with a file called virusinfo_syscure.zip inside. Upload that file to rapidshare.com and paste the link here.

Image Tutorial

2) Download and Run DDS which will create a Pseudo HJT Report as part of its log: DDS Tool Download Link. When done, DDS will open two (2) logs

   1. DDS.txt
   2. Attach.txt

Upload the logs to rapidshare.com and paste download link in your next reply.
Note: Disable any script-blocking programs and then double-click on the DDS.scr icon to start the program. If you did not disable a script-blocker that may be part of your antimalware program, you may receive a warning from your antimalware product asking if you would like DDS.scr to run. Please allow it to do so.

If I'm helping you and I don't reply within 24 hours send me a PM.


Report •

#2
July 6, 2009 at 20:41:31
You really have a bad OS corruption so I think you should consider on starting to retrieve files if you can.

Want A Weekly Update on Latest System Security Problem http://www.systemsecurityinstitute.org


Report •

#3
July 6, 2009 at 21:11:30
To: jdk (by neopark):

I cannot even open my OS, which is XP Pro, SP3.

1.) Respectfully, reread my post.
2.) What is "AVZ"?

Thank you, DaveOT


Report •

Related Solutions

#4
July 6, 2009 at 21:21:00
"Now keyboard is completely disabled and I can't even restart in safe mode, can't even log into WinXP." ... how do expect to fix it? Like lycan20 suggested backup, format and reinstall. There are other ways but those require recovery cd do you have one? AVZ is malware removal tool.

If I'm helping you and I don't reply within 24 hours send me a PM.


Report •

#5
July 6, 2009 at 21:30:19
To jkd:

I am recently backed up to external drive. I'd lose photos that I did not back up.

1.) Re: Recovery CD, I have the original MS XP cd, if that is a "recovery cd" ?? If it is, what are instructions please?
2.) How to I reformat the C drive if I can't even get to the OS?

Thank you


Report •

#6
July 6, 2009 at 21:41:21
What happens when you try to boot in normal or safe mode? Do you see login window? Does it auto logs you out if you try to login?

If I'm helping you and I don't reply within 24 hours send me a PM.


Report •

#7
July 8, 2009 at 00:00:33
Well you can But a Operating system installer so that you can reformat the computer. But hold this thought as a last option I still don't recommend it yet.

Want A Weekly Update on Latest System Security Problem http://www.systemsecurityinstitute.org


Report •

#8
July 8, 2009 at 09:18:00
To jkd,

Yes, I get the password request.

As the computer boots I see the keyboard has been disabled. Thus, I cannot type in the password.


Report •

#9
July 8, 2009 at 09:25:38
Where do you see "keyboard has been disabled". Have you tried another keyboard? It seems more like hardware problem... reinstalling might not help.

If I'm helping you and I don't reply within 24 hours send me a PM.


Report •

#10
July 8, 2009 at 12:10:15
"keyboard disabled" flashed 1/10th second maybe, on 4th reboot and before I g\ot to password request to enter XP pro. Sure enuf, keyboard suddenly disabled.

This is no hardware problem, definitely acting like a virus pretending to be MS, controlling my desktop with a misspelled warning across entire screen, flashing warnings as if really MS Security, asking me to click on warnings, telling me it has a solution to my problems...as I stated before.

This is one of those extortion viruses I've read about.

Can you tell me how to get this off my system without wiping hard drive please?


Report •

#11
July 8, 2009 at 12:52:33
Same thing happens in safe mode? There are fixes if you can login in either safe or normal mode.

If I'm helping you and I don't reply within 24 hours send me a PM.


Report •

#12
July 8, 2009 at 13:02:35
Since I can't press F8 to get to Safe Mode due to a disabled keyboard, I cannot get to Safe unless you know of a trick for that.

Can I and is it SAFE to link my laptop to the infeted computer some how?


Report •

#13
July 8, 2009 at 13:25:34
If your keyboard is disabled that early then its a hardware/bios issue. You might want to take a look again or take it to your nearest computer store. As far as i know no known Malaware disables hardware that early in boot process.

If I'm helping you and I don't reply within 24 hours send me a PM.


Report •

#14
July 8, 2009 at 14:21:12
GOOD NEWS

I can now get to Safe Mode and all the other options that F8 offered.

Now what do I do, please?


Report •

#15
July 8, 2009 at 14:23:33
Go to safe mode with networking and login. Let me know if you can login successfully.

If I'm helping you and I don't reply within 24 hours send me a PM.


Report •

#16
July 8, 2009 at 14:31:36
I get to the password request screen and canNOT log in either as Administrator or my user name. click the green arrow, but it asks me if I forgot my password.

NO asterisks are getting typed into the password frame.

Keyboard not working at this screen


Report •

#17
July 8, 2009 at 14:38:34
Nothing you can do... Try to burn antivirus boot disc and scan your PC (ftp://ftp.kaspersky.com/devbuilds/RescueDisk/). Or another option is format.

If I'm helping you and I don't reply within 24 hours send me a PM.


Report •

#18
July 8, 2009 at 22:16:40
But if that still didn't try to perform a system repair as an second option or reformat as the last option.

Want A Weekly Update on Latest System Security Problem http://www.systemsecurityinstitute.org


Report •

#19
July 9, 2009 at 12:22:29
jdk:

Kaspersky rescue disk run per your advice, 20 hours scanning found NO threats.It was a 4/29/09 update from the ftp link you gave to me.

I have NOT exited from the disk. I have NOT tried to reboot to see if I can get past the password page into the OS.

Shall I do something else with the rescue disk?

Thank you

Shall I reboot? To Safe Mode with networking?


Report •

#20
July 9, 2009 at 12:28:00
Yes you can try but i doubt its malware that's causing your problem. Only solution would be to reformat. If you can login try running ccleaner registry check.

If I'm helping you and I don't reply within 24 hours send me a PM.


Report •

#21
July 9, 2009 at 13:11:03
It gave me ONE boot-up and allowed me ONE normal start-up and accepted password input. --Once, I got a normal boot.

Concurrent with your help, I got escalated in MS support this hour. The virus blocked Firefox, but allowed IE to load Google and Yahoo, but it BLOCKED www.safety.live.com and it also blocked a URL at microsoft he gave to try and take control of my computer....THEN....

Multiple warnings from the virus popping up, and it tries to "scan" the system, saying 38 infections--the whole original mess including desktop misspelled language

It also twice blocked CTRL-ALT-DEL from launching task manager which flashed briefly and disappeared.

Won't accept keyboard input again.

Is there no solution other than to reformat my hard drive?

Thank you


Report •

#22
July 9, 2009 at 13:15:28
If you can login again run this if you can't only option is reformat:

Download and run Kaspersky AVP tool: http://devbuilds.kaspersky-labs.com...
Once you download and start the tool:

# Check below options:

    * Select all the objects/places to be scanned. 
    * Settings > Customize > Heuristic analyzer > Enable deep rootkit search

# Click Scan
# Fix what it detects
# Zip/Rar Scan log/Summary and upload it to rapidshare.com. Post download link in your next message.

Illustrated tutorial: http://img32.imageshack.us/img32/76...

If I'm helping you and I don't reply within 24 hours send me a PM.


Report •

#23
July 9, 2009 at 13:54:33
RE: "Download and run Kaspersky AVP tool: http://devbuilds.kaspersky-labs.com...
Once you download and start the tool:
:"

There are about 30 downloads at this link. Which one should I select, please?


Report •

#24
July 9, 2009 at 14:09:41
Try: ftp://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/index.html

If I'm helping you and I don't reply within 24 hours send me a PM.


Report •

#25
July 11, 2009 at 00:35:27
Thank you so much for your help. I think I am OK now.--Dave

Report •


Ask Question