Only open in Safe Mode, cannot remove virus

January 17, 2011 at 19:13:05
Specs: Vista Basic, Centrino Duo
I have a Compaq laptop running Windows Vista Basic that can only open in safe mode. Trying to boot normaly flashes the windows crash screen for a second as soon as the Windows login screen comes up, and the computer reboots...over and over. I have tried Last Known Good Configuration, Restore point but still does the same thing upon rebooting normally. I can open to the safe mode and have tried scanning with Malware Bytes Anti Malware and Superantispyware (and running Rkill to stop processes that might be stopping them from scanning properly). Rkill only pulls up the regular desktop file running and both Malwarebytes and Superantispyware find multiple malware/registry key malware files. When I tell the programs (after running each individually after a clean reboot to safe mode) to delete the files, it restarts to remove the files to normal boot and again crashes at the windows login screen.
Is there anything elase I can try? I was under the assumption that if my malware scans found items, then they also would be able to remove the files in safe mode.
I am out of things to try. I tried going into the registry to delete some of the files the scans found, but they are back once the computer is restarted to safe mode and the scan is run again.
The scans also do not give me the name of the virus(s) affecting the computer. It pulls up 19 registry items and 5 Browser Hijacker Deskbar items.
Any help is appreciated.

See More: Only open in Safe Mode, cannot remove virus

Report •


#1
January 17, 2011 at 23:50:58
Have you tried rebooting back to Safe mode to finalize the removals?

Report •

#2
January 18, 2011 at 10:29:42
Yes.. Several times. I even would reboot back to safe mode 2x before I run the scan one at a time in different sessions again. Malwarebytes and the other scan both find the same problems again and again. I really don't want to reimage the drive.. I would like to be able to at least start in normal mode to run the scans again and clear up everything.

Report •

#3
January 18, 2011 at 10:34:28
Hi, please try booting into "Safe Mode with Networking", and downloading Malware Bytes from here: http://download.cnet.com/Malwarebyt...

Helpful tips before getting started: http://www.computing.net/howtos/sho...


Report •

Related Solutions

#4
January 18, 2011 at 12:22:38
Better yet, reboot to safe mode with networking and download and run Combofix from here: http://www.bleepingcomputer.com/dow...

Report •

#5
Report •

#6
January 18, 2011 at 14:42:50
At worst, try using the ESET online scanner to scan, if you can get online? Also HiJackThis download is a good tool for removing malware etc. I know its old but it works well.(You may need help reading the log)
Also scan all user accounts individually as your account might be clean, but another isn't and will be reinfecting the pc on reboot.
You don't mention your AV program at all? You do have one? As It will do a better job than MalwareBytes and SuperAntiSpyware.(Which are both excellent malware/spyware removers)
Hope thats of some help?

Report •

#7
January 19, 2011 at 17:24:15
So far ran Combofix and all it did was disable the wireless I had running in safe mode with networking so I can't get the wireless to work now. Running Malwarebytes now does not detect anything but Superanitspyware picks up the same viruses but won't remove them. Still crashes at the log in screen for windows booting up to normal mode. I am going to try JohnW's suggestions.

Report •

#8
January 19, 2011 at 18:13:26
To re-enable your wireless, follow the steps here which should say "Manually restoring the internet connection" : http://www.bleepingcomputer.com/com...

Helpful tips before getting started: http://www.computing.net/howtos/sho...


Report •

#9
January 19, 2011 at 23:36:20
Try a good Anti-Virus like Karspersky or Bit Defender.
You can even try and clear junk files in C drive.
If nothing helps then you may have to format your hark disk.

Report •

#10
January 20, 2011 at 15:39:18
Bit defender was installed when these viruses got in...

Report •

#11
January 20, 2011 at 16:17:30
Unfortunately I can still only open the computer in Safe Mode and the Windows Network Diagnostics cannot run in Safe mode... The wireless was working in safe mode before I ran Combofix. Anyone know how to get the wireless back in Safe Mode? I also can't run Bit Defender...message says "BitDefender Services not responding. The BitDefender Security Service vsserv.exe is unavailable at the moment." I think this thing is hosed...

Report •

#12
January 20, 2011 at 17:35:42
No AV ( including Bit Defender ) can guarantee that you will not get infected, with thousands of new ones coming out each week, the badies are always ahead of the goodies & con/trick people constantly. You need more preventative measures, google that & choose what suits your system ( they are all free )

Combofix ( like any specialized program ) has done its job & removed problems.

You now need to fix your TCP stack, this tool should work in Safe mode.

http://www.watchingthenet.com/repai...

More info here if needed.

XP TCP/IP Repair
http://www.softpedia.com/get/Tweak/...
http://www.softpedia.com/progScreen...
http://www.xp-smoker.com/freeware.html
http://support.microsoft.com/kb/299357
http://windowsxp.mvps.org/winsock.htm
http://support.microsoft.com/defaul...
http://www.samba.org/samba/docs/man...
http://www.onlinehowto.net/Tutorial...
http://www.microsoft.com/windowsxp/...
Lost Connectivity after Registry or Malware Cleanup
http://www.tek-tips.com/faqs.cfm?fi...


Report •

#13
March 18, 2011 at 01:29:26
I have the same problem, did anyone find a solution?

Report •

#14
March 18, 2011 at 08:17:54
327ren, this thread is old, why not make up a new post so people can help you?

Some HELP in posting on Computing.net plus free progs and instructions Cheers


Report •


Ask Question