Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

bugs chomping on screen?[CLOSED]


  • This topic is locked This topic is locked

#1
jimmydaggett

jimmydaggett

    New Member

  • Member
  • Pip
  • 9 posts
we have a toshiba sattelite laptop that is about one and a half years young. a spyware warning poped up with directions to download new anti ware this and anti ware that. one message stated click here to download all anti spyware. a program poped up resembling an anti spyware system rocking a medival theme. the computer became overun and we could not manuver through all the junk that was poping up. the computer froze up and bugs proceeded to chew thier way across the screen. we have tried to acess the web for help on this computer both in regular and safe mode. we cannot access anything on the computer as we have no function at all after the login page. we would like to retrive photos of our wedding and some sensitive emails. then we will run the restore disks if we can. i wish i had more info but everything crashed so fast. any suggestions on how to acess the machine. we are haveing a hard time even in safe mode and are concerned that we may do more damage the longer the computer is on and we stare helplessly. i am willing to humbly try any reasonable advice that my limited abilities can acomplish without much fowl language and hairpulling. going bald in alaska. Thank you
  • 0

Advertisements


#2
RatHat

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
Hi there,

Welcome to GeeksToGo. My name is RatHat, and I will try to help you get your files back.

The first thing we need to do is to see if we can get back into your computer, so I need to ask if you have tried using "Last know good configuration" when booting the machine.

If not, restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter "Last know good configuration" .

Let me know if you are now able to boot into Windows.

Regards,
RatHat
  • 0

#3
jimmydaggett

jimmydaggett

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
thank you for helping.
yeah i tried that but nothing seemed to change. the screen started filling up with junk again. safe mode is starting to not respond to anything. the name of the phony anti-spyware that popped up was Brave Sentry????
  • 0

#4
RatHat

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
Are you using the infected computer to post here?
  • 0

#5
jimmydaggett

jimmydaggett

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
no sir
i am using my mac.
  • 0

#6
RatHat

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
OK, let's see if you can do this.

Please download ComboFix from Here or Here and save it to a CD or thumb drive (if you use a thumb drive, do not use it with any other computer until after we have cleaned your computer).

Transfer it to the infected computer.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Let me know if you manage to accomplish this, and if so post me the log that is produced.

Regards,
RatHat
  • 0

#7
jimmydaggett

jimmydaggett

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
alright i will give it my best shot. when i insert the disk into the infected computer do i run the program in safe mode? thanks again i will give this a whirl.
jimmy daggett
  • 0

#8
RatHat

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
It would be best if you could run it in Normal Mode, but if not, then please run an alternative program in Safe Mode:

Please download SmitfraudFix (by S!Ri) to your Desktop.

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Next, please reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
Once in Safe Mode, double-click on SmitfraudFix.exe
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning : running option #2 on a non infected computer will remove your Desktop background.
  • 0

#9
jimmydaggett

jimmydaggett

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
ok sounds good. thanks.
  • 0

#10
jimmydaggett

jimmydaggett

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
well here is an update.. i clicked on the smitfraud link and inserted a blank disk into my mac. and nothing is happening. i have parallels and can operate my mac as a pc should i move over into my vm? then try to burn the info onto a disk?
  • 0

#11
RatHat

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
That may be the way to go,unfortunately, I have no knowledge of Mac's, so cannot offer any advice on how it should be downloaded. If you can download by switching to PC mode and burning to CD, please download Combofix, and also Deckard's System Scanner (DSS) and OTScanIt.exe .

Copy them all to the CD, but just run SmitFraud for now.

Regards,
RatHat
  • 0

#12
RatHat

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
Do you still require assistance with this log?

Regards,
RatHat
  • 0

#13
RatHat

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact myself or another staff member with address of this thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP