Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Multiple Infection New Win32 - New Poly Win32 - HTML/Framer


  • Please log in to reply

#1
lamaxx

lamaxx

    New Member

  • Member
  • Pip
  • 1 posts
Hi, and thank you in advance for your help.

Two days ago McAfee started spotting a massive number of HTML/Framer infections. Within 1/2 hour it deleted a few hundred html files, most of them a few years old. Next it started detecting wave after wave of New Win32 and New Poly Win32 infections in all kinds of application and system directories. Again it deleted a whole bunch of files - all .exes.

Eventually the system locked up. When I rebooted, I lost access to the explorer shell.

What happens now is that the system will boot all the way to the logon screen. After I enter the password, the system gives me a black screen with a white cursor - nothing else.

Ctrl-Alt-Delete will get me to the Vista screen with the option of starting Task Manager, but if I choose that option nothing happens (ie. Task Manager doesn't start). At that point the only thing I can do is shut down or restart using the red button in the lower right-hand corner. I have tried the F8 to Safe Mode approach, but any attempt to start in any of the Safe Modes (including Safe Mode with command prompt) leads to the same black screen with white cursor.

I have tried booting from my Vista DVD and running the Startup Repair, but the utility does not detect any problems.

Booting from the Vista DVD is also the only way I have to access a command prompt.

I ran the Registry Editor from that prompt, and I noticed that in Registry Key HKLM/Software/Microsoft/Windows NT/CurrentVersion/Winlogon the value of "Shell" is set to "cmd.exe /k start cmd.exe". But any attempt to change it back to "explorer.exe" have failed, as it always reverts to the other one during startup.

I was able to mount the drive as "E" on another computer, and I ran full scans on it with Avast, Malwarebytes AntiMalware, Kaspersky Online, and Panda Online, but none of them detected anything. Right now I can access the data on the drive (still mounted as "E"), but I am unable to run any of the utilities listed in your Cleaning Guide (they all seem to be designed to automatically run on the system disk, whis is not the infected one), so I can't post any of the required logs.

I hope this initial information will be of help.

Let me know what else you need.

Riccardo
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP