I checked the MSCG and started the process. After step 1.(TFC) it required a reboot. So I did. And I went to safe mode again for the 2nd step, but it just froze on the loading screen before Windows logo. I tried running on normal mode, and it would just freeze after the Windows logo. Nothing but a blank screen. Any suggestions? Any help would be most appreciated.
Windows Police Pro
Started by
anjilinexile
, Oct 01 2009 10:17 PM
#1
Posted 01 October 2009 - 10:17 PM
I checked the MSCG and started the process. After step 1.(TFC) it required a reboot. So I did. And I went to safe mode again for the 2nd step, but it just froze on the loading screen before Windows logo. I tried running on normal mode, and it would just freeze after the Windows logo. Nothing but a blank screen. Any suggestions? Any help would be most appreciated.
#2
Posted 02 October 2009 - 07:11 AM
Hello anjilinexile
Welcome to G2Go.
Please run these both in Safe Mode.
=====================
Download This file. Note its name and save it to your root folder, such as C:\.
Welcome to G2Go.
Please run these both in Safe Mode.
=====================
- Download OTL to your desktop.
- Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
- When the window appears, underneath Output at the top change it to Minimal Output.
- Under the Standard Registry box change it to All.
- Check the boxes beside LOP Check and Purity Check.
- Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
Download This file. Note its name and save it to your root folder, such as C:\.
- Disconnect from the Internet and close all running programs.
- Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
- Click on this link to see a list of programs that should be disabled.
- Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
- Allow the driver to load if asked.
- You may be prompted to scan immediately if it detects rootkit activity.
- If you are prompted to scan your system click "Yes" to begin the scan.
- If not prompted, click the "Rootkit/Malware" tab.
- On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
- Select all drives that are connected to your system to be scanned.
- Click the Scan button to begin. (Please be patient as it can take some time to complete)
- When the scan is finished, click Save to save the scan results to your Desktop.
- Save the file as Results.log and copy/paste the contents in your next reply.
- Exit the program and re-enable all active protection when done.
#3
Posted 02 October 2009 - 10:54 PM
Thanks for the fast reply Kahdah. I can't even get to the desktop to download anything. I haven't been past the load screen in Safe Mode -OR- the Windows screen in Normal Mode. If there's a way to bypass it, I'd be willing to try it.
#4
Posted 03 October 2009 - 05:54 AM
Hmm well we can try.
First try to do this restart the system and then just like you were gong to go to Safe Mode by tapping the F8 key continually on the keyboard but instead of choosing Safe Mode choose Last Known Good Configuration.
See if it will allow you to get some functionality back.
First try to do this restart the system and then just like you were gong to go to Safe Mode by tapping the F8 key continually on the keyboard but instead of choosing Safe Mode choose Last Known Good Configuration.
See if it will allow you to get some functionality back.
#5
Posted 08 October 2009 - 04:45 PM
Sorry for the delay. Last Known Good Configuration also leads to the blank screen. Anything I can do from command prompt?
#6
Posted 09 October 2009 - 06:29 AM
Can you get to a command prompt?
If so then do the following.
At whatever command prompt type in chkdsk /r then Y at the run at reboot prompt.
Then reboot and see if chkdsk will run hopefully it will let you into Windows.
Let me know how it goes.
If so then do the following.
At whatever command prompt type in chkdsk /r then Y at the run at reboot prompt.
Then reboot and see if chkdsk will run hopefully it will let you into Windows.
Let me know how it goes.
#7
Posted 12 October 2009 - 05:11 PM
No dice on that, still just freezes at the load screen. I hadn't thought of this until my brother suggested it. Would it be safe to slave the infected hard drive on another machine and run anti-spyware on it from there? Or at least to save my music files? I'm a musician and all my work is on the infected machine.
#8
Posted 12 October 2009 - 06:21 PM
Yes that will work should help a little make sure to scan it first before trying to go into the drive.
Also to prevent infecting the machine you plug it into make sure to right click on the drive and choose explore instead of double clicking the drive.
As double clicking can lead to infection.
You can come back here when you have done this and we can finish it up.
Also to prevent infecting the machine you plug it into make sure to right click on the drive and choose explore instead of double clicking the drive.
As double clicking can lead to infection.
You can come back here when you have done this and we can finish it up.
#9
Posted 13 October 2009 - 04:20 PM
Since it blocked my Malwarebytes before, should I try a different type of detection program, or should it work now that it's slaved? I just want to be sure I take the precautions that are necessary.
#10
Posted 14 October 2009 - 05:42 AM
If you slave it to another computer then it will run fine.
I would scan it with Mbam and an up to date antivirus then try to plug it back into the original machine.
I would scan it with Mbam and an up to date antivirus then try to plug it back into the original machine.
#11
Posted 14 October 2009 - 11:49 AM
Okay! I'll do it this evening after work! I'll let you know how it goes
#12
Posted 16 October 2009 - 05:18 PM
Okay. The slave allowed me to run Malwarebytes on the disc, it took over 3 hours, but it did flag 8 files. I saved this log before I removed the offending files, here's what I found:
Malwarebytes' Anti-Malware 1.41
Database version: 2775
Windows 5.1.2600 Service Pack 2
10/16/2009 6:58:02 PM
mbam-log-2009-10-16 (18-57-37).txt
Scan type: Quick Scan
Objects scanned: 101184
Time elapsed: 3 hour(s), 24 minute(s), 47 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 8
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
d:\Program Files\Windows Police Pro\windows Police Pro.exe (Antivirus2009) -> No action taken.
d:\WINDOWS\system32\BtwSrv.dll (Trojan.Agent) -> No action taken.
d:\WINDOWS\system32\dddesot.dll (Rogue.ASC-AntiSpyware) -> No action taken.
d:\WINDOWS\system32\eventlog.dll (Trojan.Sirefef) -> No action taken.
d:\WINDOWS\system32\sofatnet.exe (Backdoor.Bot) -> No action taken.
d:\WINDOWS\system32\winupdate.exe (Rogue.AdvancedVirusRemover) -> No action taken.
d:\WINDOWS\system32\wiwow64.exe (Backdoor.Bot) -> No action taken.
d:\WINDOWS\system32\wmdtc.exe (Backdoor.Bot) -> No action taken.
Again, I removed these files with Malwarebytes, What should I do from here?
Malwarebytes' Anti-Malware 1.41
Database version: 2775
Windows 5.1.2600 Service Pack 2
10/16/2009 6:58:02 PM
mbam-log-2009-10-16 (18-57-37).txt
Scan type: Quick Scan
Objects scanned: 101184
Time elapsed: 3 hour(s), 24 minute(s), 47 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 8
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
d:\Program Files\Windows Police Pro\windows Police Pro.exe (Antivirus2009) -> No action taken.
d:\WINDOWS\system32\BtwSrv.dll (Trojan.Agent) -> No action taken.
d:\WINDOWS\system32\dddesot.dll (Rogue.ASC-AntiSpyware) -> No action taken.
d:\WINDOWS\system32\eventlog.dll (Trojan.Sirefef) -> No action taken.
d:\WINDOWS\system32\sofatnet.exe (Backdoor.Bot) -> No action taken.
d:\WINDOWS\system32\winupdate.exe (Rogue.AdvancedVirusRemover) -> No action taken.
d:\WINDOWS\system32\wiwow64.exe (Backdoor.Bot) -> No action taken.
d:\WINDOWS\system32\wmdtc.exe (Backdoor.Bot) -> No action taken.
Again, I removed these files with Malwarebytes, What should I do from here?
#14
Posted 18 October 2009 - 11:06 PM
I reconnected the drive to the old machine, still freezes at the same point. Could I run Combofix on the other machine while the infected disk is slaved?
#15
Posted 19 October 2009 - 04:44 AM
No it will only run locally.
Unhook the drive again and run an antivirus scanner on it then see if it will boot.
Unhook the drive again and run an antivirus scanner on it then see if it will boot.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users