Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Green backround Black Box Warning


  • Please log in to reply

#1
EzPzLemon

EzPzLemon

    New Member

  • Member
  • Pip
  • 2 posts
This May be a bit repetitive as I've seen several cases/variants of this bug on your forums. My browser (Mozilla Firefox) froze up for a bit and upon returning to the desktop i had the green background with the black warning box. I also had the red circle with the x prompting me to download some random malware product.I haven't been able to figure out a solution to my particular situation though as i am no longer able to even log On to any profile at the profile selection screen. (A power loss due to winter weather caused a PC shutdown). When i enter my password it starts loading my person settings as usual and then even before my desktop renders, it automatically logs back out to the profile selection screen. Any ideas/help as to how i can successfully log into a profile on my PC would be greatly appreciated.

Edited by EzPzLemon, 27 January 2010 - 05:11 AM.

  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,709 posts
  • MVP
Have you tried Safe Mode (reboot and start slowly tapping F8 when you see the PC maker's logo. Keep tapping until you see the Safe Mode menu. Choose Safe Mode with Networking or Safe Mode.)

If that doesn't work then you have another possibility or two before you have to reload:

Try Kaspersky's bootable CD from:

http://www.askvg.com...ure-and-others/

It's an iso file so you need to do a disk copy (from image) to get it to work then boot off it. It will scan your PC and fix a lot of things plus allows you to move files around.

Also get PC Regedit
from the link on the lower half of this page:
http://www.raymond.c...ing-in-windows/

The page explains how to use it to fix a no logon condition. In your case netsky which is like what you have usually messes winlogon too but if userinit looks normal then check the value of shell which should be explorer.exe.

From a recent post we can see these Netsky infection points in an OTL log:

O4 - HKLM..\Run: [notepad] C:\WINDOWS\System32\notepad.DLL (Microsoft)
O4 - HKLM..\Run: [tqammy] C:\WINDOWS\System32\msaouahn.DLL (USA)

O4 - HKLM..\Run: [vodifatun] C:\WINDOWS\System32\guyewijo.DLL ()
O4 - HKLM..\Run: [winupdate86.exe] C:\WINDOWS\system32\winupdate86.exe (cLAeVTkp)

(HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run)

O4 - HKCU..\Run: [notepad] C:\Documents and Settings\Administrator\ntload.dll (Microsoft)

(HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run )

O20 - AppInit_DLLs: (yebesuna.dll) - C:\WINDOWS\System32\yebesuna.dll ()
O20 - AppInit_DLLs: (c:\windows\system32\guyewijo.dll) - C:\WINDOWS\system32\guyewijo.dll ()

(HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\winlogon86.exe) - C:\WINDOWS\system32\winlogon86.exe (cLAeVTkp)

(HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
Userinit or shell look int he right pane.)

O21 - SSODL: luvehihoy - {5fb9c357-8436-4f7d-b86f-4c3d6ef35eec} - C:\WINDOWS\system32\guyewijo.dll ()

(HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad )

O22 - SharedTaskScheduler: {5fb9c357-8436-4f7d-b86f-4c3d6ef35eec} - kupuhivus - C:\WINDOWS\system32\guyewijo.dll ()

(HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler)

O32 - AutoRun File - [2009/12/21 11:30:12 | 00,034,308 | -H-- | M] () - E:\autorun.exe -- [ FAT32 ]

(possible infected file on USB drive or external drive)


NetSvcs: BtwSrv - C:\WINDOWS\system32\BtwSrv.dll (FTD2XX Software Technology)
NetSvcs: Iprip - C:\WINDOWS\system32\Ipripv32.dll ()

These last two will mess up your internet. See:

http://www.threatexp...74451a9e6c0b5ef

http://www.quickheal....Agent2.kuz.asp

If in doubt compare to a working system.

Ron
  • 0

#3
EzPzLemon

EzPzLemon

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Thank you much.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP