Green backround Black Box Warning

This May be a bit repetitive as I've seen several cases/variants of this bug on your forums. My browser (Mozilla Firefox) froze up for a bit and upon returning to the desktop i had the green background with the black warning box. I also had the red circle with the x prompting me to download some random malware product.I haven't been able to figure out a solution to my particular situation though as i am no longer able to even log On to any profile at the profile selection screen. (A power loss due to winter weather caused a PC shutdown). When i enter my password it starts loading my person settings as usual and then even before my desktop renders, it automatically logs back out to the profile selection screen. Any ideas/help as to how i can successfully log into a profile on my PC would be greatly appreciated.

Edited by EzPzLemon, 27 January 2010 - 05:11 AM.

Have you tried Safe Mode (reboot and start slowly tapping F8 when you see the PC maker's logo. Keep tapping until you see the Safe Mode menu. Choose Safe Mode with Networking or Safe Mode.)

If that doesn't work then you have another possibility or two before you have to reload:

Try Kaspersky's bootable CD from:

http://www.askvg.com...ure-and-others/

It's an iso file so you need to do a disk copy (from image) to get it to work then boot off it. It will scan your PC and fix a lot of things plus allows you to move files around.

Also get PC Regedit
from the link on the lower half of this page:
http://www.raymond.c...ing-in-windows/

The page explains how to use it to fix a no logon condition. In your case netsky which is like what you have usually messes winlogon too but if userinit looks normal then check the value of shell which should be explorer.exe.

From a recent post we can see these Netsky infection points in an OTL log:

O4 - HKLM..\Run: [notepad] C:\WINDOWS\System32\notepad.DLL (Microsoft)
O4 - HKLM..\Run: [tqammy] C:\WINDOWS\System32\msaouahn.DLL (USA)

O4 - HKLM..\Run: [vodifatun] C:\WINDOWS\System32\guyewijo.DLL ()
O4 - HKLM..\Run: [winupdate86.exe] C:\WINDOWS\system32\winupdate86.exe (cLAeVTkp)

(HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run)

O4 - HKCU..\Run: [notepad] C:\Documents and Settings\Administrator\ntload.dll (Microsoft)

(HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run )

O20 - AppInit_DLLs: (yebesuna.dll) - C:\WINDOWS\System32\yebesuna.dll ()
O20 - AppInit_DLLs: (c:\windows\system32\guyewijo.dll) - C:\WINDOWS\system32\guyewijo.dll ()

(HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\winlogon86.exe) - C:\WINDOWS\system32\winlogon86.exe (cLAeVTkp)

(HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
Userinit or shell look int he right pane.)

O21 - SSODL: luvehihoy - {5fb9c357-8436-4f7d-b86f-4c3d6ef35eec} - C:\WINDOWS\system32\guyewijo.dll ()

(HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad )

O22 - SharedTaskScheduler: {5fb9c357-8436-4f7d-b86f-4c3d6ef35eec} - kupuhivus - C:\WINDOWS\system32\guyewijo.dll ()

(HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler)

O32 - AutoRun File - [2009/12/21 11:30:12 | 00,034,308 | -H-- | M] () - E:\autorun.exe -- [ FAT32 ]

(possible infected file on USB drive or external drive)

NetSvcs: BtwSrv - C:\WINDOWS\system32\BtwSrv.dll (FTD2XX Software Technology)
NetSvcs: Iprip - C:\WINDOWS\system32\Ipripv32.dll ()

These last two will mess up your internet. See:

http://www.threatexp...74451a9e6c0b5ef

http://www.quickheal....Agent2.kuz.asp

If in doubt compare to a working system.

Ron

#1
EzPzLemon

Posted 27 January 2010 - 04:56 AM

Advertisements

#2
RKinner

Posted 28 January 2010 - 04:24 PM

#3
EzPzLemon

Posted 29 January 2010 - 02:57 AM

Similar Topics

0 user(s) are reading this topic

As Featured On:

Forums

Downloads

Members

Connect With Us