Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

AV Security Suite


  • Please log in to reply

#1
Tiggy97

Tiggy97

    New Member

  • Member
  • Pip
  • 2 posts
Yesterday one of my computers started to show fake virus alerts and then it would randomly launch web pages. Whenever I actually go into the internet it would redirect me to some other site. I started running Super Antispyware and it discovered the program and said i needed to reboot to finish the removal process. When it rebooted it was still there. So I booted the computer up in safe mode with networking. I ran malwarebytes and it removed 17 registry items. Then I ran Super Anti-spyware again and it found 9 items that it claimed to remove. While in safe mode the alerts stopped, but when I rebooted in normal mode it came right back with the fake alerts. So I got back into safemode again and this time ran Spyware Doctor by PCTools. After the scan it found 47 registry items that were infected and said that 2 needed repaired. So I let it do its repair and then it said it needed to reboot to complete the removal procedure. When it went to reboot it got to the windows welcome screen and then got into windows to where I could see my windows desktop wallpaper but no icons loaded. Then about 10-15 seconds later it would log out of windows and go back to the profile selection screen. No matter what profile I select(admin or guest or user) it acts like its about to load windows but then immediately will say saving profile info and closing network connections as though windows is booting down, but it never actually turns off. Now I was thinking of copying the registry through windows recovery console but wanted to know if that would be the correct move.

Right now I am working off of a laptop since the infected computer can't get into windows. Any help would be appreciated.

Thanks
  • 0

Advertisements


#2
Tiggy97

Tiggy97

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Ok so I tried to run recovery console and now at least it gives me an error message i can try to go by. Instead of just staying at the welcome screen it tells me that the \windows\system32\config\system is missing.

I tried the usual recovery console method of:

md tmp
copy c:\windows\system32\config\system c:\windows\tmp\system.bak
copy c:\windows\system32\config\software c:\windows\tmp\software.bak
copy c:\windows\system32\config\sam c:\windows\tmp\sam.bak
copy c:\windows\system32\config\security c:\windows\tmp\security.bak
copy c:\windows\system32\config\default c:\windows\tmp\default.bak

delete c:\windows\system32\config\system
delete c:\windows\system32\config\software
delete c:\windows\system32\config\sam
delete c:\windows\system32\config\security
delete c:\windows\system32\config\default

copy c:\windows\repair\system c:\windows\system32\config\system
copy c:\windows\repair\software c:\windows\system32\config\software
copy c:\windows\repair\sam c:\windows\system32\config\sam
copy c:\windows\repair\security c:\windows\system32\config\security
copy c:\windows\repair\default c:\windows\system32\config\default

But when I go to copy the system file it says it can't find the specified file. And same is for when i go to copy the repair\system file. Any ideas how I could find it?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP