[billfaith]

I have never seen this virus/malware before. A google search doesnt bring up anything.

Windows xp. Shut down yesterday on its own. After restarting, a message box said there was a disk failure. once past that, windows go's into a fake safe mode. A program comes up, called windowssafemode. It does a fake scan and asks you to buy it. I have run across these fakeware programs before but never one like this.

When you tell it to "fix" your computer, it tries to take you to a webpage, https://www.windows-safemode.com


It runs in any profile
It runs in all the safe modes
IT disables task manager
it never allows you to get to an actual windows screen
there is nothing to close or hide, it takes up the whole screen

I took the hard drive out, put it into my scanning computer, ran everything imagineable.

Each scanner removed a few things.

Put the hard drive back in the computer, and it seemed fine. Windows came up. I ran tdsskiller and it found something. I rebooted like instructed and everything seemed great. About 10 minutes later, computer shuts itself down, upon reboot, it says disk is corrupted, wala right back to the fake scanner.

I hadnt even plugged my network cable back in yet so i could not have downloaded anything again.

I AM LOST beyond lost!!!!!!

[Advertisements]

Now this looks intriguing - Can you run OTL ?

Download OTL to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Select All Users
• Under the Custom Scan box paste this in
  
  netsvcs
  %SYSTEMDRIVE%\*.exe
  /md5start
  explorer.exe
  winlogon.exe
  Userinit.exe
  svchost.exe
  /md5stop
  %systemroot%\*. /mp /s
  CREATERESTOREPOINT
  SAVEMBR:0
  
  
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Post both logs

If not can you burn a CD from another system ?

Please print these instruction out so that you know what you are doing

The latest version is v3.1.44.2

OTLPEStd.exe
MD5=B2FC64F658B31E9B695B98D18361C485
Size = 98,075,974b / 93.5MB

• Download OTLPEStd.exe to your desktop
• Download this scan.txt to a USB drive [attachment=48168:scan.txt]
• Ensure that you have a blank CD in the drive
• Double click OTLPEStd.exe and this will then open imgburn to burn the file to CD
  
  
• Reboot your system using the boot CD you just created.
  Note : If you do not know how to set your computer to boot from CD follow the steps here
• As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads
  
  
• Your system should now display a Reatogo desktop.
  Note : as you are running from CD it is not exactly speedy
• Double-click on the OTLPE icon.
• Select the Windows folder of the infected drive if it asks for a location
• When asked "Do you wish to load the remote registry", select Yes
• When asked "Do you wish to load remote user profile(s) for scanning", select Yes
• Ensure the box "Automatically Load All Remaining Users" is checked and press OK
• OTL should now start.
• Double click the Custom scans and fixes box
• In the dialogue locate the scan.txt you have on the USB
• Press Run Scan to start the scan.
• When finished, the file will be saved in drive C:\OTL.txt
• Copy this file to your USB drive if you do not have internet connection on this system.
• Right click the file and select send to : select the USB drive.
• Confirm that it has copied to the USB drive by selecting it
• You can backup any files that you wish from this OS
• Please post the contents of the C:\OTL.txt file in your reply.

[Essexboy]

Now this looks intriguing - Can you run OTL ?

Download OTL to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Select All Users
• Under the Custom Scan box paste this in
  
  netsvcs
  %SYSTEMDRIVE%\*.exe
  /md5start
  explorer.exe
  winlogon.exe
  Userinit.exe
  svchost.exe
  /md5stop
  %systemroot%\*. /mp /s
  CREATERESTOREPOINT
  SAVEMBR:0
  
  
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Post both logs

If not can you burn a CD from another system ?

Please print these instruction out so that you know what you are doing

The latest version is v3.1.44.2

OTLPEStd.exe
MD5=B2FC64F658B31E9B695B98D18361C485
Size = 98,075,974b / 93.5MB

• Download OTLPEStd.exe to your desktop
• Download this scan.txt to a USB drive [attachment=48168:scan.txt]
• Ensure that you have a blank CD in the drive
• Double click OTLPEStd.exe and this will then open imgburn to burn the file to CD
  
  
• Reboot your system using the boot CD you just created.
  Note : If you do not know how to set your computer to boot from CD follow the steps here
• As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads
  
  
• Your system should now display a Reatogo desktop.
  Note : as you are running from CD it is not exactly speedy
• Double-click on the OTLPE icon.
• Select the Windows folder of the infected drive if it asks for a location
• When asked "Do you wish to load the remote registry", select Yes
• When asked "Do you wish to load remote user profile(s) for scanning", select Yes
• Ensure the box "Automatically Load All Remaining Users" is checked and press OK
• OTL should now start.
• Double click the Custom scans and fixes box
• In the dialogue locate the scan.txt you have on the USB
• Press Run Scan to start the scan.
• When finished, the file will be saved in drive C:\OTL.txt
• Copy this file to your USB drive if you do not have internet connection on this system.
• Right click the file and select send to : select the USB drive.
• Confirm that it has copied to the USB drive by selecting it
• You can backup any files that you wish from this OS
• Please post the contents of the C:\OTL.txt file in your reply.

[Essexboy]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.