Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Windows XP: Virus affected, system boots but nothing beyond that. Same


  • This topic is locked This topic is locked

#1
AnandM

AnandM

    Member

  • Member
  • PipPip
  • 30 posts
Hi, Thanks for offering to help me.

My operating system is Windows XP. System was infected, I ran MBAM which detected 10 infections. Fix infections required a reboot. Upon reboot, after login, the screen comes up but is empty, Windows shortcuts dont work either.

I then tried Safe Mode, the results are pretty much the same (all I could see when I login as adminstrator are the SafeMode on 4 corners of the screen). On Safe Mode + Command Prompt, the command prompt did come up. I tried "System Restore" using the command prompt to a couple of days back, system restore did go through. But that did not solve the problem either.

Any help is appreciated.
Thanks
  • 0

Advertisements


#2
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Hi
:unsure: . I'm Michael and I'm going to help you fix your computer :yes:

Note: Before we start the process you should:
  • POST your logs, don't attach them, as it makes it harder to read. Also please don't edit any log in any case
  • Disable ANY programs that offer real-time protection features while executing my instructions. That includes your antivirus, antispyware, windows defender or any other program that offers protection. When you're clean or waiting for my next set of instructions, re-enable them .If you need any help disabling them, ask.
  • Topics that are idle for 4 days after I post instructions will be closed, unless I'm notified of the delay.
  • Last, as most of the tools we use here need administrative rights in order to function properly, I expect that you will be running them from an administrator account.

You said that safe mode with command prompt works right? If yes, do this:


  • Download aswMBR.exe ( 511KB ) to your USB from a clean computer
  • Download OTL to your USB from a clean computer
  • Copy the following and paste them in a notepad file. Save it in your USB named scan.txt:

    netsvcs
    %SYSTEMDRIVE%\*.exe
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %SYSTEMDRIVE%\*.exe
    %ALLUSERSPROFILE%\Application Data\*.exe
    %APPDATA%\*.
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    %systemroot%\*. /mp /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    CREATERESTOREPOINT

  • Boot into safe mode with command prompt with the infected computer, having the USB with the tools inserted
  • Log in to your account.
  • When the command prompt appears, type:

    explorer.exe

  • Click Yes to the pop up and you should see your Desktop
  • Open my computer and go to the following directory:

    C:\Documents and Settings\[YourUsername]\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\

  • There you should see some logs, named like this

    mbam-log-[date (time)].txt

  • Copy the most recent one to your USB. I want the log scan that rendered your computer unbootable.
  • Post the log in your next reply.


Next:

While still in safe mode, move OTL.exe and aswMBR.exe to your Desktop from the USB.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your USB and post it in your next reply
Posted Image

Also in Desktop there should be a file called MBR.dat after that, zip it and then attach it here :)



Next:


Posted Image OTL Custom Scan
  • Double click on the Posted Image icon to run it.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top, make sure Stadard output is selected.
  • Select Scan all users
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scans/Fixes box copy and paste the contents of scan.txt you have in your USB
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open OTL.Txt and Extras.txt in Notepad window.
  • Please copy (Edit->Select All, Edit->Copy) save these files n your USB and post them with your next reply.


Post back with the MBAM, aswMBR, OTL.txt and Extras.txt logs, or tell me if anything unexpected occurred
  • 0

#3
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP