[Jan1959]

Hi,
I have a very strange problem with a windows xp laptop. The first time I realised that there was a problem was when I started it up. Windows appears to load normally with the welcome screen and background loading okay. The windows tune played and then it flashed to a white screen with a grey box stating that it could not connect to the internet. I tried safe mode but still the same problem. I downloaded and ran the AGV rescue CD but it could not connect to the internet. I ran the scan anyway but it didn't find anything. I have tried the OTL but it still went back to the windows blank screen. I tried one of the different OTL programmes and this one loaded and performed a checkdisk in DOS. It seemed to pick up several problems but they were too quick for me to note down. I am still getting the windows background but with no icons and I am still getting the message that task manager has been disabled by my administrator when I press cancel,alt, delete.
The date and time in the bios settings are fine and I can change the boot sequence but my gut feeling is that this is a virus/trojan.

Any ideas Guys? I did have a major trojan problem with this laptop last year but after many, many hours it was eventually fixed by you. I don't think it's the same problem but just in case you can track back your records I thought that you should know.

Edited by Jan1959, 04 November 2011 - 02:17 PM.

[Advertisements]

Hi there lets run this small programme first and then retry OTL

Download RogueKiller to your desktop

• Quit all running programs
• For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
• When prompted, type 2 and validate
• The RKreport.txt shall be generated next to the executable.
• If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe

THEN

• Quit all running programs
• For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
• When prompted, type 6 and validate
• The RKreport.txt shall be generated next to the executable.
• If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe

Please post the contents of the RKreport.txt in your next Reply.

Having hopefully regained the desktop

Download OTL to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Select All Users
• Under the Custom Scan box paste this in
  netsvcs
  %SYSTEMDRIVE%\*.exe
  /md5start
  explorer.exe
  winlogon.exe
  Userinit.exe
  svchost.exe
  /md5stop
  C:\Windows\assembly\tmp\U\*.* /s
  CREATERESTOREPOINT
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Post both logs

[Essexboy]

Hi there lets run this small programme first and then retry OTL

Download RogueKiller to your desktop

• Quit all running programs
• For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
• When prompted, type 2 and validate
• The RKreport.txt shall be generated next to the executable.
• If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe

THEN

• Quit all running programs
• For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
• When prompted, type 6 and validate
• The RKreport.txt shall be generated next to the executable.
• If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe

Please post the contents of the RKreport.txt in your next Reply.

Having hopefully regained the desktop

Download OTL to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Select All Users
• Under the Custom Scan box paste this in
  netsvcs
  %SYSTEMDRIVE%\*.exe
  /md5start
  explorer.exe
  winlogon.exe
  Userinit.exe
  svchost.exe
  /md5stop
  C:\Windows\assembly\tmp\U\*.* /s
  CREATERESTOREPOINT
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Post both logs

[Jan1959]

Hi,
Sorry for the delay in replying, I didn't expect such a quick response!
I have tried running RogueKiller but it won't load up, just like the OTL. The only one that has worked so far is the AGV. I can hear the disk booting up but the laptop just goes onto the empty Windows screen.

[Essexboy]

OK more than one way to skin a cat

OK next we will work outside of windows then Please print these instruction out so that you know what you are doing

• Download OTLPENet.exe to your desktop
• Ensure that you have a blank CD in the drive
• Double click OTLPENet.exe and this will then open imgburn to burn the file to CD
• Reboot your system using the boot CD you just created.Note : If you do not know how to set your computer to boot from CD follow the steps here
• As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads
• Your system should now display a Reatogo desktop.Note : as you are running from CD it is not exactly speedy
• Double-click on the OTLPE icon.
• Select the Windows folder of the infected drive if it asks for a location
• When asked "Do you wish to load the remote registry", select Yes
• When asked "Do you wish to load remote user profile(s) for scanning", select Yes
• Ensure the box "Automatically Load All Remaining Users" is checked and press OK
• OTL should now start
• Drag and drop this attached scan.txt into the Custom scans and fixes box, or double click the scan box [attachment=53374:scan.txt]
• Press Run Scan to start the scan.
• When finished, the file will be saved in drive C:\OTL.txt
• Copy this file to your USB drive if you do not have internet connection on this system
• Right click the file and select send to : select the USB drive.
• Confirm that it has copied to the USB drive by selecting it
• You can backup any files that you wish from this OS
• Please post the contents of the C:\OTL.txt file in your reply.

[Jan1959]

Sorry but this still hasn't worked. Even thought the bios settings are set to boot from cd first, the same thing happens as last time. I have also tried to boot via a USB stick but the system just totally freezes and nothing happens at all then. Interestingly, the bios settings change back to boot from CD each time that I restart the laptop, even though I changed it to USB to see if that would work.
I'm beginning to think that this is more of a tiger than a cat!

[Essexboy]

So it cannot read a CD or boot from it ?

Lets see if this one works

Please download DDS and save it to your desktop.

• Disable any script blocking protection
• Double click dds.scr to run the tool.
• When done, DDS.txt will open.
• Click Yes at the next prompt for Optional Scan.
• Save both reports to your desktop.

---------------------------------------------------

Please include the contents of the following in your next reply:

DDS.txt

[Jan1959]

Sorry to be a pitb but I can't downloaad the DDS file. I turned off all my realtime shields on avast but it's still coming up with a blank page when a click on the link. can you tell me what I'm doing wrong please?

[Essexboy]

OK here is a copy I dowloaded for you

Download the zip file and extract dds to your desktop
Double click DDS

[attachment=53379:dds.zip]

[Jan1959]

Okay, I feel that I'm really being thick now - how do I actually get the DDS file onto the laptop with the virus? I have no way of accessing any of the controls or internet and I have tried to load it via CD but joy, sorry.

[Essexboy]

Can you put it on a USB drive and then copy it to the infected system ?

[Jan1959]

I'll try again but it wouldn't recognise my USB stick last time, the laptop just froze

[Essexboy]

So we are in the situation where your computer does not recognise a CD or a USB can you get to safe mode with networking ?

[Jan1959]

I can get to safe mode but it doesn't make any difference, it is the same screen as normal mode with no internet. I have just loaded the DDS via USB and now I have CHKSK running, it seemed to find a lot of problems but now it has gone back to the frozen start up screen.

[Essexboy]

OK this one is a mystery for sure

Lets try Combofix - what are the details of your computer i.e. make and model

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

• Double click on ComboFix.exe & follow the prompts.

• Double click on ComboFix.exe & follow the prompts.
• Accept the disclaimer and allow to update if it asks
  
  
  
  
  
• When finished, it shall produce a log for you.
• Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

[Jan1959]

I'm really sorry but I cannot find a way to get combofix onto the laptop. USB and CD not responding, safe mode still doesn't work with or without networking. The only progress I can say is that I do have access to the Task manager in safe mode if this is any help?

Forgot to say - it's a Gateway laptop Model No: MX6933b

Edited by Jan1959, 05 November 2011 - 10:57 AM.