Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Security Protection Warning virus [Solved]


  • This topic is locked This topic is locked

#1
Ben T

Ben T

    Member

  • Member
  • PipPipPip
  • 128 posts
Security Protection program runs a full PC scan after computer start up. Balloon says, "Malicious program has been detected. Click here to protect your computer."

When I try to access the internet, it says, "iexplore.exe can not start. File iexplore.exe is infected by W32/Blaster.worm. Please activate Security Protection to protect your computer."

I cannot enter the safe mode or use a flash drive to run a virus program.

Computer has Windows XP, Home Edition, Version 2002, and Service Pack 2 installed.
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK then do you have the facility to burn a disc using another computer ?

If so then do the following

OK next we will work outside of windows then Please print these instruction out so that you know what you are doing. This disc will allow you access to the internet
  • Download and save the attached scan.txt to a USB drive, we will need it later
    [attachment=55315:scan.txt]
  • Download OTLPENet.exe to your desktop
  • Ensure that you have a blank CD in the drive
  • Double click OTLPENet.exe and this will then open imgburn to burn the file to CD
  • Reboot your system using the boot CD you just created.Note : If you do not know how to set your computer to boot from CD follow the steps here
  • As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads :)
  • Your system should now display a Reatogo desktop.Note : as you are running from CD it is not exactly speedy
  • Double-click on the OTLPE icon.
  • Select the Windows folder of the infected drive if it asks for a location
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start
  • Drag and drop the scan.txt from the USB into the Custom scans and fixes box, or double click the scan box[
    ]
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive if you do not have internet connection on this system
  • Right click the file and select send to : select the USB drive.
  • Confirm that it has copied to the USB drive by selecting it
  • You can backup any files that you wish from this OS
  • Please post the contents of the C:\OTL.txt file in your reply.

  • 0

#3
Ben T

Ben T

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 128 posts
The link for OTLPenet.exe won't download to my computer. I have tried it on 2 different computers.

I think I finally got it copied to disc. Will try to finish tomorrow.

Edited by Ben T, 13 January 2012 - 09:34 PM.

  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Intriguing the link works for me
  • 0

#5
Ben T

Ben T

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 128 posts
I can access the boot sequence screen to change the computer to load from the CD-ROM. When I change it to load from there and continue by pressing the enter button, it still loads Windows. I've tried it 5 times, but it doesn't make any difference. Any suggestions?
  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Note: If using Firefox right-click on any download links and choose Save As

Please download OTH to your desktop
Please download OTL to your desktop
Please download the attached file Scan.txt to your desktop
[attachment=55332:scan.txt]
Double click the OTH file to run it and click Kill All Processes, your desktop will go blank.

Posted Image

Then select Start OTL. OTL will now run

  • Double-click on the Custom Scans box and a message box will popup asking if you want to load a custom scan from a file
    Select Scan.txt that you downloaded
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Click the Internet Explorer button, post these logs in your Virus Removal topic.

  • 0

#7
Ben T

Ben T

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 128 posts
Infected computer will not allow anything to download. I installed these programs on a flash driver. When I try to run these programs from the flash driver, it won't allow them to run at all.
  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Does it allow you to access a cd from normal windows ?

If so burn the files to CD
  • 0

#9
Ben T

Ben T

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 128 posts
Burned the programs to disc but infected computer wouldn't let the programs open at all again.
  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
When you restart the computer with the CD in the drive do you get the following prompt ?

Press any key to boot from CD
  • 0

Advertisements


#11
Ben T

Ben T

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 128 posts
No, it just continues to load Windows. I tried to use F8 to get it to load from the CD-ROM, but it always loads Windows no matter what I try.
  • 0

#12
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Until I can get some tools on the system to look at it I am at a bit of an impasse

And as the boot sequence is being disabled I can at the moment see no way around.

Can you boot to safe mode with networking ?
  • 0

#13
Ben T

Ben T

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 128 posts
No, the machine has locked me out of changing or running any type of program. I can't change the BIOS or run any programs on it. I don't have it connected to the internet right now, but it won't let me access it anyway. It has me completely locked out.
  • 0

#14
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
The only thing I can think of at the moment is to remove the drive from the infected system and put it in a USB caddy
Plug the caddy into a decent system (under no circumstances allow it to access or run the drive)
Then scan the drive with malwarebytes initially
Replace the drive in the old system and then run OTL
  • 0

#15
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Or we could do the following

On the infected machine

Open notepad and type the following:

@echo off
Regedit /E "%userprofile%\Desktop\hklrun.reg"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run"
Regedit /E "%userprofile%\Desktop\hkurun.reg"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run"
exit


Then select file
Select save as...
In the drop down box at the bottom select all files
Name the text file as seek.bat and save to the desktop
Run the bat file
Two reports will be produced
Right click them individually and select edit

Then any programmes that you do not recognise copy the entire line for that entry and post it here
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP