Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

white screen hijack after startup [Closed]


  • This topic is locked This topic is locked

#1
vseavello

vseavello

    New Member

  • Member
  • Pip
  • 6 posts
I have Windows XP, SP2 on a generic PC. When I boot the system, it is successful in getting to the desktop, but after a few minutes all the icons on the desktop disappear and the whole screen is overlaid with a white screen I cannot get around. I cannot start up the task manager, I cannot switch to another open window (ALT-TAB), nothing. I do have mouse control, and the keyboard seems to be active.

From this state, I can hit the reset button and the white screen will go away, showing the full desktop in in the middle of shutdown procedures.

The problem occurs in safe mode, too. In this mode, the system will reboot when the virus asserts itself.

I have been able to get a stable system when I start in safe mode with command prompt.

I was once able to start up in safe mode and disable startup and system services, which I thought stopped the bad behavior. In this state I was able to run a scan with the installed PCTools Spyware Doctor with Antivirus. It found some low risk cookies, but nothing significant. I cleaned up some unneeded software and restarted the system in full startup mode.

I have also connected the hard drive to another system as a secondary drive and run a PCTools scan. It found nothing.

The problem continues.

I did get an error message once that a program performed an illegal instruction. The program was in my users temp directory and was called 1.txt. It looked like this filename was being dynamically generated.

Any help you can give me to figure out what's happening will be appreciated.

vince
  • 0

Advertisements


#2
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Hello and welcome to Geeks to Go. I am sorry that you are having troubles with your computer and will try my best to help you. I know that being infected is very frustrating, but I will be here to help you through the whole process of cleaning. Removing malware can be difficult and complicated and will most likely take many steps, so please stick with me until I have declared your computer clean. I always recommend printing my instructions before following them in case you cannot keep this webpage open. Please be sure to alway follow all steps exactly as they are written and let me know what happens each time. Stop and ask if something unexpected happens or if you are unsure of how to proceed.

Please respect my volunteered time and stay with me until I declare your computer clean. If you are going to be delayed for a while, please let me know.

Please note that I am currently in training as a GeekU Senior. My posts must be reviewed by an instructor, so there may be a slight delay.

I will be posting some instructions shortly.
  • 0

#3
vseavello

vseavello

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
We have time to work this out. I appreciate your help. Looking forward to your instructions.

vince
  • 0

#4
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Hi vseavello,

Download Peazip to the desktop
Run and install the programme
As it installs this page will show, deselect the AVG ticks
Press decline and it will then install cleanly

Posted Image

Download the following files to the desktop .. Right click the links and select save as...then select desktop

Iso2disc

OTLPE_standard

Right click OTLPE on your desktop and select Peazip ..Open as archive

Posted Image


Select OTLPE standard

Posted Image

Click Extract, ensure that desktop is selected

Posted Image

Insert the USB stick Then run Iso2Disc

Posted Image

Select the ISO file on the desktop, tick bootable and press burn.

Now insert the prepared USB drive into your infected computer and follow these steps:
  • Reboot your system using the USB drive you just created.
    Note : If you do not know how to set your computer to boot from USB follow the steps here
  • As the computer needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads :)
  • Your system should now display a Reatogo desktop.
    Note : as you are running from USB it is not exactly speedy
  • Double-click on the OTLPE icon.
  • Select the Windows folder of the infected drive if it asks for a location
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start.
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive if you do not have internet connection on this system.
  • Right click the file and select send to : select the USB drive.
  • Confirm that it has copied to the USB drive by selecting it
  • You can backup any files that you wish from this OS
  • Please post the contents of the C:\OTL.txt file in your reply.

  • 0

#5
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Are you having any trouble with the instructions?
  • 0

#6
vseavello

vseavello

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Sorry, it's been hectic around here. I have some time tonight to work on this. I'll respond with feedback soon.
  • 0

#7
vseavello

vseavello

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
I cannot run my system in normal windows mode, or safe mode with a desktop active. I've started the system with all start up and services disabled, but after a few moments, the white screen takes over and I cannot continue the operations outlined in your instructions.

I need to find a way to keep the system up long enough to install and run the steps you've outlined. If you have some suggestions, let me know. In the mean time, I'll keep trying to find a way to keep the system up long enough to get this going.

vince
  • 0

#8
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
The first steps before this line:

Now insert the prepared USB drive into your infected computer and follow these steps:




are meant to be done on a clean computer. Do you have access to another computer? I assumed that you did because you were posting here. If you don't have access to another computer we might be able to try a different method.
  • 0

#9
vseavello

vseavello

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
thanks. I've run all these procedures on my uninfected system. However, the last operation where you say "Select the ISO file on the desktop, tick bootable and press burn.", I cannot find a place to "tick bootable".

I created the image anyway, and burnt it to USB. I restarted my infected system with the USB plugged in. I went into the boot list and selected USB for the boot device. The system starts windows from the hard drive automatically.

Perhaps this is because I couldn't find the 'bootable' option when burning the USB, or because of some hardware issue on my infected system. I'll go through the BIOS and look for clues. I'll also try to boot from this USB on another system to see if this USB is already bootable

Let me know if you have any suggestions. I'll continue working on this in the meantime.

vince
  • 0

#10
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Hi vseavello,

If you have a CD burner in you clean computer, try this instead.

  • Double click OTLPEStd.exe that you already downloaded and this will then open imgburn to burn the file to CD
  • Reboot your system using the boot CD you just created.
    Note : If you do not know how to set your computer to boot from CD follow the steps here
  • As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads :)
  • Your system should now display a Reatogo desktop.
    Note : as you are running from CD it is not exactly speedy
  • Double-click on the OTLPE icon.
  • Select the Windows folder of the infected drive if it asks for a location
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start.
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive if you do not have internet connection on this system.
  • Right click the file and select send to : select the USB drive.
  • Confirm that it has copied to the USB drive by selecting it
  • You can backup any files that you wish from this OS
  • Please post the contents of the C:\OTL.txt file in your reply.

  • 0

#11
vseavello

vseavello

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Just before getting this note I was pointed to a bootable CD image for Kaspersky. I ran that and it found one high risk object that, when removed, seems to have taken care of the problem. Whatever it was may have been lodged in a skype.dat file.

I went through the Reatogo boot and scan anyway, just in case there is still something hanging around. I've included the output file here.

I sure appreciate your help.

vince

Attached Files

  • Attached File  OTL.Txt   61.35KB   181 downloads

  • 0

#12
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Hi vseavello,

Let's get an OTL scan in normal boot mode and I will check for any remaining malware, if you would like. I think this would be a good idea as malware often brings along "buddies."


Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please check the box next to Scan All Users.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    [list]
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

  • 1

#13
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,723 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP