[vseavello]

I have Windows XP, SP2 on a generic PC. When I boot the system, it is successful in getting to the desktop, but after a few minutes all the icons on the desktop disappear and the whole screen is overlaid with a white screen I cannot get around. I cannot start up the task manager, I cannot switch to another open window (ALT-TAB), nothing. I do have mouse control, and the keyboard seems to be active.

From this state, I can hit the reset button and the white screen will go away, showing the full desktop in in the middle of shutdown procedures.

The problem occurs in safe mode, too. In this mode, the system will reboot when the virus asserts itself.

I have been able to get a stable system when I start in safe mode with command prompt.

I was once able to start up in safe mode and disable startup and system services, which I thought stopped the bad behavior. In this state I was able to run a scan with the installed PCTools Spyware Doctor with Antivirus. It found some low risk cookies, but nothing significant. I cleaned up some unneeded software and restarted the system in full startup mode.

I have also connected the hard drive to another system as a secondary drive and run a PCTools scan. It found nothing.

The problem continues.

I did get an error message once that a program performed an illegal instruction. The program was in my users temp directory and was called 1.txt. It looked like this filename was being dynamically generated.

Any help you can give me to figure out what's happening will be appreciated.

vince

[Advertisements]

Hello and welcome to Geeks to Go. I am sorry that you are having troubles with your computer and will try my best to help you. I know that being infected is very frustrating, but I will be here to help you through the whole process of cleaning. Removing malware can be difficult and complicated and will most likely take many steps, so please stick with me until I have declared your computer clean. I always recommend printing my instructions before following them in case you cannot keep this webpage open. Please be sure to alway follow all steps exactly as they are written and let me know what happens each time. Stop and ask if something unexpected happens or if you are unsure of how to proceed.

Please respect my volunteered time and stay with me until I declare your computer clean. If you are going to be delayed for a while, please let me know.

Please note that I am currently in training as a GeekU Senior. My posts must be reviewed by an instructor, so there may be a slight delay.

I will be posting some instructions shortly.

[Buddierdl]

Hello and welcome to Geeks to Go. I am sorry that you are having troubles with your computer and will try my best to help you. I know that being infected is very frustrating, but I will be here to help you through the whole process of cleaning. Removing malware can be difficult and complicated and will most likely take many steps, so please stick with me until I have declared your computer clean. I always recommend printing my instructions before following them in case you cannot keep this webpage open. Please be sure to alway follow all steps exactly as they are written and let me know what happens each time. Stop and ask if something unexpected happens or if you are unsure of how to proceed.

Please respect my volunteered time and stay with me until I declare your computer clean. If you are going to be delayed for a while, please let me know.

Please note that I am currently in training as a GeekU Senior. My posts must be reviewed by an instructor, so there may be a slight delay.

I will be posting some instructions shortly.

[vseavello]

We have time to work this out. I appreciate your help. Looking forward to your instructions.

vince

[Buddierdl]

Hi vseavello,

Download Peazip to the desktop
Run and install the programme
As it installs this page will show, deselect the AVG ticks
Press decline and it will then install cleanly



Download the following files to the desktop .. Right click the links and select save as...then select desktop

Iso2disc

OTLPE_standard

Right click OTLPE on your desktop and select Peazip ..Open as archive




Select OTLPE standard



Click Extract, ensure that desktop is selected



Insert the USB stick Then run Iso2Disc



Select the ISO file on the desktop, tick bootable and press burn.

Now insert the prepared USB drive into your infected computer and follow these steps:

• Reboot your system using the USB drive you just created.
  Note : If you do not know how to set your computer to boot from USB follow the steps here
• As the computer needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads
• Your system should now display a Reatogo desktop.
  Note : as you are running from USB it is not exactly speedy
• Double-click on the OTLPE icon.
• Select the Windows folder of the infected drive if it asks for a location
• When asked "Do you wish to load the remote registry", select Yes
• When asked "Do you wish to load remote user profile(s) for scanning", select Yes
• Ensure the box "Automatically Load All Remaining Users" is checked and press OK
• OTL should now start.
• Press Run Scan to start the scan.
• When finished, the file will be saved in drive C:\OTL.txt
• Copy this file to your USB drive if you do not have internet connection on this system.
• Right click the file and select send to : select the USB drive.
• Confirm that it has copied to the USB drive by selecting it
• You can backup any files that you wish from this OS
• Please post the contents of the C:\OTL.txt file in your reply.

[Buddierdl]

Are you having any trouble with the instructions?

[vseavello]

Sorry, it's been hectic around here. I have some time tonight to work on this. I'll respond with feedback soon.

[vseavello]

I cannot run my system in normal windows mode, or safe mode with a desktop active. I've started the system with all start up and services disabled, but after a few moments, the white screen takes over and I cannot continue the operations outlined in your instructions.

I need to find a way to keep the system up long enough to install and run the steps you've outlined. If you have some suggestions, let me know. In the mean time, I'll keep trying to find a way to keep the system up long enough to get this going.

vince

[Buddierdl]

The first steps before this line:

Now insert the prepared USB drive into your infected computer and follow these steps:

are meant to be done on a clean computer. Do you have access to another computer? I assumed that you did because you were posting here. If you don't have access to another computer we might be able to try a different method.

[vseavello]

thanks. I've run all these procedures on my uninfected system. However, the last operation where you say "Select the ISO file on the desktop, tick bootable and press burn.", I cannot find a place to "tick bootable".

I created the image anyway, and burnt it to USB. I restarted my infected system with the USB plugged in. I went into the boot list and selected USB for the boot device. The system starts windows from the hard drive automatically.

Perhaps this is because I couldn't find the 'bootable' option when burning the USB, or because of some hardware issue on my infected system. I'll go through the BIOS and look for clues. I'll also try to boot from this USB on another system to see if this USB is already bootable

Let me know if you have any suggestions. I'll continue working on this in the meantime.

vince

[Buddierdl]

Hi vseavello,

If you have a CD burner in you clean computer, try this instead.

• Double click OTLPEStd.exe that you already downloaded and this will then open imgburn to burn the file to CD
  
• Reboot your system using the boot CD you just created.
  Note : If you do not know how to set your computer to boot from CD follow the steps here
• As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads
  
• Your system should now display a Reatogo desktop.
  Note : as you are running from CD it is not exactly speedy
• Double-click on the OTLPE icon.
• Select the Windows folder of the infected drive if it asks for a location
• When asked "Do you wish to load the remote registry", select Yes
• When asked "Do you wish to load remote user profile(s) for scanning", select Yes
• Ensure the box "Automatically Load All Remaining Users" is checked and press OK
• OTL should now start.
• Press Run Scan to start the scan.
• When finished, the file will be saved in drive C:\OTL.txt
• Copy this file to your USB drive if you do not have internet connection on this system.
• Right click the file and select send to : select the USB drive.
• Confirm that it has copied to the USB drive by selecting it
• You can backup any files that you wish from this OS
• Please post the contents of the C:\OTL.txt file in your reply.

[vseavello]

Just before getting this note I was pointed to a bootable CD image for Kaspersky. I ran that and it found one high risk object that, when removed, seems to have taken care of the problem. Whatever it was may have been lodged in a skype.dat file.

I went through the Reatogo boot and scan anyway, just in case there is still something hanging around. I've included the output file here.

I sure appreciate your help.

vince

Attached Files

•  OTL.Txt   61.35KB   371 downloads

[Buddierdl]

Hi vseavello,

Let's get an OTL scan in normal boot mode and I will check for any remaining malware, if you would like. I think this would be a good idea as malware often brings along "buddies."


Download OTL to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Please check the box next to Scan All Users.
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  [list]
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

[Dakeyras]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.