Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Virus got me BAD! [RESOLVED]


  • This topic is locked This topic is locked

#1
Dinofish

Dinofish

    Member

  • Member
  • PipPip
  • 39 posts
Hi,

After reading and doing all the "do before you post", I thought I had it licked. But in the end, it got me BAD! When the virus originally kicked in, my Ad-ware log got filled and I noticed that all .exe, .lnk, .pif and .reg would only open it notepad. With some help from the internet I download some file that gave me some control back. I then restored my registry and everything seemed ok until I reboot. Same thing kept happening. In the end I disabled system restore, ran Ewido, enabled system restore an rebooted. Everything came up fine excluding Ad-ware. When I activated the program, the virus came back. I restored my registry, uninstalled Ad-ware, disabled system restore, ran Ewido, enabled system restore and rebooted. My problem now is that I can not get in. As soon as the XP screen appears it kicks me back to the screen where I can choose safe mode, or last know command or normal boot. None of these work. I can't get in! Can you help me???
  • 0

Advertisements


#2
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,671 posts
Please follow the procedure here: http://www.geekstogo...ws-XP-t138.html

Post a HijackThis log once you have regained the ability to log in normally in Windows.

Regards,
  • 0

#3
Dinofish

Dinofish

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
Hello, Thank you for helping me.

When I purchase the Computer no cds came with it. I obtained an XP Pro disk and ran the XP repair from that. This did not work. As soon as the XP screen appears it reboots. Safe mode, Last known and normal will not boot. I think my registry's messed up???
  • 0

#4
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,671 posts
Can you remember if a file called userinit or maybe even winlogon was marked to be removed?

It sounds as if one of those is missing or called wrong from the registry.

Regards,
  • 0

#5
Dinofish

Dinofish

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
I do not remember seeing those files.

I have also sinced added another OS onto the hard drive so at least I have access to the hdd.
  • 0

#6
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,671 posts
Oh. That was good thinking. :tazz:

Can you check on the partition of the old installation if you can find userinit.exe and winlogon.exe in the System(32) folder?

Regards,
  • 0

#7
Dinofish

Dinofish

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
Hi, Thanks for your help.

Yes, they are both in there.
  • 0

#8
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,671 posts
OK. Then it probably is the registry that has the problem.

On that partition find the file system32\config\system(.log) and rename it to system.bak THis will be our backup in case this doesn't work.
Then find c:\windows\repair\system(.log) and copy it to system32\config

Then try and boot into that Windows install.

Let me know.

Regards,
  • 0

#9
Dinofish

Dinofish

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
System.log file does not exist in c:\windows\repair folder. This folder contains the files:autoexec.nt, config.nt, default, ds_SAM, ds_SECURITY, ds_SOFTWARE, ntuser.dat, sam, secsetup.inf, security, setup.log and software. I searched my entire c-drive to find another, but came up empty.
  • 0

#10
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,671 posts
Ugh. That doesn't make it any easier. :tazz:

Can you find the system.log in system32\config ?

Maybe I can manually repair it, although that is a long shot.

Regards,
  • 0

Advertisements


#11
Dinofish

Dinofish

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
Hello,

Yes, there is a system.log file (1 kb in size) My system.sav file is 58,624 kb. Is this unusually large?

I tried to attach the log but your site stated "Upload failed. You are not permitted to upload a file with that file extension." :tazz: I was logged in at the time. Any suggestions?
  • 0

#12
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,671 posts
If you rename the .log file to .txt it will not be changed and you shjould be able to upload it.

I'll give you some background info, so you will understand what the files are for:
http://msdn.microsof...istry_hives.asp

Regards,
  • 0

#13
Dinofish

Dinofish

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
Here you go...Attached File  system.txt   1KB   129 downloads
  • 0

#14
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,671 posts
Nothing wrong with that.

Can you do the same for
Ntuser.dat.log
  • 0

#15
Dinofish

Dinofish

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
Hi

Attached if the ntuser.dat.log from the Repair folder. The other attachment is from c:\windows\system32\config\systemprofile directory.
There are other ntuser.dat.log file in each one of my user accounts. Would you like to see any of those?

Attached Files


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP