After reading and doing all the "do before you post", I thought I had it licked. But in the end, it got me BAD! When the virus originally kicked in, my Ad-ware log got filled and I noticed that all .exe, .lnk, .pif and .reg would only open it notepad. With some help from the internet I download some file that gave me some control back. I then restored my registry and everything seemed ok until I reboot. Same thing kept happening. In the end I disabled system restore, ran Ewido, enabled system restore an rebooted. Everything came up fine excluding Ad-ware. When I activated the program, the virus came back. I restored my registry, uninstalled Ad-ware, disabled system restore, ran Ewido, enabled system restore and rebooted. My problem now is that I can not get in. As soon as the XP screen appears it kicks me back to the screen where I can choose safe mode, or last know command or normal boot. None of these work. I can't get in! Can you help me???
Virus got me BAD! [RESOLVED]
Started by
Dinofish
, Sep 09 2005 07:55 AM
-
This topic is locked
#1
Posted 09 September 2005 - 07:55 AM
Dinofish
-
- Member
-
- 39 posts
Member
After reading and doing all the "do before you post", I thought I had it licked. But in the end, it got me BAD! When the virus originally kicked in, my Ad-ware log got filled and I noticed that all .exe, .lnk, .pif and .reg would only open it notepad. With some help from the internet I download some file that gave me some control back. I then restored my registry and everything seemed ok until I reboot. Same thing kept happening. In the end I disabled system restore, ran Ewido, enabled system restore an rebooted. Everything came up fine excluding Ad-ware. When I activated the program, the virus came back. I restored my registry, uninstalled Ad-ware, disabled system restore, ran Ewido, enabled system restore and rebooted. My problem now is that I can not get in. As soon as the XP screen appears it kicks me back to the screen where I can choose safe mode, or last know command or normal boot. None of these work. I can't get in! Can you help me???
#2
Posted 15 September 2005 - 12:58 PM
Metallica
-
- GeekU Moderator
-
- 33,101 posts
Spyware Veteran
Please follow the procedure here: http://www.geekstogo...ws-XP-t138.html
Post a HijackThis log once you have regained the ability to log in normally in Windows.
Regards,
Post a HijackThis log once you have regained the ability to log in normally in Windows.
Regards,
#3
Posted 15 September 2005 - 02:07 PM
Dinofish
- Topic Starter
-
- Member
-
- 39 posts
Member
Hello, Thank you for helping me.
When I purchase the Computer no cds came with it. I obtained an XP Pro disk and ran the XP repair from that. This did not work. As soon as the XP screen appears it reboots. Safe mode, Last known and normal will not boot. I think my registry's messed up???
When I purchase the Computer no cds came with it. I obtained an XP Pro disk and ran the XP repair from that. This did not work. As soon as the XP screen appears it reboots. Safe mode, Last known and normal will not boot. I think my registry's messed up???
#4
Posted 16 September 2005 - 11:53 AM
Metallica
-
- GeekU Moderator
-
- 33,101 posts
Spyware Veteran
Can you remember if a file called userinit or maybe even winlogon was marked to be removed?
It sounds as if one of those is missing or called wrong from the registry.
Regards,
It sounds as if one of those is missing or called wrong from the registry.
Regards,
#5
Posted 16 September 2005 - 12:46 PM
Dinofish
- Topic Starter
-
- Member
-
- 39 posts
Member
I do not remember seeing those files.
I have also sinced added another OS onto the hard drive so at least I have access to the hdd.
I have also sinced added another OS onto the hard drive so at least I have access to the hdd.
#6
Posted 16 September 2005 - 01:02 PM
Metallica
-
- GeekU Moderator
-
- 33,101 posts
Spyware Veteran
Oh. That was good thinking. 
Can you check on the partition of the old installation if you can find userinit.exe and winlogon.exe in the System(32) folder?
Regards,
Can you check on the partition of the old installation if you can find userinit.exe and winlogon.exe in the System(32) folder?
Regards,
#7
Posted 16 September 2005 - 01:45 PM
Dinofish
- Topic Starter
-
- Member
-
- 39 posts
Member
Hi, Thanks for your help.
Yes, they are both in there.
Yes, they are both in there.
#8
Posted 16 September 2005 - 02:19 PM
Metallica
-
- GeekU Moderator
-
- 33,101 posts
Spyware Veteran
OK. Then it probably is the registry that has the problem.
On that partition find the file system32\config\system(.log) and rename it to system.bak THis will be our backup in case this doesn't work.
Then find c:\windows\repair\system(.log) and copy it to system32\config
Then try and boot into that Windows install.
Let me know.
Regards,
On that partition find the file system32\config\system(.log) and rename it to system.bak THis will be our backup in case this doesn't work.
Then find c:\windows\repair\system(.log) and copy it to system32\config
Then try and boot into that Windows install.
Let me know.
Regards,
#9
Posted 16 September 2005 - 05:16 PM
Dinofish
- Topic Starter
-
- Member
-
- 39 posts
Member
System.log file does not exist in c:\windows\repair folder. This folder contains the files:autoexec.nt, config.nt, default, ds_SAM, ds_SECURITY, ds_SOFTWARE, ntuser.dat, sam, secsetup.inf, security, setup.log and software. I searched my entire c-drive to find another, but came up empty.
#10
Posted 18 September 2005 - 03:09 AM
Metallica
-
- GeekU Moderator
-
- 33,101 posts
Spyware Veteran
Ugh. That doesn't make it any easier. 
Can you find the system.log in system32\config ?
Maybe I can manually repair it, although that is a long shot.
Regards,
Can you find the system.log in system32\config ?
Maybe I can manually repair it, although that is a long shot.
Regards,
#11
Posted 18 September 2005 - 08:27 PM
Dinofish
- Topic Starter
-
- Member
-
- 39 posts
Member
Hello,
Yes, there is a system.log file (1 kb in size) My system.sav file is 58,624 kb. Is this unusually large?
I tried to attach the log but your site stated "Upload failed. You are not permitted to upload a file with that file extension."
I was logged in at the time. Any suggestions?
Yes, there is a system.log file (1 kb in size) My system.sav file is 58,624 kb. Is this unusually large?
I tried to attach the log but your site stated "Upload failed. You are not permitted to upload a file with that file extension."
I was logged in at the time. Any suggestions?
#12
Posted 19 September 2005 - 11:38 AM
Metallica
-
- GeekU Moderator
-
- 33,101 posts
Spyware Veteran
If you rename the .log file to .txt it will not be changed and you shjould be able to upload it.
I'll give you some background info, so you will understand what the files are for:
http://msdn.microsof...istry_hives.asp
Regards,
I'll give you some background info, so you will understand what the files are for:
http://msdn.microsof...istry_hives.asp
Regards,
#14
Posted 20 September 2005 - 11:43 AM
Metallica
-
- GeekU Moderator
-
- 33,101 posts
Spyware Veteran
Nothing wrong with that.
Can you do the same for
Ntuser.dat.log
Can you do the same for
Ntuser.dat.log
#15
Posted 20 September 2005 - 08:02 PM
Dinofish
- Topic Starter
-
- Member
-
- 39 posts
Member
Hi
Attached if the ntuser.dat.log from the Repair folder. The other attachment is from c:\windows\system32\config\systemprofile directory.
There are other ntuser.dat.log file in each one of my user accounts. Would you like to see any of those?
Attached if the ntuser.dat.log from the Repair folder. The other attachment is from c:\windows\system32\config\systemprofile directory.
There are other ntuser.dat.log file in each one of my user accounts. Would you like to see any of those?
Attached Files
-
FromRepairFolder_ntuser.dat.txt 232KB
191 downloads
-
Systemprofile_NTUSER.DAT.txt 1KB
257 downloads
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
