St0ney
join:2001-02-25
uranus
1 edit | [Trojan] Cant even login to windows
im running windows XP on my infected computer
Over the past few weeks, i been getting a number of warnings from Avast...every time i quarantined/moved the files and just forgot about it...
well today it happened again...so did the same ...moved it. then i noticed my desktop background got changed to one of those fake antispyware software pictures...u know the one that says to the effect" you computer has been infected...blah blah...please click here to remove/ download the latest antivirus software, etc...
it was just a background pic, so i thought ok let me rightclick--->properties---and lo an dbehold theres no change background tab! i only saw three tabs (i think themes, appearance, and settings tab)
weird, so i though restart would do it...
but after i restarted and clicked on the admin profile to login, it doesnt go to desktop ; it will say "loading settings..." then "logging off"
now i cant even get into my desktop.
also i cant do safeboot (F8 at bootup); i have dual boot with mandrake linux...
does anyone have any idea on how to fix this problem? is it a trojan?
i cant even do all the pre-clean steps outlined in this forum, cuz i cant get in to my dekstop or safemode |
|
St0ney
join:2001-02-25
uranus | no help? |
|
lilhurricane
Crunchin' For Cures
Premium,Mod
join:2003-01-11
Purple Zone
clubs: 
 ·Comcast
Host:
TV over IP
Software
RCN
Inside Insight
Team Discovery
| If you have a clean computer to work from, try d/l'g some tools and get started on pre-clean.
If not interested..we can move this to MS Help if you require reformat assistance.
If you cannot boot to even safe mode..there's more involved here |
|
St0ney
join:2001-02-25
uranus | reply to lilhurricane
Re: [Trojan] Cant even login to windows
yes i think i may have to boot to the last save registry? please move to ms help then |
|
lilhurricane
Crunchin' For Cures
Premium,Mod
join:2003-01-11
Purple Zone
clubs: | Ok, St0ney - buckle your seatbelt
Moving to MS Help |
|
auggy
Premium,Mod
join:2001-12-24
Brockville, ON
·Cogeco Cable
 ·Bell Sympatico
Host:
Microsoft Help
| reply to St0ney
said by St0ney  :also i cant do safeboot (F8 at bootup); i have dual boot with mandrake linux... Why can you not do safeboot? What happens? |
|
DOStradamus
MVM
join:2003-11-04
Santa Rosa, CA
| reply to St0ney
said by St0ney :also i cant do safeboot (F8 at bootup); i have dual boot with mandrake linux... Have a floppy drive on that system, or can you add one?
Have another computer running XP, 2k3, or 2K that also has a floppy drive?
If so, create a floppy that will enable you to boot to safe mode:
1. Format a floppy on that other system
2. Get to a command prompt on that other system
3. XCOPY/H C:\NTLDR A:
4. XCOPY/H C:\NTDETECT.COM A:
Only thing left, is to put a BOOT.INI file on that floppy:
Above is for XP installed on the first partition on the drive. Change as needed.
Don't forget to set the FLOPPY as the #1 boot device in BIOS Setup!
Good Luck!
-NK |
|
MIXZ1
join:2001-01-02
Mexico
·Prodigy Infinitum
| reply to St0ney
Is it possible that you installed Windows AntiSpyware, which is really a hoax and hijacker? If you did do a google on "remove windows antispyware". One of the tools available is found at »www.spywareremovalblog.com/remov···are2008/ . Do a solid read of the page and you may be able to recover your system without a reformat. Good luck. |
|
AMDUSER
Premium
join:2003-05-28
Earth
clubs:
·RoadRunner Cable
| reply to St0ney
I would try pressing F8 for the MS Windows boot menu - select the "Last Known working configuration".
If that works to get the system to allow you to login, try downloading Wallpaper Hijack Remover from here: »www.majorgeeks.com/Wallpaper_Hij···816.html .
What it will do is allow you to restore the missing tabs so you can change the background wallpaper.
Note: This will not fix the underlying problem however..
Also, if the wallpaper looks similar to this: »Security Cleanup FAQ »Screenshots of Desktop Hijack it could possibly be smitfraud or some other nasty. |
|
St0ney
join:2001-02-25
uranus
| nothing happens as i continuously pound the F8 , at every phase of windows startup, from when it does mem check to detecting drives, to the dual boot menu, all the way to windows logon screen.
i'll have to try the floppy boots sometime later this evening.
I have a windows Xp cd , will that work? or will that just send me to the reformat/reinstall windows xp screen? |
|
DOStradamus
MVM
join:2003-11-04
Santa Rosa, CA
| Am I right in assuming you're using GRUB/LiLo/etc. for your boot manager?
If so, is it installed into the MBR, or, into the Boot Record of the partition you have Linux installed into?
If installed into the Boot Record of your Linux partition, you can boot off your XP CD, load the Recovery Console, and use DISKPART to change the boot ("Active") partition to your XP one. At that point, you should be able to F8-> Safe Mode.
-NK |
|
Razzy
join:2002-10-29
1 edit | reply to St0ney
If you're logging in and immediately log back out back to login screen, see if userinit.exe exist in C:\Windows\system32. If it's there, you may need to do an offline registry edit, navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon and find Userinit key. If it doesn't exist, make one. It should have "C:\Windows\system32\userinit.exe," (without the quote and WITH the comma at the end).
To do all that, you'll need a BartPE CD or ERD or hook the HD up to another computer. Recovery console may work but you'll need to know a few commands - and I don't remember atm as I don't use it.
Also, a Windows repair install may work.
Good luck.
EDIT: I just noticed you said you have mandrake dual boot, could boot to that and see if userinit.exe file is on the Windows parition. |
|
Mickeyme
You might be right, but, I don't care
Premium
join:2008-09-05
Carson City, NV
| reply to St0ney
said by St0ney :I have a windows Xp cd , will that work? or will that just send me to the reformat/reinstall windows xp screen? Seems at this point there is not much else to do but reformat.
If you can't get in even through F8 then I say your screwed.
I hope your not one of those people that keep all this stuff on the hard drive. |
|
ChiTang
Premium,MVM
join:2002-08-23
Alhambra, CA
| reply to St0ney
When desktop try to logon, fail and subsequently logs out. Either userinit.exe and/or winlogon.exe fail to load or missing or corrupted or infected.
To go into safe mode:
Reboot computer, at LILI/GRUB boot menu, choose windows, right after choosing windows to boot, keep tapping the F8 key will bring up the boot menu of XP.
It does sounds like you got infected with the fake AntiVirus200x malware. By changing the desktop and remove the default.htm at c:\windows, it will reload itself in a very short time. That malware is very solid. I wish they use thwir energy to help MS to build more solid OS. 
--
I used to be indecisive, now I am not sure. |
|
Mickeyme
You might be right, but, I don't care
Premium
join:2008-09-05
Carson City, NV
1 edit | said by ChiTang :To go into safe mode: He can't get into Safe Mode!
said by St0ney :i cant even do all the pre-clean steps outlined in this forum, cuz i cant get in to my dekstop or safemode |
|
ChiTang
Premium,MVM
join:2002-08-23
Alhambra, CA
| also i cant do safeboot (F8 at bootup); i have dual boot with mandrake linux...
I interpret it as OP does not know how to get to windows boot menu for safemode cos of the dual boot.
--
I used to be indecisive, now I am not sure. |
|
St0ney
join:2001-02-25
uranus
2 edits | omg omg i got into safemode menu...i guess i was not pounding f8 fast enough after dual boot screen...what a noob i am
please no reformat please no reformat. oh god please |
|
St0ney
join:2001-02-25
uranus | alrighty i am in safe mode, disconnected from network...
goign to run adware, spybot, etc... |
|
St0ney
join:2001-02-25
uranus | ok i running AVASt AV...says userinit.exe infected.
should i delete it? |
|
