Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Very Serious Reboot Problem

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

SmitFraud...not going away

Unread postby lightpanther » March 4th, 2008, 3:15 am

Hi There.

I have had the "spyshredder" infection (sigh).

After downloading "SmitFraudFix" and running it, *most* components of this seem to have been removed, but several problems remain:-

1) I could not start in safe mode according to the precise instructions for using SmitFraudFix...when I press F8 (no matter when) the computer would hang with nothing on screen, so I could never get to safe mode (not sure whether that has anything to do with the infection or not, but it does mean I had to do the fix in normal mode

2) I am still bugged insistently by a fake popup associated with the original infection talking about a "W32.ExpDwnldr", and advising you to click yes to obtain anti-spyware software (if you do, it simply downloads spyshredder again). This popup returns about once every twenty minutes. AVG anti-spyware did not get rid of it.

3) there are also annoying pop ups from the system tray, with similar kinds of stuff " Warning, Malware!" etc, which is obviously also part of the original infection.


4 The browser (IE) remains hijacked. On many searches it jumps to sites other than the ones requested.

I need help in getting these remnants off my machine. I am also unclear why I cannot start safe mode.


System is Win XP with service pack 2
lightpanther
Active Member
 
Posts: 3
Joined: March 4th, 2008, 3:05 am
Advertisement
Register to Remove

Very Serious Reboot Problem

Unread postby lightpanther » March 5th, 2008, 1:12 am

Hello. I am the author of the "SmitFraud not going away" thread below. The reason I am posting another thread, is that the situation has now gotten far worse, and these new problems are much more serious, completely overshadowing what I posted originally. I am not sure how to delete that original thread, as it is unlikely that I will now be able to carry out any advice that is given to me there. Basically, I am unable to use the computer now at all (I'm on a temp laptop here) because it won't boot properly.

Ok, I will try to provide as much help as possible here, in sequence of what happened, and what I have done since. I seem to have made the situation much worse rather than better. Please read it without skipping if you can help, as the sequence of events are probably important.

1) I acquired (not sure how) the "SmitFraud" infection. So I google some advice on that, download the "SmitFraudFix" utility and follow the advice on it, which is available in general around the internet.

2) here is the first oddity...the instructions said to reboot in safe mode in order to run SmitFraudFix...however when trying to press F8 in order to do this on booting up, I found that nothing would appear visible on the monitor, no matter how long I left this.

3) so I then had to boot back to normal mode and run SmitFraudFix there, as I could not get safe mode to show on the monitor (Apple Cinema HD 23" widescreen). Running SmitFraudFix seemed to get rid of a good portion of the infection, however, certain fake popups with ridiculous warnings were still showing up frequently, both windows style popups and from the system tray. These were definitely part of the infection, because it was by clicking on one of these originally that got me the "spyshredder", the virus or malware associated with this thing.

4) Ok, here is where it gets REALLY SERIOUS. I decided, unwise probably, that I should try to get the computer into safe mode so that I could do the fix procedure exactly as was advised. I therefore located advice for starting in safe mode by a means other than F8 and this was to do Start >> Run >> msconfig >> and then on the BOOT.INI, set it to start up in safe mode. Oh boy, bad move!!

5) again, nothing would show on the screen, only now, I couldn't get back to normal mode either or do anything, because nothing showed up on the darn screen!

6) I attached an older monitor to the computer (though only 2-3 years old). Not exactly sure of its specs, but it has KDSusa on the front. Anyway, when booting with this, I am able to see things on the screen, BUT....

7) It boots to safe mode with the "safe mode" text at all four corners of the screen, but that is ALL that is on the screen...the rest of it is black (though there is a cursor)..clicking does nothing etc....and in a few seconds the familiar "Windows XP is starting up" blue logo screen appears (??) and next it prompts me to enter as either "adminstrator" or "owner" big-button style, telling me that I can add or change profiles after I have logged on (this was never part of the normal logging procedure, and if these profiles were set up I haven't used them at all since I got the computer, though I'm sure I called something owner at some point, way back. ***Just to be clear here....when logging in mormally, before these problems, and with the Apple Cinema monitor, there was never any such login screen offering administrator or other "profiles" (since perhaps way back originally setting up the PC, though I can barely remember). it would just log in all the way without hitch. Anyway,

8 ) WHEN I CLICK EITHER OF THESE, WHICH I HAVE TO TO GET ANY FURTHER, IT SAYS "LOADING PROFILES" OR SOMETHING AND THEN INFURIATINGLY THE MACHINE REBOOTS AGAIN...EVERY TIME. IT'S IN A LOOP, AND I CAN'T GET BACK TO WINDOWS TO RESET the BOOT.INI OPTION from START >> RUN

I don't know if this behavior is part of the infection or a result of what I have done, but either way, help!!!

These things i have tried already: With the old monitor running, I can get the boot options menu (F8 ) to work. I have of course selected "boot in normal mode", but it doesn't...it boots with the above behavior...first with the blank "safe mode" screen....then onto the windows logo screen with user login options, administrator and owner (the name for myself, that I created, originally, I think). Choosing either simply starts the login and then reboots after a few seconds, on the same cycle :(

I CAN access the BIOS (F2) menu and the recovery (F11) menu, though I haven't dared to do anything with either yet. On the boot menu, I have tried just about every option....normal, safe, safe with command prompt, last working configuration, enable VGA settings...it still comes back with the same behavior as described above.

I have a lot of important data on the main machine, and am terrified to lose it, so am writing this on a very cheap laptop which I hardly ever use.

Please offer your suggestions for what I can do from here. I'm not a computer geek, so please go easy on the jargon. Is there any way of getting a command prompt given the above behavior, and then using it to fix this problem or at least to get data files off to CDs before I do anything else.

Your help much appreciated. This is the most serious comp problem I've ever had.
lightpanther
Active Member
 
Posts: 3
Joined: March 4th, 2008, 3:05 am

Re: SmitFraud...not going away

Unread postby ndmmxiaomayi » March 6th, 2008, 1:34 am

Hi,

Welcome to Malware Removal.

Step 1

  1. Please download the latest copy of HijackThis from Trend Micro and save it to your desktop.
  2. Double click on HJTInstall.exe to install it. Click on Install. By default, it will install to C:\Program Files\Trend Micro\HijackThis.
  3. Read through the License Agreement presented to you on the next screen and click on I Accept.
  4. Once installed, HijackThis will start automatically. If it doesn't, please go to your desktop and double click on the HijackThis shortcut created there.
  5. Select Do a system scan and save a logfile.
  6. Close HijackThis.

Note: Do not click on the AnalyzeThis button.

Do not fix any lines you see in HijackThis as most entries are harmless and needed for the normal functioning of Windows.


Step 2

  1. Please download and install CCleaner Slim.
  2. Once installed, double click on the desktop shortcut created.
  3. On the leftmost column, click on Tools.
  4. On the middle column, click on Uninstall.
  5. At the bottom right hand corner, click on the Save to text file... button.
  6. By default, it saves this file to C:\Program Files\CCleaner named install.txt. You may want to save it to your desktop to find it easily. Click Save.
  7. Close CCleaner.

Note: Doing this will not uninstall any programs. It will only produce a log of installed programs on your computer.

In your next reply, please post:

  1. HijackThis log
  2. CCleaner install.txt file
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Re: Very Serious Reboot Problem

Unread postby Shaba » March 6th, 2008, 8:48 am

Two topics merged :)
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Very Serious Reboot Problem

Unread postby lightpanther » March 6th, 2008, 4:37 pm

Hi there.

Thank you for the above, but please note that I am unable to download or install anything on my afflicted pc as it is not booting properly...at all. I therefore cannot get to a desktop, cannot use Hijack this or anything else until that problem is resolved.
lightpanther
Active Member
 
Posts: 3
Joined: March 4th, 2008, 3:05 am

Re: Very Serious Reboot Problem

Unread postby ndmmxiaomayi » March 7th, 2008, 12:31 am

Hi,

I'm getting some help for you. Please be patient.
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Re: Very Serious Reboot Problem

Unread postby ndmmxiaomayi » March 7th, 2008, 10:47 pm

Hi,

it prompts me to enter as either "adminstrator" or "owner"


The presence of a "Owner" user account means quite likely that you've bought a HP or Compaq PC.

Can I confirm with you that this is true?

Do you have the Windows XP installation CD (not Recovery CD; Windows XP installation CD has a hologram.)

Here are some pictures to help you recognize the Windows XP installation CD.

http://www.microsoft.com/resources/howt ... laylang=en
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Re: Very Serious Reboot Problem

Unread postby Elrond » March 9th, 2008, 3:09 am

The OP is being helped at WTT.

This topic is now closed. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 305 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware