Trying to recover an installation stuck in "safe mode" (virus related)

Think i've cracked it, after the last run of mbam (where it found new files in the other windows install, the new one from yesterday that hasn't been run since i used it to fiddle the boot.ini) i've installed IE8 from safe mode, then rebooted to safe mode and opened the browser (this completed the last of the browser setup i think)

Then reboot to normal mode and it let me activate windows, yay!

Now i can get in and update spybot (stupid bloody scanner, lets you install but won't scan until you update it!) and pick out the last few bits.

Still hate this machine though. :p
 
Spybot has picked up another 12 item so far! :eek: (and half of them are the registry changes that had me locked out of most of the machine)




edit, just had IE popup an advert page behind spybot! Guessing the viruses that were being over-ruled by xp security BS 2010 are stretching their legs now :D
 
Last edited:
I'm currently going through something similar trying to recover someone's laptop from a bad case of XP Internet Security 2010 (among other things), except this time I was able to run a .reg file which restored the .exe file associations so I'm able to run some cleanup apps etc. What a ballache though!

I'd rather spend a day trying to clean it out though (and then ensuring the user uses Firefox, stops using limewire and DOES NOT click on anything relating to viruses or security that isn't his installed Antivirus software) than a day formatting it (after finding Windows MCE 2005 disks) and several weeks of phonecalls along the lines of "I can't do xx since you reinstalled" or "Where is xx now you've reinstalled" or "what's xxx"

Argh :D
 
Personally I would try transferring that database program from your current installation to a new installation. Back up the program folder, registry entries and user data. Then transplant them back into to a new install, it might work. If not can you not aquire new installation media for the database program?
 
Last edited:
Howard said:
I'm currently going through something similar trying to recover someone's laptop from a bad case of XP Internet Security 2010 (among other things), except this time I was able to run a .reg file which restored the .exe file associations so I'm able to run some cleanup apps etc. What a ballache though!

Argh :D
Click to expand...

I think this one is so bad because it's the cumulative effect of one virus weakening the defences, letting in bigger and badder things at a latter date.
The usual fixes for X have been disabled/blocked by Y, etc.

Meatball said:
Personally I would try transferring that database program from your current installation to a new installation. Back up the program folder, registry entries and user data. Then transplant them back into to a new install, it might work. If not can you not aquire new installation media for the database program?
Click to expand...

I've only been able to get into the registry for a couple of hours now, and the firm that make the database no longer exist. :(
 
Need to have a discussion with the employee repsonsible for this. As shouldn't really be going to places where Internet Security 2010 can be picked up using a work laptop. Espeically if it's running software that can't be repaired easily.
 
Bit awkwards there, he owns the place :D

Malwarebytes says all clear, Spybot says all clear, F-Secure has found 13 items so far :D



edit 46 infected files at the end!

edit 2 clicked the auto clean option, bloody DCOM shutodnw box popped up, mad scamble to get cmd open :D

31 files cleaned, 15 not cleaned :eek:
 
Last edited:
Normally I'd agree but I fear the user has become set in his ways with regards to using it - and I think in some ways it is easier for noobs. I've solved the problem with it now anyway :)
 
Almost done. Lots of buggering about as the .net stuff was busted and some stuff needs it to function. MSE was borked, couldn't uninstall the busted one as it was looking for the install files from the temporary folder it extracted it's files too when it was first installed, wtf? And the new version wouldn't install over the old version, rinse and repeat.

Both sorted, MSE shows the machine clean, just waiting for another F-Secure scan to complete (damn that takes a while!)
 
Scanned in this order.

MSE - Clean :)
F-Secure - Clean :)
Malwarebytes - 6 items. :(

Just trying to clean up the system restore settings (reg settings are shot so you can't delete the virus hidden in the restore files) and i'll give it another spin.

So close! :D
 
Bane said:
Need to have a discussion with the employee repsonsible for this. As shouldn't really be going to places where Internet Security 2010 can be picked up using a work laptop. Espeically if it's running software that can't be repaired easily.
Click to expand...

It can be picked up after clicking a sponsored Google result.
 
Guy assures me it must have shown up from an email. Because once the office computer went **** up, he used his netbook and his girlfriends laptop. Which i've just brought home with me ....
 
I got this last night, got to the point where it wouldn't even boot up, so am gonna have a tinker on tonight.

I'll try windows repair first off but this is one of the most annoying virus's of all time.
 
lol, was working my way through the two machines last night and my phone went... "blah blah, all my icons have gone, blah, blah, can't get online, blah, blah, got this new antivirus program popping up all the time, blah, blah..." Bring it around!

Might make the rent this week if this keeps going! :D
 
You must log in or register to reply here.
Back
Top Bottom