No Restore, No MBAM, No Safe Mode, No MSCONFIG, Virus Scan Clean
Results 1 to 10 of 10

Thread: No Restore, No MBAM, No Safe Mode, No MSCONFIG, Virus Scan Clean

  1. #1
    Join Date
    Oct 2001
    Location
    Panama City, Florida, USA
    Posts
    43

    No Restore, No MBAM, No Safe Mode, No MSCONFIG, Virus Scan Clean

    ARRRRGGGGHHHH! This is killing me.

    My son (yeah, same son as before) got a virus. . . again. His HP runs WinXP Home, and he has Avast antivirus. The virus he got is the one that pops up the "Windows Security Center" warning, and tries to get you to buy something to remove the virus it pretends to find.

    I disconnected from the Internet, and removed some of the files manually. I installed Malwarebytesfrom a thumb drive, but I get an error telling me that the file mbam.exe cannot be found. I useda different computer to install Malwarebytes onto my thumb drive, but when I try to navigate to mbam.exe, it's missing.

    I installed SmitFraudFix from a thumbdrive, but it needs to run from Safe Mode. That's when I learned that Safe Mode won't work. Each attempt to boot to Safe Mode results in a Boot Error screen, and the computer will ONLY boot to Normal mode.

    I ran SmitFraudFix from Normal mode, but of course it fixed mothing.

    I cannot access MSConfig. It opens. . . after about 20 minutes, but won't respond to the mouse or the Tab key.

    I cannot run Hijack This.

    Boot time Avast scans find many infected files and remove them, but does not repair any of the things I mentioned here. And the next time I connect the computer to the Internet, it starts downloading stuff.

    The Restore Mode is also disabled, so in a fit of desperation, I ran Recovery Mode and reinstalled Windows. But it fixed NOTHING!

    Now, thanks for listening to me whine. Here's my question. . . . short of reformatting, setting fire to his computer, or buying a new one, is there hope for this thing?
    All warranties expire upon payment of invoice.
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~
    If not satisfied, double your money back.

  2. #2
    Join Date
    Feb 2004
    Location
    Mandurah, Western Australia
    Posts
    10,157
    Download SafeBootKeyRepair.exe by sUBs and save it to your desktop.

    Double-click SafeBootKeyRepair.exe to run it. Follow any prompts that may appear then post the log it produces.

    ==

    See if you can boot into safe mode now.

  3. #3
    Join Date
    Nov 2009
    Posts
    1

    Simple Fix I Used

    I had a similar experience with the Malwarebytes executable being missing after I installed.

    My fix was to replace the missing executable by copying it from another computer.

    Worked like a charm.

  4. #4
    Join Date
    Oct 2001
    Location
    Panama City, Florida, USA
    Posts
    43
    Two things. . .

    1st one, I originally tried changing the name of mbam.exe to something else, but each time I plug in my thumb drive, the file disappears.

    2nd, I did something that may have been really bad. Last night, after posting this request for help, I discovered something; msconfig was actually working, but REALLY slow. It took it 15 minutes to open, and five or six minutes to respond to a mouse click. So, I tried a diagnostic boot, but still could not get to Safe Mode. While I was waiting for MSConfig to respond to a mouse click, I saw the option, "Safe Boot." I selected it, applied and closed.

    Now the computer is stuck in a boot loop. No matter which selection I make, it attempts to boot to Safe Mode, which results in a boot error, which returns me to the selection screen. I have a bootable CD I can use to get into the computer, but I am not sure I can access MSConfig to change the settings back.

    I'll let you know if it works, but thanks for the advice. I'll try anything once.
    All warranties expire upon payment of invoice.
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~
    If not satisfied, double your money back.

  5. #5
    Join Date
    Feb 2000
    Location
    Idaho Falls, Idaho, USA
    Posts
    18,063
    One method you could try is to connect the drive with malware as a slave drive to another computer. Then, scan that drive for and remove the malware, then put it back in the original computer and perform a repair install of Windows.

  6. #6
    Join Date
    Oct 2001
    Location
    Panama City, Florida, USA
    Posts
    43
    Quote Originally Posted by crunchie View Post
    Download SafeBootKeyRepair.exe by sUBs and save it to your desktop.

    Double-click SafeBootKeyRepair.exe to run it. Follow any prompts that may appear then post the log it produces.

    ==

    See if you can boot into safe mode now.
    Well, "Yes," and "No."

    I downloaded SafeBootKeyRepair to a thumb drive, and after I booted the computer to Ultimate Boot CD for Windows and edited the Boot.ini file so I could get back to the OS, I attempted to run SafeBootKeyRepair. It opened a window, listed "Access Denied" four times, then just sat there mocking me with that blinking cursor for 15 or 20 minutes until I closed it.

    But when I rebooted, Safe Mode was available and worked!

    From Safe Mode I ran SmitFraudRepair and Dial-a-Fix. Both seemed to work, and now the computer is (nearly) back to normal. The clock is still showing military time, and we still cannot set a background theme or picture, but everything else seems to work. MSConfig seems to be back to normal, but I have not attempted to reinstall Malwarebytes. (my son is anxious to get his term paper finished and printed. )

    I may be back as more things turn up, but at least for now, we're back up and running! Thanks.

    P.S. I don't know why I didn't think of the "slave-drive" thing earlier. I've done that before with much success. . . . but it never crossed my mind.
    All warranties expire upon payment of invoice.
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~
    If not satisfied, double your money back.

  7. #7
    Join Date
    Oct 2001
    Location
    Panama City, Florida, USA
    Posts
    43
    OK, we cannot install Malwarebytes. And, when connected to the Internet, the computer gets popup advertisements, so it is NOT clean.

    I came home at lunch, disconnected from the 'Net and started another virus scan.

    Not sure what I hope to accomplish at this point, but I've come too far to give up now.
    All warranties expire upon payment of invoice.
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~
    If not satisfied, double your money back.

  8. #8
    Join Date
    Jul 1998
    Location
    Toronto
    Posts
    25,428
    try combofix...

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      NOTE. If Combofix asks you to install Recovery Console, please allow it.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

    Above combofix instructions courtesy of Broni

    VirtualDr email notices are not working.
    Check back regularly for responses.

    _____________________
    cat lovers click here

  9. #9
    Join Date
    Oct 2001
    Location
    Panama City, Florida, USA
    Posts
    43

    Thumbs up UPDATE!

    OK, after re-running safebootkeyrepair, booting to Safe Mode, and running Combofix, I was able to install Malwarebytes.

    Malwarebytes is currently running, and has found 39 infected files so far.

    I'll post another update when I am certain, but I think that. . . . after 2 weeks and about 30 hours worth of work .. .. .. I've got the boy's computer up and running again!

    Whether it is, or is not, fixed, thanks for all the help.
    All warranties expire upon payment of invoice.
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~
    If not satisfied, double your money back.

  10. #10
    Join Date
    Feb 2004
    Location
    Mandurah, Western Australia
    Posts
    10,157
    Post up the logs and we can tell you if anything remains.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •