Doom878

Caught Internet Security 2010 spyware. Ran updated version of Spybot. When i go to log in to XP i get logged off right away. Same thing in safe mode. Posting from phone now

rza49311

iTrader: (1)

XP, Vista or 7?

Are you familiar with DOS commands?

If so, try booting to Safe Mode with Dos Prompt. Then you can navigate through DOS to start system restore.

Doom878

xp. can i go back to a few days ago from dos?

rza49311

iTrader: (1)

Yeah, link to instructions

http://support.microsoft.com/kb/304449

dallison

Majofo

You have a log in log off loop. Spybot probably deleted an infected registry file which put you into this loop. You have to insert the windows boot disk and repair the login files. I had this happen to me after being infected by virtuomonde. After repairing the files, boot into safe mode and install Avast! & MBAM.. run updated MBAM first.. then Avast!

I had Norton at the time of my infection and it didn't detect anything, worthless AV protection. I tried manually removing the bad registry entries and related files after finding the files through housecall & spybot but they would repopulate after restarting. Nasty malware.. GL.

Moog-Type-S

Majofo

http://thinkinginpixels.com/quick-fixes/fix-windows-xp-log-onlog-off-loop/

^ Very thorough tutorial to getting you back & running.

goose25

:meh: I sure as hell don't have those problems on Solaris

Whiskers

You're screwed..

goose25

Shoulda bought a MAC

Souljah

gotta love the unhelpful comments.
Wait should I also include my own post?

Doom878

Not working because i still get the loop when i go for the dos. what if i reinstall windows with the cd?

doopstr

I had a PC doing this. I ended up booting with BartPE, copying the data to an external hard drive, and reinstalling the OS.

Majofo

^ Follow this. You don't have to reinstall the OS.

Doom878

I looked at that. He says the instructions are old. My browsing is limited. Can someone kindly quote the text?

rza49311

iTrader: (1)

Yeah, put the CD in and run an XP Repair. You won't lose anything.

Majofo

Part 1 – Let’s start off easy

Select Safe Mode from the menu that comes up using the arrow keys, and then press Enter.
A bunch of stuff will come up. Don’t worry about that. It’s just Windows listing files it’s loading. After a bit, you should be able to get to a place where you can log in.
NOTE: IF A BLUE SCREEN COMES UP AT THIS POINT OR YOUR SYSTEM REBOOTS/SHOWS A LIST OF FILES, THEN PLEASE SKIP THIS PAGE AND GO HERE. MORE AND MORE PEOPLE HAVE BEEN HAVING THIS ISSUE, AND I HAVE YET TO FIND THE ROOT CAUSE.
At this point, one of two things will happen:

• If it logs you back out, we know that the system is a bit more corrupted than usual.
• If you’re lucky enough to get logged in, we know that something is preventing Windows from starting up with everything loaded. (Normal mode)

In both of these cases, one or more of the following things happened:

• Your computer was most likely infected by spyware or a virus/trojan/worm.
• A spyware scanner such as Spybot: Search & Destroy wasn’t updated correctly and was detecting false positives because of this.
  • A false positive is when a virus or spyware scanner finds something that it thought was a problem, but it really wasn’t. When it tried to fix it, your system got screwed up.
• A virus scanner such as Norton, AVast! or AVG found a false positive and tried to remove it.
• A virus or a piece of spyware detected that it was being removed and tried to save itself by infecting your system in another way.

Hey, everybody makes mistakes, right?
Now, were you able to log in or not?
Yes:Go to the page that says “Cleanup time!”
No: Turn off the computer. Continue on to the next page.


Part 2 – Finding your Service Pack

[If you know for a fact that Windows has been updating itself recently, then you can skip this page completely and assume you have Service Pack 3]
Now, I’m going to have you boot into Safe Mode again, (yes, again) but this time you’re going to try and pay attention to something.
After all those files load up, (all that text appears on the screen) a black screen should load with white lettering in the four corners and a mouse cursor. One of the corners will say Service Pack X where X is either 1, 2 or 3. You’ll need that number later. If you miss the text, that’s OK! You can try and login (yeah, I know it won’t work) to make the blue Welcome screen go away for just a bit so you can get another glimpse at the writing. Also, you can always restart the computer and try again.
If you cannot find the Service Pack number AND YOU ARE SURE Windows has been updating itself properly, let’s assume you have SP3.
IMPORTANT NOTE: If you have recently used a Restore or Recovery Disc that came with your computer to try and get it functioning again, please ignore the Service Pack number you were just looking for (or found/assumed) and use the Service Pack number that is noted on the Restore/Recovery Disc. If your disc says SP1a, then you have SP1.
If you look ALL OVER and you cannot find a Service Pack (SP) number, then you may have an RTM version of XP. (aka, no Service Pack at all) Note it down as Service Pack 0! (that’s the number zero)

If you are having issues with this step, or see something completely different and you don’t know how to proceed, please contact me (see the first page) so I can edit this part accordingly. Thanks!
After you find out your Service Pack, write down the number somewhere and continue onto the next page.


Part 3 – Setting your computer to boot to CDs/DVDs

You’re going to need to set the computer that is not working to check for CDs/DVDs first. [If you know for a fact that your computer boots to CDs/DVDs first already, then you can skip this page completely] You’ll need to enter your computer’s BIOS (Basic Input Output System) in order to set this up. Don’t worry about changing it back after you’ve fixed up your machine. It’s not going to affect anything. [At this point, if you have a wireless keyboard, make sure it has fresh batteries/charge, or switch to a wired keyboard if you are having issues.]
As your computer boots up, you’ll see your computer manufacturer’s logo. (e.g., Dell, HP, eMachines, ASUS, Sony Vaio, Compaq, etc.) Look in all four corners of the screen and near the bottom for an option called Setup, Enter Setup, Enter BIOS, or Enter BIOS Setup. Near these words will be a key to press, such as Delete (Del), F1, F2, F3, Escape (ESC) or F10. If you do not see these words, try a different key every time you boot up until you get the right one. I would recommend starting with Delete (Del) first. One pushed, it will bring you to a DOS-like screen where you can change some important system information.
Some BIOS’ will have their main categories organized in tabs (across the top in blue) which you’ll need to use left and right to navigate through. Others use a vertical menu on the left. Still others use a page-like interface. Look around on the screen for help if you need it.
You’re interested in options that look like Boot, Boot Options, Boot Priority, Boot Sequence, or Boot Order. Use the arrow keys to move around and Enter to confirm things or bring up more menus.
Is your CD/DVD Drive or Optical Drive (may be the make/model of the drive) at the top of the list?
Yes: Turn off your computer and go to the next page.
No: Continue on this page for just a bit longer.

Once you get to it, make sure that your CD/DVD Drive or Optical Drive (may be the make/model of the drive) is listed at the top. Some BIOS’ require that you press a certain key to move the CD/DVD drive to the top, such as u. Read the onscreen directions carefully.
Once done, most BIOS’ will allow you to save your changes by pressing F10. If yours is different and you don’t know where to go, press the Escape (ESC) key to back out one screen. Some BIOS’ at this point may ask you to save changes for that part of the BIOS. Save it and use the arrow keys to find your way to Exit. When it asks, Save Changes.
If all went well, the computer should reboot. Boot into Safe Mode. When you get to the login screen, pop open your computer’s CD/DVD tray and shut down your computer via the normal menus.
We’re going to leave your computer alone for a while. Go to the next page.


Part 4 – Burning some CDs/DVDs

THIS PAGE REQUIRES YOU TO DOWNLOAD A DECENT AMOUNT OF DATA. (205MB) IF YOU DO NOT HAVE A HIGH SPEED INTERNET CONNECTION, THEN YOU MAY WANT TO GO TO A PLACE WHERE THERE IS ONE AVAILABLE, LIKE A FRIEND’S HOUSE OR A STARBUCKS.

So now it’s time to start fixing your system. We’re going to need some tools though. We’ll need to burn 2 CDs. (or DVDs if you don’t have any blank CDs. DO NOT USE CD-RWs OR DVD-RWs.) You should get a marker to label the CDs/DVDs so you don’t get them confused.
A file that ends with the extension .iso is a special kind of file. .iso files are like .zip files, but with special information that helps a CD/DVD burning program make CDs/DVDs you may burn bootable, etc. If you unzip an .iso file you download, you’ll ruin it. You can use CDBurnerXP, ImgBurn, or Active ISO Burner to burn the .iso file (also known as a CD/DVD image) you downloaded. When downloading Active ISO Burner, you can just get the middle one on the left side of the page. If you’re not going to use Active ISO Burner, make sure to use something along the lines of CD/DVD image burning in your CD/DVD burning program and NOT data burning! Please make sure to burn it at a slow speed (4x) to get the best results with even the most picky drives. Again, please leave the file in .iso form. Do NOT unzip it or anything like that.
If you’re having trouble burning or booting any of the CDs/DVDs I mention, please try booting them off of the machine you’re currently running first. (Make sure to set the BIOS accordingly.) If you’re still having issues, find a friend who can burn and test these CDs/DVDs for you. Either your batch of blank CDs/DVDs may be bad, or your CD/DVD burner is going.
Now, onto the CD burning!

1. Download this file. (Save it, do not open it.) (If you’re running XP, don’t worry about it being a Vista Recovery Disc.)
2. Burn the .iso to a blank CD/DVD using one of the programs I recommended above.
3. Put the CD/DVD into the open CD/DVD tray of the computer that is still off.
4. Turn on the computer and pop in the CD/DVD tray if it doesn’t automatically do it (laptops won’t)
5. The CD/DVD should spin up and boot.

Were you brought to a screen that gives you a prompt to press any key?
Yes: Good! This should mean that this CD/DVD is burnt correctly! Pop out the CD/DVD, leave the CD/DVD tray open, and hold down the power button on your computer for 5 seconds to shut it down. Get a marker and label this CD/DVD “Vista Recovery Disc“. If you’re running XP, don’t worry about it being a Vista Recovery Disc.
No: You’re going to have to delete the .iso file you downloaded and redownload it and reburn a new CD/DVD.

If you’re having trouble burning or booting any of the CDs/DVDs I mention, please try booting them off of the machine you’re currently running first. (Make sure to set the BIOS accordingly.) If you’re still having issues, find a friend who can burn and test these CDs/DVDs for you. Either your batch of blank CDs/DVDs may be bad, or your CD/DVD burner is going.

1. Download this file. (Save it, do not open it.)
2. Burn the .iso to a blank CD/DVD using one of the programs I recommended above.
3. Put the CD/DVD into the CD/DVD tray of the computer that you just used to burn the CD/DVD.

Do you see some files and folders in the CD/DVD?
Yes: Good! This means that this CD/DVD is burnt correctly! Pop out the CD/DVD, get a marker and label this CD/DVD “Save Me v1.55.0“.
No: You’re going to have to delete the .iso file you downloaded and redownload it and reburn a new CD/DVD. If you’re having trouble burning or booting any of the CDs/DVDs I mention, please try booting them off of the machine you’re currently running first. (Make sure to set the BIOS accordingly.) If you’re still having issues, find a friend who can burn and test these CDs/DVDs for you. Either your batch of blank CDs/DVDs may be bad, or your CD/DVD burner is going.

Congrats! All your tools are ready! Please continue onto the next page.


Part 5 – Run the Discs!

1. Put the Vista Recovery Disc CD/DVD into the open CD/DVD tray of the computer that is still off.
2. Turn on the computer and pop in the CD/DVD tray if it doesn’t automatically do it (laptops won’t)
3. The CD/DVD should spin up and boot.
4. Press any key at the prompt as it says. [At this point, if you have a wireless keyboard, make sure it has fresh batteries/charge, or switch to a wired keyboard if you are having issues.]
5. Some files will load. (some machines may take up to 25 minutes to load!)
6. You’ll be brought to a colorful screen with a cursor.
   [If you get any strange errors at this point, please shut down your machine by holding down the power button for at least 5 seconds and try booting it up with the disc again.]
7. Wait (at most 5-10 minutes on very old systems) until a window appears.
8. After the window appears, click Next.
9. Click Repair your computer on the bottom left.
10. Click Next on the small window that appears. (Don’t worry about it not detecting XP.)
11. Click Command Prompt on the window that appears.
12. Take the Vista Recovery Disc CD/DVD out and put the Save Me v1.55.0 CD/DVD in your CD/DVD drive.
    [If you are having issues with this, try downloading and unzipping this .zip file, taking the files that were in it and putting them onto a USB flash drive. (making sure that you can see a file called "saveme" or "saveme.bat" in the root of the drive) Then, put the USB flash drive into the computer. SOME PEOPLE MAY NEED TO REBOOT THE VISTA RECOVERY DISC TO HAVE IT SEE THE USB FLASH DRIVE.]
13. Try typing D:\saveme, E:\saveme or F:\saveme to start up the recovery process.
14. Follow the directions in the Command Prompt window.

So, NOW are you able to log in?
Yes!: Please go on to the next page!
Still No!: Please contact me. (see the first page)



Part 6 – Cleanup time!

You’re in! Congrats! I would STRONGLY recommend you scan for spyware and viruses. (keep reading)
DO NOT BOOT INTO NORMAL MODE YET OR ELSE THE SPYWARE/VIRUSES (if present) COULD CAUSE MORE PROBLEMS!
You may be able to go into Safe Mode with Networking to access the Internet and download files that can clean your machine that way, however, I would recommend downloading the utilities listed below from another computer and putting them on a CD. Do not use a USB flash drive as that may become infected. Try and keep the infected computer off the Internet or your home network as long as possible. Not rebooting will also keep the virus/spyware at bay because it may want to undo some things each time you reboot.
PLEASE, IF YOU VALUE


YOUR COMPUTER AND


EVERYTHING ON IT,


BACKUP YOUR DATA


AND


HAVE A BACKUP PLAN


SO YOU DO NOT HAVE


TO SCRAMBLE


LIKE THIS AGAIN!


Also, please consider donating!

First, do the following:

1. Click Start
2. Click My Computer
3. Select the Tools menu
4. Click Folder Options at the top
5. Select the View tab
6. Under the Hidden files and folders heading, select Show hidden files and folders
7. Uncheck the Hide protected operating system files (recommended) option
8. Click Yes on the warning dialog that pops up
9. Uncheck the Hide file extensions for known file types option
10. Click Apply
11. Click OK

Go download and install these utilities. All of them are free to use and provide free updates. When running these installers, RENAME THEM as some viruses and spyware block them based on the file name. Make sure to keep the same file extension though. (.exe, .msi, etc.) These are in no way configured once installed. If you need help configuring them, please give me a call.


PLEASE REMEMBER TO UPDATE



THESE SCANNERS BEFORE



SCANNING!


YOU NEED TO USE ALL THE



PROGRAMS ON THIS PAGE!

• AVast! Antivirus
  • Can be installed/run under Safe Mode
  • Choose to run a Boot time scan
  • Choose to Restart later
  • Update AVast!’s defintions
  • Reboot into Safe Mode to run the boot time scan
  • If you have an antivirus scanner already, don’t use it anymore. Use AVast!. You can uninstall your old antivirus program when you get back into Normal mode.
  • Once you run AVast! Antivirus’ boot time scan, if it says you’ve been infected by Win32:Vitro, THERE IS NOTHING YOU CAN DO TO RESTORE YOUR SYSTEM TO A USABLE STATE WITHOUT REFORMATTING AND REINSTALLING. Backup your data and reformat the drive pronto. PLEASE MAKE SURE TO SCAN YOUR BACKUP AS WELL ON A CLEAN SYSTEM TO PREVENT REINFECTION.
• Mozilla Firefox
  • Can be installed/run under Safe Mode
  • Please use this to browse the Internet from now on!
• Spybot – Search & Destroy
  • Can be installed/run under Safe Mode
  • Do not select TeaTimer during installation
  • Do not select “Download updates” during installation
  • Close Spybot – Search & Destroy
  • Update the detection rules
  • Before installing: (if you have a version on your machine already)
    • Open Spybot – Search & Destroy
    • Undo all Immunization
    • Close Spybot – Search & Destroy
    • Remove it via Add/Remove Programs in the Control Panel
    • Restart the computer as it says, but go back into Safe Mode
    • Delete the following folders: (it is OK if some do not exist)
      • C:\Program Files\Spybot – Search & Destroy
      • C:\Program Files\TeaTimer
      • C:\Documents and Settings\All Users\Application Data\Spybot – Search & Destroy
      • C:\Documents and Settings\All Users\Application Data\TeaTimer
  • Once your machine is clean enough to get back into Normal mode, you’ll need to take note of this special procedure again for updating Spybot. You’ll need to uninstall it and reinstall it, as installing it under Normal mode will provide extra protection.
    • After you’re back in Normal mode and have uninstalled, cleaned up (see above) and then reinstalled Spybot, remember to update it and do another scan with it to take out anything else.
• Malwarebytes’ Anti-Malware
  • Can be installed/run under Safe Mode
  • Update the program
  • Do a Full Scan
• Windows Malicious Software Removal Tool
  • Can be installed/run under Safe Mode
  • Do a Full Scan
• SpywareBlaster
  • Can be installed/run under Safe Mode
  • Before installing: (if you have a version on your machine already)
    • Open SpywareBlaster
    • Disable all Protection
    • Close SpywareBlaster
    • Remove it via Add/Remove Programs in the Control Panel
• Bazooka Adware and Spyware Scanner
  • Can be installed/run under Safe Mode
  • If you’re running Windows Vista, you’ll see two false positives. Ignore them.
  • Update the program
  • Do a scan
• Windows Defender
  • This program needs to be installed in Normal mode. YOU CANNOT INSTALL THIS UNDER SAFE MODE.
  • Update the program
  • Do a Full Scan
• COMODO Firewall
  • Can be installed/run under Safe Mode
  • Do not install the COMODO Antivirus, as the software program below will take care of viruses
  • You do not need COMODO SafeSurf
  • Do the Spyware Scan
• SUPERAntiSpyware
  • This program needs to be installed in Normal mode. YOU CANNOT INSTALL THIS UNDER SAFE MODE.
  • Update the program
  • Do a Full Scan
• Ad-Aware
  • This program needs to be installed in Normal mode. YOU CANNOT INSTALL THIS UNDER SAFE MODE.
  • Update the program
  • Do a Full Scan

AFTER YOUR MACHINE IS



CLEAN, REMEMBER TO



UPDATE TO XP SP3 IF


YOU DID NOT HAVE IT!


Some of the main things I’ve found that causes this loop:

• People don’t uninstall old version(s) of Spybot: Search & Destroy when installing a new version
• People uninstall the old version, but they don’t get rid of the Spybot/TeaTimer folders in C:\Program Files
• People uninstall the old version, but they don’t get rid of the Spybot folders in C:\Documents and Settings\All Users\Application Data (I don’t think you really need to get rid of this, but I do just to have a full uninstall)
• People don’t know when a new version of Spybot: Search & Destroy is available (no notification in updater, no auto-updater, etc.) Always check before doing a scan!
• People are still using Internet Explorer (IE) to browse the Internet without adequate protection.
• People are heavily infected with spyware and viruses without knowing it.

Doom878

Thanks for posting that. I will print this now that I'm back at work. BTW, I see 2 potential fixes. RZA's idea for a Windows fix and the above. What's the diff?

rza49311

iTrader: (1)

At a glance, the nitty gritty here is the same but the guide looks to be for Vista. In XP, you don't choose repair on the first screen. You must go through the setup like you are installing windows and a few screens in, it detects your existing install and asks if you would like to repair it and you pick that.

Majofo

It's for XP.. I know.

I can't wait to get 7 running.. I just don't want to reinstall all my programs.

#1 STUNNA

www.ninite.com

Doom878

^Pretty f'in cool.

So that long explanation is for Vista meaning I have only one choice?

JediMindTricks

good luck!

Majofo

awesome.. thanks!

Scottman111

On a PC here at work. Once I did this it logged in, AVG popped up and cleaned whatever program it was and now it seems to be fine. I'm running some more scans now to make sure...





http://www.geekstogo.com/forum/Windo...ff-t15771.html

Post #9

Scottman111

^ I'm surprised that this worked since that article is 4 years old.


Sweet

dallison

Doom878

Ok this worked. I had access to an XP disc so I did this. However I have to get the patch from my friend since my key apparently is p1rated. I can get into safe mode and back up away. Thanks!!!

This didn't work. When I got the C:Windows prompt it wouldn't recognize C:Windows/system32. I tried the other addresses and stuff but it didn't recognize anything. I checked the dir and didn't see the files listed. Thanks everyone for your help.

rza49311

iTrader: (1)

Glad you got it working enough to back your stuff up.