Unknown virus/spy causing machine not to boot even in safe mode
Greetings,
Here is my sad story, well more for a friend and his poor computer. Through un-admitted steps and user initiated ok'd install of spyware applications a computer is experiencing the following. When booting up the Winxp logo is displayed and then hangs.
This also occurs unfortunately under safe mode. When the driver list is displayed, the machine hangs. This occured after a definite infection.
I did what I normally do, take the HD out into a known clean system with multiple security apps. Symantec enterprise 10, spysweeper enterprise, spyblaster, superantispyware. I ran full scans with each product on the affected HD. I also went into the appropriate directories and manually removed any recent day files that were left on the machine.
After all of this the machine still hangs even in safe mode. It ran late and I am going to attempt a repair reinstall of XP. First I will try to do a recovery console boot and see if there is any driver or service I can disable that may be causing the issue.
However this is the nice part, the clean and supposedly protected machine I tried to do the clean in, is now experiencing the same exact fail to boot issue, even in safe mode!
I didn't think this could be possible. Is this some sort of boot sector virus? But how could that prevent the OS from fully booting? Did some sort of system kernel driver get installed?
Winfixer and trojan-downloader were detected and suposdely quarantined. I have experience with Winf, virtumonde and trojans before and have never seen this.
Has anyone seen or even heard of such a thing?
Jason
Here is my sad story, well more for a friend and his poor computer. Through un-admitted steps and user initiated ok'd install of spyware applications a computer is experiencing the following. When booting up the Winxp logo is displayed and then hangs.
This also occurs unfortunately under safe mode. When the driver list is displayed, the machine hangs. This occured after a definite infection.
I did what I normally do, take the HD out into a known clean system with multiple security apps. Symantec enterprise 10, spysweeper enterprise, spyblaster, superantispyware. I ran full scans with each product on the affected HD. I also went into the appropriate directories and manually removed any recent day files that were left on the machine.
After all of this the machine still hangs even in safe mode. It ran late and I am going to attempt a repair reinstall of XP. First I will try to do a recovery console boot and see if there is any driver or service I can disable that may be causing the issue.
However this is the nice part, the clean and supposedly protected machine I tried to do the clean in, is now experiencing the same exact fail to boot issue, even in safe mode!
I didn't think this could be possible. Is this some sort of boot sector virus? But how could that prevent the OS from fully booting? Did some sort of system kernel driver get installed?
Winfixer and trojan-downloader were detected and suposdely quarantined. I have experience with Winf, virtumonde and trojans before and have never seen this.
Has anyone seen or even heard of such a thing?
Jason
0
This discussion has been closed.
Comments
1) Took HD out and ran a multi scan in another machine. Turns out the second machine was having a different issue.
2) Performed a repair reinstall of operating system, in this case Winxp home.
3) On repair reinstall, machine did lock but upon power off, installer recovered and completed.
4) Machine being able to boot now, ran internal multi scan using:
SAV 10 Enterprise / Spysweeper Enterprise / Superantispyware / spybot
5) Ran hijack this, multiple items were still present, used hijack to remove items.
6) Rebooted and ran process 4-5 again. System clean and operational.
The main infections I found was winfixer and winantispyware however, there were over 40 different trojan entries found and 10 unknown objects as reported by superantispyware.
I hope everyone knows that one really must run multiple antispyware apps to be sure of a full clean. Super found alot but after running super, spysweeper enterprise found quite a bit more.
I hope this event can be of use to someone with a similar issue in the future.
Thanks
Jason
Integrated AV/SPY programs are really poor. Spybot and Addaware are really poor. I used pestpatrol back when it was pestpatrol before CA bought them and it was pretty good but have not used the e-trust version.
Anyway, spyware is such a pain.
Jason