spyware invaded safe mode

Unknown · December 2007

Hi everyone,

I have spyware on my computer. It has invaded safe mode. I'm admin of the computer, but everything is restricted. I'm unable to install anything. I'm unable to change any passwords as the user group page in control manager is blank. I can't run svchost associated with user group page as I'm restricted. Anything out of safe mode is useless as explorer.exe, task manager, anything does not load upon logging in. Stumped. Can't get anything to work, as everything is a dead end with this steroid-spyware string on my computer.

Any suggestions?

CB · December 2007

At this point, it would proly be easier to reformat than to go through the steps to clean it.

Your-Amish-Daddy · December 2007

fdisk /q C:\

But seriously, if it's blocking you from changing admin privileges, then the install is knackered. That's not spyware, that's malware.

Harudath · December 2007

If you're blocked frm using admin stuff as admin yourself, then there's nothing you can do afaik. Would a windows repair work? Or is that just resetting the OS settings for the virus to say "oh goodie" and do it all over again? If so then formatting it is your only option, back up what you can and get cleaning! :P

Your-Amish-Daddy · December 2007

The only thing he can really do right now is format that bix.

Harudath · December 2007

Hmm, that's a fekkin nasty one... Any idea how you got it? Would be nice to pass on the info to help others avoid it too.

Ryder · December 2007

It sounds like you have Smitfraud...had a similar issue and running the smitfraud fix and combofix (check spyware forums here at Icrontic) solved the issues. Run Smitfraud fix first, then combofix.

See if that helps anything.

The best thing to do is post here in the Spyware Forums with a Hijack this log, so they can tell you what you have.

doncon · December 2007

I'd love to run any/all apps to get rid of this, however I cannot install anything. I don't have privledges any longer.

On top of that, I've decided to just re-install, however I'm trying to copy pics, docs, etc and I"m unable to do that as well.

Any other ideas on how to get the ball rolling?

Ryder · December 2007

smitfraud isn't an install, nor is combofix....can you download or use a USB key to get into the machine and place the files?

Then just run the EXE...maybe right click and say "Run As" is that still working?

doncon · December 2007

I got this malware/spyware ironically by trying to clean out my registry. I got on a link to download RegCure, to say the least it wasn't regcure.

The first thing I noticed is that my hosts file redirected about 100 websites to a 10.240.x.x IP. It got progresively worse from there. Lost admin, Administrator password changed, cant copy/paste anything.

Beat.

Ryder · December 2007

ugh....not good.

Any other PC's in the house? remove HDD and attach to another PC..then browse to the documents and copy them off?

any infection should not spread, since the OS is not running on that drive.

Harudath · December 2007

I learned a new tech support word lately: It's ****ed

Ryder · December 2007

Harudath wrote:

I learned a new tech support word lately: It's ****ed

That is my favorite tech support word...but I can't ever use it

doncon · December 2007

RyderOCZ wrote:

ugh....not good.

Any other PC's in the house? remove HDD and attach to another PC..then browse to the documents and copy them off?

any infection should not spread, since the OS is not running on that drive.

I have 2 PC's, but my laptop is the one infected.

HW_Hack · December 2007

Best bet here is to find / get a Linux "Live CD" --- a Live CD will actually boot the Linux OS and give you a very "windows like" desktop environment --- click around until you find the file manager --- open (or in Linux terms mount) your system disk --- you should see all the familiar files and folders. Now attach and external USB drive or USB stick and drag your data files (and favorites) off the infected drive - bingo - you're half way there.

Now hopefully your laptop has a hidden partition so you can do a destructive recovery

basically re-write your main partition so your system is just like the day you opened the box ...... if not .... reload XP and reload all your drivers argh !!

Leonardo · December 2007

Wow, lot's of Christmas cheer going around today!

moving this thread to Spyware and Virus Removal forum

halo2_god · December 2007

Hey, I will atempt to help you with youre problem firstly get a CD and or USB device and download http://kasperskyusa.com/trials/kav7.0.0.125en.exe
Its kaspersky anti virus(30 day free trial) install it onto one of youre pc's then goto the "All programs" folder and copy the folder to the CD or USB flash drive... Then connect to infected computer and run it. After it is finished quartine all items! Also when windows start hit "Windows key + r" then the run box should apear type explorer and hit "enter".

Trogan · January 2008

Whilst we appreciate that you may be busy, it has been 7 days or more since we heard from you. This topic is now closed.

Infections can change and fresh instructions will now need to be given. If you wish to reopen your topic, please send a Private Message (PM) to Trogan with a link to your thread.

If you are not the user who started this thread, you must start your own Thread instead (grin)

spyware invaded safe mode

Comments