Borked Computer - virus I think.

[Watchman~SPARTA~]

Picked my girls up tonight and the youngest brought her desktop which "doesn't work". It's running XP Pro, SP2, nothing special just a Sempron 3000 with 2gig ram and a Nivdia 7900.

 

When I fired it up it boots to desktop and straight away shows a very legitimate looking security software package. Only problem is, no-one has installed it, I put Avast on there along with Zone Alarm firewall and that was it. Can't close this program down, only option is to buy a license. Eventually after repeated Ctrl-Alt-Deletes, it crashes but just leaves a clear desktop picture: No toolbar or program icons. Only way to progress was a hard reboot.

 

As she has nothing of note on there I opted for a re-format, so head for the Bios, to change the boot drive to Optical, to read the XP disc. Only problem is. it now asks for a password for the Bios which it has never had. None of the passwords ever used on the PC work so I'm stuffed. Can't get into safe mode, can't do anything.

 

Any suggestions for getting the optical drive to be read first so I can do the format, if I pull the CMOS battery would that eliminate the need for a BIOS password?

 

Thaks in advance.

[Watchman~SPARTA~]

Taking out the CMOS battery worked, re-formatting now.

[Halli~SPARTA~]

Owch.... The last Trojan out would pop up an authentic looking Anti-Virus and asked to click on it.

AVG does have that in it's data base but maybe it was to deep.

 

Good luck on Reformat.

[DaiSan]

As stated above, Remove the Bios Battery and look for either a reset button (newer mobo's have these) or a jumper that needs to be bridged (normally labelled 'RESET). If you let me know the model of Motherboard I can direct you to the 'Reset' method.

 

The offending program was probably something along the lines of 'Antivirus 2010' which is a bugger because it removes access to the Task Manager and can stop any .exe's running.

 

It can be removed using Combofix (please don't download this from ANYWHERE else as some dodgy copies are about) in safe mode, then something such as Malware Anti Malware in normal boot to complete the job.

 

Hope this helps mate.

[PANiC]

been cleaning up a lot of pc with this crap on it since the middle of last year. last one was this one: http://www.novahq.net/forum/showpost.php?p...amp;postcount=2 but there is a ton of very simiar varients.

 

you can clean it with malwarebytes but you might need to run rkill to allow you to run .exe files becasue the crapware stops .exe files from running.

[Batwing~SPARTA~]

Well, great support guys

I love these threads

 

However, if he enabled the BIOS and is going through a format, that could be also the cleanest way.

 

If your daughter has important files as pictures or music or what else she want to save, before formatting, unplug that drive from that PC and plug it into another PC to have access to the documents and back up all of the stuff you want, then nuke it

 

You could do the same if you have a Bootable CD to start that PC without using the onboard OS, then back up the important stuff.

[Watchman~SPARTA~]

been cleaning up a lot of pc with this crap on it since the middle of last year. last one was this one: http://www.novahq.net/forum/showpost.php?p...amp;postcount=2 but there is a ton of very simiar varients.

 

you can clean it with malwarebytes but you might need to run rkill to allow you to run .exe files becasue the crapware stops .exe files from running.

 

P, that was the one.

Once the battery was out and I rebooted got straight into BIOS and setup the reformat. WIndows is back on and working, just got to go through all the drivers and updates now. That should keep me busy for a while.

From what she says, it looks like my eldest has the same, so her PC will be next for a reformat!

[Watchman~SPARTA~]

Okay, first PC sorted, format went fine and it's now back up and running with latest drivers, antivirus etc.

 

Second PC is much more of a problem. It turns out that my eldest daughter has been doing her final exam coursework on there and for whatever reason does not have a back up copy. Consequently I can't just reformat.

 

If I have to slave the drive to my PC then I will but can someone post if there is a way to get past the virus, so that I can run the malware program?

At this point I cannot get past the fake virus program, if I try to close it I get message saying "this is a prohibited action". Task Manager does not shut it down. I can't get into safe mode and can only get into bios by removing the CMOS battery.

 

I can obviously go the battery route and change the boot option so that it reads the optical drive first, so do I need to put something on a disk that will disable the virus somehow: Is that what "rkill" does?

 

Really appreciate the help on this one guys, if she loses her work she will be gutted.

 

Ta, Watchy

[Hunter~SPARTA~]

Like Batwing was saying, there are several disc bootable OS options out there. I'm walking out the door right now and I can't think of the name of one off the top of my head, but basically what they do is load an alternate operating system from the disc but still allow you to access the local files on your hard drive. This route should stop the virus from ever being initiated.

 

 

- JHunter

[Watchman~SPARTA~]

Managed to blag an XP boot disc from the IT deptartment at work and got in behind the virus. Found and copied all of her files and now in the process of re-formatting and re-installing software.

Thanks for the advice and pointers, it would appear both PC's are on there way back to good health, without any major disasters.

[custard~SPARTA~]

Managed to blag an XP boot disc from the IT deptartment at work and got in behind the virus. Found and copied all of her files and now in the process of re-formatting and re-installing software.

Thanks for the advice and pointers, it would appear both PC's are on there way back to good health, without any major disasters.

 

Good job there dude