Computer Hope
Software => Computer viruses and spyware => Topic started by: robcam on August 11, 2009, 04:50:07 PM
-
Hello,
My wife was on the computer last evening and picked up a bug. I can't log in to safe mode at all. I get a warning message that the logon.exe is not available. The background for my workspace is changed to "Your system is infected! the system has been stopped due to spyware. I need to get spyware to continue." I have mbam installed on the system but am not able to use it. I also have Superantispyware installed. With bitdefender antivirus 2009 and use zone alarm firewall. Working with it I have gotten the pop up to go away, but still no luck with trying to get computer to log into safe mode. I have win xp sp2 installed I am attaching my last HJT log as this atm is my only program I can run. I don't have internet with the corrupted computer. I am looking for some help with this.
Thanks
[attachment deleted by admin]
-
check the following:
This is probably what is stopping you from using Safe mode:
F2 - REG:system.ini: Shell=Explorer.exe logon.exe
userinit is a windows component; sdra64, on the other hand, is a trojan.
F2 - REG:system.ini: UserInit=D:\WINDOWS\system32\userinit.exe,D:\WINDOWS\system32\sdra64.exe,
this isn't necessarily a threat but there's no reason for it to be there:
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
"winupdate" is not a windows component. (windows update is performed by a process called wuaclt, if memory serves me)
O4 - HKLM\..\Run: [winupdate.exe] D:\WINDOWS\system32\winupdate.exe
O15 - Trusted Zone: http://wow.allakhazam.com
O20 - Winlogon Notify: yayyVMdc - yayyVMdc.dll (file missing)
and click "fix checked"
Also, try using the mbamrenamer tool, here (http://kixhelp.com/wr/files/mb/randmbam.exe), or rename the malwarebytes shortcut and program file yourself, (as you have for hijackthis) and see if that let's you run it; or after fixing the items with hijackthis see if you can reboot into safe mode and run MBAM from there.
-
I fixed the items in HJT but am still having the same problem not able to log into safe mode or use MBAM.
[attachment deleted by admin]
-
are you getting the same error when you try to start in safe mode?
Also- did you try the mbam renamer?
-
It won't let me log in to safe mode. I renamed the mbam also. I am getting a runtime error with mbam '372' failed to load 'vbalgrid' from vbalgrid6.ocx. version maybe outdated.
-
try a reinstall of mbam, if possible.
-
OK, I reinstalled mbam still the same runtime error. As for the logging into safe mode I can't seem to get F8 to work at the win banner.
-
OK, I reinstalled mbam still the same runtime error. As for the logging into safe mode I can't seem to get F8 to work at the win banner.
your supposed to press f8, before the windows banner even appears; personally I just hit f8 repeatedly when I start my PC if I need safe mode.
-
I can finally get to safe mode but I am not able to use superspyware or mbam to do anything. I click on them and they do nothing. superantispyware does then show up in the sys tray but I can't start a scan. I am about to reformat and start over. Is there anything else to do?
-
Try renaming the programs and then try run in safe mode.
-
I renamed the programs still not running in safe mode. Is there anything else I can do?
-
Only thing I can think of- is combofix... May as well give a few more things a try. Make sure to backup all the stuff you want to keep in case you end up needing to reinstall, which hopefully won't be the case, but you can never be too prepared.
Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.
Link #1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link #2 (http://subs.geekstogo.com/ComboFix.exe)
**Note: It is important that it is saved directly to your Desktop
Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.
Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link (http://www.bleepingcomputer.com/forums/topic114351.html) to see a list of security programs that should be disabled and how to disable them.
Double click combofix.exe & follow the prompts.
When finished ComboFix will produce a log for you.
Post the ComboFix log in your next reply.
Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.
Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.
If you have problems with ComboFix usage, see How to use ComboFix (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)
----------
attach the combofix log to your next reply.