Guest ELC Posted August 14, 2007 Posted August 14, 2007 I have a DELL Inspiron 6000 running Windows XP Home Edition SP2. I was browsing the web searching for a medicine properties and I guess it was when the virus entered my computer. It has been almost 2 weeks now. The virus was (or is) a Trojan, it appeared as a yellow triangle with "!" sign in the middle resembling windows alerts; alerting me of potential spyware action. Minutes later a pop-up appeared and if I click on it (which I did by mistake, was chatting and hit the enter key when it poped-up) it will re-direct me to a home page which I never used. I also got my homepage changed (hijacked) to google. I had installed AVG anti-virus and it didn't detect the Trojan nor it avoided its entrance. Now I have Avast. I have tried many things to kill the virus and work normally but I have not been successful. When I downloaded SPYWAREfighter (by that time I was aware of the Trojan and its big power), I had to re-start my computer and then all got worse. First it started re-booting automatically, second, when I started in Safe Mode, I was not able to see the Control Panel icon anymore. I tried to uninstall the SPYWAREfighter but it didn't let me do it since I was working in Safe Mode. Finally I bought the XoftSpySE package (including RegCure) and run it. It found many undesirable files and removed them. Same thing with RegCure, it found many problems and claimed it had solved them. But it did not. The system was re-booting automatically when I tried to start in Normal Mode and the Control Panel was no-where. Just to check, I tried to Run--> regedit, but it says that it has been disabled by my administrator. Also it has appeared a few times a popup indicating that I have "restrictions" in this computer. Checking the Manage Startup of RegCure, I found that a file (WinAvXXX.exe if I can recall well) was in first place, I searched for it in the internet and found a way to remove it and I think I did it, I used SmitfraudFix to do this, and since then the yellow triangle and the pop up window dissapeared. But again, when I started in Normal Mode the system rebooted automatically. I had support from Pareto Systems (the creators of XoftSpy SE and RegCure) and the Trojans that were continiously appearing everytime I run the scan, disappeared. However I still can't run my computer in Normal Mode. Today I decided to re-install Windows and when in the process a pop up window appeared saying that (I am sorry I didn't copy the text) there were restrictions in my computer and that a certain characteristic/process could not be performed. And here I am, working on Safe Mode. After re-installing Windows, I run XoftSpy SE and found two problems rated low risk by that program (two cookies) which I removed; I also scanned the computer with RegCure, this time the results were as follows: 265 Problems Found 3 COM/ActiveX Entries 1 Application Paths 4 Help Files Information 4 Windows Startup Items 136 File/Path References 1 Program Shortcuts 116 Empty Registry Keys The program claimed it solved all the problems. Another "intersting" thing that I noticed was when I was re-starting the computer in Safe Mode, I saw that the lines read Partition2, and this computer (hard drive) is not partitioned. Finally, when I have started in Normal Mode and the computer automatically re-boot, the following legend has appeared (in a blue background): "STOP: c000021a {Fatal System errpr} The Windows subsystem system process terminated unexpectedly with a status 0xc0000005 (0x7c9106c3 0x0055f36c). The system has been shut down. Beginning dump of physical memory Physical memory dump complete. Contact your system administrator or technical support group for further assistance" And that is what I am doing, asking for HELP in this technical support group. I think I have made the most before posting this here, so if anyone with knoledge about this problem can help me, I will be very happy. Thank you so much in advance. Edgardo
Guest Gerry Posted August 14, 2007 Posted August 14, 2007 Re: Can't work in Normal Mode... NEED HELP PLEASE!!! A source of good advice http://www.elephantboycomputers.com/page2.html#Removing_Malware -- Hope this helps. Gerry ~~~~ FCA Stourport, England Enquire, plan and execute ~~~~~~~~~~~~~~~~~~~ ELC wrote: > I have a DELL Inspiron 6000 running Windows XP Home Edition SP2. I was > browsing the web searching for a medicine properties and I guess it > was when the virus entered my computer. It has been almost 2 weeks > now. The virus was (or is) a Trojan, it appeared as a yellow triangle > with "!" sign in the middle resembling windows alerts; alerting me of > potential spyware action. Minutes later a pop-up appeared and if I > click on it (which I did by mistake, was chatting and hit the enter > key when it poped-up) it will re-direct me to a home page which I > never used. I also got my homepage changed (hijacked) to google. > I had installed AVG anti-virus and it didn't detect the Trojan nor it > avoided its entrance. Now I have Avast. > I have tried many things to kill the virus and work normally but I > have not been successful. When I downloaded SPYWAREfighter (by that > time I was aware of the Trojan and its big power), I had to re-start > my computer and then all got worse. > First it started re-booting automatically, second, when I started in > Safe Mode, I was not able to see the Control Panel icon anymore. > I tried to uninstall the SPYWAREfighter but it didn't let me do it > since I was working in Safe Mode. Finally I bought the XoftSpySE > package (including RegCure) and run it. It found many undesirable > files and removed them. Same thing with RegCure, it found many > problems and claimed it had solved them. But it did not. The system > was re-booting automatically when I tried to start in Normal Mode and > the Control Panel was no-where. > Just to check, I tried to Run--> regedit, but it says that it has been > disabled by my administrator. Also it has appeared a few times a popup > indicating that I have "restrictions" in this computer. > Checking the Manage Startup of RegCure, I found that a file > (WinAvXXX.exe if I can recall well) was in first place, I searched > for it in the internet and found a way to remove it and I think I did > it, I used SmitfraudFix to do this, and since then the yellow > triangle and the pop up window dissapeared. But again, when I started > in Normal Mode the system rebooted automatically. I had support from > Pareto Systems (the creators of XoftSpy SE and RegCure) and the > Trojans that were continiously appearing everytime I run the scan, > disappeared. However I still can't run my computer in Normal Mode. > Today I decided to re-install Windows and when in the process a pop up > window appeared saying that (I am sorry I didn't copy the text) there > were restrictions in my computer and that a certain > characteristic/process could not be performed. And here I am, working > on Safe Mode. > After re-installing Windows, I run XoftSpy SE and found two problems > rated low risk by that program (two cookies) which I removed; I also > scanned the computer with RegCure, this time the results were as > follows: 265 Problems Found > 3 COM/ActiveX Entries > 1 Application Paths > 4 Help Files Information > 4 Windows Startup Items > 136 File/Path References > 1 Program Shortcuts > 116 Empty Registry Keys > The program claimed it solved all the problems. > Another "intersting" thing that I noticed was when I was re-starting > the computer in Safe Mode, I saw that the lines read Partition2, and > this computer (hard drive) is not partitioned. > Finally, when I have started in Normal Mode and the computer > automatically re-boot, the following legend has appeared (in a blue > background): "STOP: c000021a {Fatal System errpr} > The Windows subsystem system process terminated unexpectedly with a > status 0xc0000005 (0x7c9106c3 0x0055f36c). > The system has been shut down. > Beginning dump of physical memory > Physical memory dump complete. > Contact your system administrator or technical support group for > further assistance" > > And that is what I am doing, asking for HELP in this technical support > group. I think I have made the most before posting this here, so if > anyone with knoledge about this problem can help me, I will be very > happy. > Thank you so much in advance. > > Edgardo
Guest ELC Posted August 15, 2007 Posted August 15, 2007 Re: Can't work in Normal Mode... NEED HELP PLEASE!!! Thank you Gerry, but unfortunately I didn't succeed with this either. The thing is that I might have been removed the Trojan (that's what I think) but the problem is with windows now, it won't start is normal mode; and in safe mode I can't do many things. I posted my problem (again), along with the HijackThis Log file in http://www.bleepingcomputer.com; I hope I can get some "light: from there. Thanks for your advice anyway. Ed "Gerry" wrote: > A source of good advice > http://www.elephantboycomputers.com/page2.html#Removing_Malware > > > -- > > > > Hope this helps. > > Gerry > ~~~~ > FCA > Stourport, England > Enquire, plan and execute > ~~~~~~~~~~~~~~~~~~~ > > ELC wrote: > > I have a DELL Inspiron 6000 running Windows XP Home Edition SP2. I was > > browsing the web searching for a medicine properties and I guess it > > was when the virus entered my computer. It has been almost 2 weeks > > now. The virus was (or is) a Trojan, it appeared as a yellow triangle > > with "!" sign in the middle resembling windows alerts; alerting me of > > potential spyware action. Minutes later a pop-up appeared and if I > > click on it (which I did by mistake, was chatting and hit the enter > > key when it poped-up) it will re-direct me to a home page which I > > never used. I also got my homepage changed (hijacked) to google. > > I had installed AVG anti-virus and it didn't detect the Trojan nor it > > avoided its entrance. Now I have Avast. > > I have tried many things to kill the virus and work normally but I > > have not been successful. When I downloaded SPYWAREfighter (by that > > time I was aware of the Trojan and its big power), I had to re-start > > my computer and then all got worse. > > First it started re-booting automatically, second, when I started in > > Safe Mode, I was not able to see the Control Panel icon anymore. > > I tried to uninstall the SPYWAREfighter but it didn't let me do it > > since I was working in Safe Mode. Finally I bought the XoftSpySE > > package (including RegCure) and run it. It found many undesirable > > files and removed them. Same thing with RegCure, it found many > > problems and claimed it had solved them. But it did not. The system > > was re-booting automatically when I tried to start in Normal Mode and > > the Control Panel was no-where. > > Just to check, I tried to Run--> regedit, but it says that it has been > > disabled by my administrator. Also it has appeared a few times a popup > > indicating that I have "restrictions" in this computer. > > Checking the Manage Startup of RegCure, I found that a file > > (WinAvXXX.exe if I can recall well) was in first place, I searched > > for it in the internet and found a way to remove it and I think I did > > it, I used SmitfraudFix to do this, and since then the yellow > > triangle and the pop up window dissapeared. But again, when I started > > in Normal Mode the system rebooted automatically. I had support from > > Pareto Systems (the creators of XoftSpy SE and RegCure) and the > > Trojans that were continiously appearing everytime I run the scan, > > disappeared. However I still can't run my computer in Normal Mode. > > Today I decided to re-install Windows and when in the process a pop up > > window appeared saying that (I am sorry I didn't copy the text) there > > were restrictions in my computer and that a certain > > characteristic/process could not be performed. And here I am, working > > on Safe Mode. > > After re-installing Windows, I run XoftSpy SE and found two problems > > rated low risk by that program (two cookies) which I removed; I also > > scanned the computer with RegCure, this time the results were as > > follows: 265 Problems Found > > 3 COM/ActiveX Entries > > 1 Application Paths > > 4 Help Files Information > > 4 Windows Startup Items > > 136 File/Path References > > 1 Program Shortcuts > > 116 Empty Registry Keys > > The program claimed it solved all the problems. > > Another "intersting" thing that I noticed was when I was re-starting > > the computer in Safe Mode, I saw that the lines read Partition2, and > > this computer (hard drive) is not partitioned. > > Finally, when I have started in Normal Mode and the computer > > automatically re-boot, the following legend has appeared (in a blue > > background): "STOP: c000021a {Fatal System errpr} > > The Windows subsystem system process terminated unexpectedly with a > > status 0xc0000005 (0x7c9106c3 0x0055f36c). > > The system has been shut down. > > Beginning dump of physical memory > > Physical memory dump complete. > > Contact your system administrator or technical support group for > > further assistance" > > > > And that is what I am doing, asking for HELP in this technical support > > group. I think I have made the most before posting this here, so if > > anyone with knoledge about this problem can help me, I will be very > > happy. > > Thank you so much in advance. > > > > Edgardo > > >
Guest DellCA Posted August 22, 2007 Posted August 22, 2007 Re: Can't work in Normal Mode... NEED HELP PLEASE!!! John here, customer advocate at Dell headquarters. If after reinstalling Windows you still have malware, it sounds to me like something wasn't done right. I'm taking it that you tried some sort of repair installation to avoid losing data, perhaps? I would recommend removing anything you want to keep from the hard drive (USB keys are great for this) and -reformatting- and reinstalling Windows. That will erase the hard drive, viruses and all, before laying down a fresh copy of Windows. I recently fought this virus for someone else, and in the end, that's what I ended up doing. Maybe I could have fixed it, but I decided that after spending 3 hours on it, reinstalling Windows completely (for only 2 hours worth of work) was probably what I should have done to begin with. If you have any questions, feel free to let me know: customer_advocate@dell.com ATTN: John John Dell Customer Advocate -- DellCA
Recommended Posts