Jump to content

Loss of sysytem am sending this in safe mode!!

caskin
 Share

Recommended Posts

caskin Newbie

caskin

Posted
Posted

have encountered unknown severe infection,unable to send via normal set up had to access safe mode in order to access internet and this forum.]

Large splash screen originally came up stating pC infected and requesting I used their spyware.

I have used malware and superantisyware which found a large number of infections but PC still fails to start up normally and is blocked by stated splash screen

 

Also sysytem restore is unobtainable,message pops up "System restore has been turned off by group policy"

 

Hope this gets through to forum desperatelty require help

:pDont try to weather the storm,learn to dance in the rain instead!
  • Replies 14
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Plastic Nev Newbie

Plastic Nev

Posted
Posted
Hi caskin that sounds pretty bad, first, do you have any disks for it, system restore and the like in case that is the only way out, and secondly have you a good backup of your system should it be needed to return it to original factory settings?

Need help with your computer problems? Then why not join Free PC Help. Register here.

If Free PC Help has helped you then please consider a donation. Click here

 We are all members helping other members. Please return here where you may be able to help someone else.  

After all, no one knows everything and you may have the answer that someone needs.

--------------------------------------------------------------------

I have installed Windows, now how do I install the curtains? 😄

image.png

caskin Newbie

caskin

Posted
  • Author
Posted
Hi caskin that sounds pretty bad, first, do you have any disks for it, system restore and the like in case that is the only way out, and secondly have you a good backup of your system should it be needed to return it to oiginal factory settings?

 

Now having to use daughters laptop as my pc has blue screened!!!Internet and allprogrammes will not run???

Thankyou for getting back to me

 

 

Did a full scan last night with zone alarm which found 17 serious trojan infections,quarantined all but system now worse as stated as now no programmes available to me on my PC which up until now was totally clean.cannot access malware or spyware programmes..or come to that anything!!!

 

Following mesages pop up !C\windows\sysytem32\msuhz.exe requires install

 

C\windows\msyrogon.exe requires install.

 

My only means of contact is via this laptopand forum so allhelp really appreciated......I do have reinstall discs etc but idea,lly would like to sageguard photos etc on my pc???? :confused::confused:

:pDont try to weather the storm,learn to dance in the rain instead!
Tootech Newbie

Tootech

Posted
Posted

Caskin,

 

Can you use a USB flash drive to download one or two programs and transfer them to your poorly computer?

 

Download Roguefix here

 

Roguefix - Rogue scanner & Fake warning removal tool

 

Follow the instructions to download using Right Click, Save As.

 

Combofix

 

A guide and tutorial on using ComboFix

 

Malwarebytes

 

Malwarebytes Anti-Malware - Reviews and free Malwarebytes Anti-Malware downloads at Download.com

 

ATF - Cleaner

 

ATF-Cleaner.exe - www.atribune.org

 

Run your poorly computer in Safe Mode - no networking.

 

Run ATF Cleaner first

 

Then run Roguefix, system will reboot - make sure you get back to Safe Mode.

 

Then run Combofix

 

Finally run Malwarebytes - don't worry about udating it at the moment, just run it.

 

My thinking is that by running all of those from Safe Mode you will get back some control of your PC so you can do a full malware removal.

 

When they are all complete, go back to Safe Mode, then click Start, Run, type

 

combofix /u

 

and press Enter.

 

Reboot back to normal running Mode and see how it runs.

caskin Newbie

caskin

Posted
  • Author
Posted
Caskin,

 

Can you use a USB flash drive to download one or two programs and transfer them to your poorly computer?

 

Download Roguefix here

 

Roguefix - Rogue scanner & Fake warning removal tool

 

Follow the instructions to download using Right Click, Save As.

 

Combofix

 

A guide and tutorial on using ComboFix

 

Malwarebytes

 

Malwarebytes Anti-Malware - Reviews and free Malwarebytes Anti-Malware downloads at Download.com

 

ATF - Cleaner

 

ATF-Cleaner.exe - www.atribune.org

 

Run your poorly computer in Safe Mode - no networking.

 

Run ATF Cleaner first

 

Then run Roguefix, system will reboot - make sure you get back to Safe Mode.

 

Then run Combofix

 

Finally run Malwarebytes - don't worry about udating it at the moment, just run it.

 

My thinking is that by running all of those from Safe Mode you will get back some control of your PC so you can do a full malware removal.

 

When they are all complete, go back to Safe Mode, then click Start, Run, type

 

combofix /u

 

and press Enter.

 

Reboot back to normal running Mode and see how it runs.

 

 

This appears to be very seiours as all access to my pc has been lost even though all programmes are in place.

I have ""reg back up" in my docs but when I attempt to access message comes up reg editing turned OFF by adminstator,it states the same thing for system restore.,

I even atempted loading back up disc system fails to recognise????rr

 

So even attempting to carry out your kind advcie is causing problems HELP!!!

 

Might add this problem came out of nowhere with all firewalls and security in place

:pDont try to weather the storm,learn to dance in the rain instead!
caskin Newbie

caskin

Posted
  • Author
Posted

EVEN REGEDIT WILL NOT ACTIVATE ALSO UNABLE TO ACCESS NET????HELPPLEASE

 

This appears to be very seiours as all access to my pc has been lost even though all programmes are in place.

I have ""reg back up" in my docs but when I attempt to access message comes up reg editing turned OFF by adminstator,it states the same thing for system restore.,

I even atempted loading back up disc system fails to recognise????rr

 

So even attempting to carry out your kind advcie is causing problems HELP!!!

 

Might add this problem came out of nowhere with all firewalls and security in place

Also unable to access regedit or internet!!!!

:pDont try to weather the storm,learn to dance in the rain instead!
Tootech Newbie

Tootech

Posted
Posted

Caskin, forget regedit and the Internet for now.

 

Often malware will change the policies so that regedit and task manager are disabled.

 

The only way I can think of to get into this system is to copy over the programs I linked from a USB flash drive or CD to your poorly PC and run them from there.

 

They don't need updating, you don't need the Internet, just copy them to a folder on C: drive - make a new folder, call it malware removal or something similar and attempt the procedure I wrote.

caskin Newbie

caskin

Posted
  • Author
Posted
Caskin, forget regedit and the Internet for now.

 

Often malware will change the policies so that regedit and task manager are disabled.

 

The only way I can think of to get into this system is to copy over the programs I linked from a USB flash drive or CD to your poorly PC and run them from there.

 

They don't need updating, you don't need the Internet, just copy them to a folder on C: drive - make a new folder, call it malware removal or something similar and attempt the procedure I wrote.

 

OK this will take time as i will need to download to my daughters laptop and then onto cd,eventually hopefully activating them on poorly pc.......just one thing my poorly pc has two partitions c drive and d drive....D holds all my back up discs and recovery sysytems.now although I can get intoprogramme files i do not seem to be able to access recovery system?Just thought I would mention tha if it it might provide a shorter route?

:pDont try to weather the storm,learn to dance in the rain instead!
caskin Newbie

caskin

Posted
  • Author
Posted
Caskin, forget regedit and the Internet for now.

 

Often malware will change the policies so that regedit and task manager are disabled.

 

The only way I can think of to get into this system is to copy over the programs I linked from a USB flash drive or CD to your poorly PC and run them from there.

 

They don't need updating, you don't need the Internet, just copy them to a folder on C: drive - make a new folder, call it malware removal or something similar and attempt the procedure I wrote.

 

OK have all programmes downlaoded to desktop,wikk place on CD and apply to poorly PC,not quite certain what I am doing but here goes!!!!And thanks

:pDont try to weather the storm,learn to dance in the rain instead!
caskin Newbie

caskin

Posted
  • Author
Posted
Caskin,

 

Can you use a USB flash drive to download one or two programs and transfer them to your poorly computer?

 

Download Roguefix here

 

Roguefix - Rogue scanner & Fake warning removal tool

 

Follow the instructions to download using Right Click, Save As.

 

Combofix

 

A guide and tutorial on using ComboFix

 

Malwarebytes

 

Malwarebytes Anti-Malware - Reviews and free Malwarebytes Anti-Malware downloads at Download.com

 

ATF - Cleaner

 

ATF-Cleaner.exe - www.atribune.org

 

Run your poorly computer in Safe Mode - no networking.

 

Run ATF Cleaner first

 

Then run Roguefix, system will reboot - make sure you get back to Safe Mode.

 

Then run Combofix

 

Finally run Malwarebytes - don't worry about udating it at the moment, just run it.

 

My thinking is that by running all of those from Safe Mode you will get back some control of your PC so you can do a full malware removal.

 

When they are all complete, go back to Safe Mode, then click Start, Run, type

 

combofix /u

 

and press Enter.

 

Reboot back to normal running Mode and see how it runs.

 

First again my thanks,as most of my programmes apear to be running normally,although have not accessed internet as of yet.

 

the only part of your instructions that did NOT work was the last ie START RUN combofix/u

 

Windows message came up "Windows cannot find combofix"

 

Is that any cause for concern,and should I continue to operate sysytem?

:pDont try to weather the storm,learn to dance in the rain instead!
Tootech Newbie

Tootech

Posted
Posted

Thats good news caskin, the combofix command is

 

combofix /u - there's a space between combofix and /u

 

Also, did you delete all the malware removal programs when you had finished? That would cause the error.

 

The bad news os that your computer is not yet clean - what you have done is a preliminary clean to get your system running.

 

So, now follow the Extreme Tech Support - Free PC Help malware removal procedure to make sure it is clean and safe to use.

 

When you are done, please let us know how things are - thanks.

 

 

 

 

 

 

It is in your best interest to note the following:

  1. Please disable your resident security applications (such as AVG, Spybot, WinPatrol, etc.) before performing the below procedure so that they do not interfere with the process.


  2. Perform all the steps in the order listed to avoid any conflicts.


  3. If unsure, please stop and voice your doubts.


  4. You might be required to go offline during the disinfection process. Therefore, it is recommended to print off the instructions below for ease of reference.


If you stick to the above guidelines, all should go smoothly.

 

 

 

 

 

 

 

================================================

 

STEP 1

  1. Download ATF-Cleaner by Atribune.

  2. Save the file to your Desktop.


  3. Double-click on the file to run the program.


  4. On the Main tab, check the Select All button.


  5. Next, click on the Firefox tab (if applicable) and check the Select All button.


     
     


    Note: If you would like to preserve your saved passwords in Firefox, then click No at the corresponding prompt.


  6. Now, click on the Opera tab (if applicable) and check the Select All button.


     
     


    Note: If you would like to preserve your saved passwords in Opera, then click No at the corresponding prompt.


  7. Press the Empty Selected button and click OK to acknowledge the corresponding prompt.


  8. Click on the Exit button to quit the program.


================================================

 

STEP 2

  1. Please click here to download Malwarebytes' Anti-Malware.

Save the file to your Desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.

At the end, make sure a check mark is placed next to:

  1. Update Malwarebytes' Anti-Malware


  2. Launch Malwarebytes' Anti-Malware


Click Finish.

The program will download and update itself if it finds the necessity to do so. Please allow this.

Once the program has loaded, select Perform full scan, then click Scan.



  1.  
     
     
    Note: Depending on your computer specifications, the scan may take some time to complete. Please wait patiently and do not interrupt the process.
When the scan is complete, click OK, and then Show Results to view the results.


Make sure that every entry is selected, and click Remove Selected.


Restart your computer.


================================================

STEP 3

  1. Please click here to download SUPERAntiSpyware (Free Version).
  2. Save the file to your Desktop.
  3. Double-click SUPERAntiSpyware.exe and follow the prompts to install the program.
  4. Open SUPERAntiSpyware.
  5. Under Configuration and Preferences, click the Preferences button.
  6. Click the Scanning Control tab.
  7. Under Scanner Options make sure the following fields checked:

[*]Click the Close button to leave the control center screen.

[*]On the main screen, under Scan for Harmful Software click Scan your computer.

[*]On the left, make sure you check mark All the Fixed Drives.

[*]On the right, under Complete Scan, choose Perform Complete Scan.

[*]Click Next to start the scan. Please be patient while it scans your computer.

[*]After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click OK.

[*]Make sure every entry has a check mark next to it and click Next.

[*]A notification will appear that Quarantine and Removal is Complete. Click OK and then Finish to return to the main menu.

[*]Restart your computer.

================================================

 

STEP 4

  1. Please visit the ESET Online Scanner, using Internet Explorer to initiate the scan.


  1.  
     

    Note: If you are running Windows Vista, then you will need Administrative privileges to complete the latter part of the procedure. To do so, right-click on the Internet Explorer icon in the Start Menu and select the Run As Administrator option in the shell context menu.


Check mark the YES, I accept the Terms of Use box.

Click the Start button.

Click the Install button on the following screen.

Click Start. This will will initialize and update the scanner engine.

Check mark the box beside Remove found threats.

Click the Scan button. This will start the scan. Please be patient while it is in progress.

Restart your computer.


================================================

STEP 5

  1. Click on Start > Programs > Accessories > System Tools and select System Restore.
  2. Choose the radio button marked Create a Restore Point on the first screen and click Next. Give the restore point a name then click Create. The new point will be stamped with the current date and time. Keep a note of this so you can find it easily should you need to use System Restore.
  3. Next, click on Start > Run, type Cleanmgr and click on OK.
  4. Click on the More Options tab.
  5. Click the Clean Up button in the System Restore section to remove all previous restore points except the most recent one.

This will remove any infected files that have been backed up by Windows. The files in "System Restore" are protected to prevent any programs changing those files. This is the only foolproof way to ensure the deletion of those files.

 

 

 

Note: Do not clear restore points on a regular basis as doing so will clear all previous restore points even those that you may need. System Restore is a useful tool to revert your computer back to a working condition if something goes wrong.

 

 

 

Re-enable all your security applications and please return here and tell us how the computer seems to be operating.

 

 

 

Close browsers before scanning
Scan for tracking cookies
Terminate memory threats before quarantining

caskin Newbie

caskin

Posted
  • Author
Posted
Thats good news caskin, the combofix command is

 

combofix /u - there's a space between combofix and /u

 

Also, did you delete all the malware removal programs when you had finished? That would cause the error.

 

The bad news os that your computer is not yet clean - what you have done is a preliminary clean to get your system running.

 

So, now follow the Extreme Tech Support - Free PC Help malware removal procedure to make sure it is clean and safe to use.

 

When you are done, please let us know how things are - thanks.

 

 

 

 

 

 

 

 

It is in your best interest to note the following:

  1. Please disable your resident security applications (such as AVG, Spybot, WinPatrol, etc.) before performing the below procedure so that they do not interfere with the process.


  2. Perform all the steps in the order listed to avoid any conflicts.


  3. If unsure, please stop and voice your doubts.


  4. You might be required to go offline during the disinfection process. Therefore, it is recommended to print off the instructions below for ease of reference.


If you stick to the above guidelines, all should go smoothly.

 

 

 

 

 

 

 

 

================================================

STEP 1

 

 

  1. Download ATF-Cleaner by Atribune.

  2. Save the file to your Desktop.


  3. Double-click on the file to run the program.


  4. On the Main tab, check the Select All button.


  5. Next, click on the Firefox tab (if applicable) and check the Select All button.


     
     
     
     

    Note: If you would like to preserve your saved passwords in Firefox, then click No at the corresponding prompt.


     


  6. Now, click on the Opera tab (if applicable) and check the Select All button.
     
     
     

    Note: If you would like to preserve your saved passwords in Opera, then click No at the corresponding prompt.


     


  7. Press the Empty Selected button and click OK to acknowledge the corresponding prompt.

  8. Click on the Exit button to quit the program.


================================================

 

STEP 2

  1. Please click here to download Malwarebytes' Anti-Malware.

Save the file to your Desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.

At the end, make sure a check mark is placed next to:

  1. Update Malwarebytes' Anti-Malware


  2. Launch Malwarebytes' Anti-Malware


Click Finish.

The program will download and update itself if it finds the necessity to do so. Please allow this.

 

Once the program has loaded, select Perform full scan, then click Scan.


  1.  
     
     

    Note: Depending on your computer specifications, the scan may take some time to complete. Please wait patiently and do not interrupt the process.


  2. When the scan is complete, click OK, and then Show Results to view the results.


  3. Make sure that every entry is selected, and click Remove Selected.


  4. Restart your computer.



================================================

 

 

STEP 3

  1. Please click here to download SUPERAntiSpyware (Free Version).
  2. Save the file to your Desktop.
  3. Double-click SUPERAntiSpyware.exe and follow the prompts to install the program.
  4. Open SUPERAntiSpyware.
  5. Under Configuration and Preferences, click the Preferences button.
  6. Click the Scanning Control tab.
  7. Under Scanner Options make sure the following fields checked:

[*]Click the Close button to leave the control center screen.

[*]On the main screen, under Scan for Harmful Software click Scan your computer.

[*]On the left, make sure you check mark All the Fixed Drives.

[*]On the right, under Complete Scan, choose Perform Complete Scan.

[*]Click Next to start the scan. Please be patient while it scans your computer.

[*]After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click OK.

[*]Make sure every entry has a check mark next to it and click Next.

[*]A notification will appear that Quarantine and Removal is Complete. Click OK and then Finish to return to the main menu.

[*]Restart your computer.

================================================

 

 

STEP 4

  1. Please visit the ESET Online Scanner, using Internet Explorer to initiate the scan.


  1.  
     
     

    Note: If you are running Windows Vista, then you will need Administrative privileges to complete the latter part of the procedure. To do so, right-click on the Internet Explorer icon in the Start Menu and select the Run As Administrator option in the shell context menu.



Check mark the YES, I accept the Terms of Use box.

Click the Start button.

Click the Install button on the following screen.

Click Start. This will will initialize and update the scanner engine.

Check mark the box beside Remove found threats.

Click the Scan button. This will start the scan. Please be patient while it is in progress.

Restart your computer.

================================================

STEP 5

  1. Click on Start > Programs > Accessories > System Tools and select System Restore.
  2. Choose the radio button marked Create a Restore Point on the first screen and click Next. Give the restore point a name then click Create. The new point will be stamped with the current date and time. Keep a note of this so you can find it easily should you need to use System Restore.
  3. Next, click on Start > Run, type Cleanmgr and click on OK.
  4. Click on the More Options tab.
  5. Click the Clean Up button in the System Restore section to remove all previous restore points except the most recent one.

This will remove any infected files that have been backed up by Windows. The files in "System Restore" are protected to prevent any programs changing those files. This is the only foolproof way to ensure the deletion of those files.

 

 

 

 

Note: Do not clear restore points on a regular basis as doing so will clear all previous restore points even those that you may need. System Restore is a useful tool to revert your computer back to a working condition if something goes wrong.

 

 

 

 

 

Re-enable all your security applications and please return here and tell us how the computer seems to be operating.

 

 

 

 

 

Having spent all day yesterday and into the early hours nursing my poorly pC,I am now ecstatic in being able to tell you that your prognosis,diagnosis and treatment appears to have brought it back to perfect health!!!

 

You guys never fail to amaze me with your dedication and ability.

 

Only two areas did not do as requested......combfix /u was still undetectable by Windows?

 

Also Start,Run and cleanmgr only resulted in a disc defrag,there was no option tab?

 

But at least I am sending this to you via original pC and not working between two PCs in order to keep in touch...so once again thank you for making my day!:)

 

Close browsers before scanning
Scan for tracking cookies
Terminate memory threats before quarantining

:pDont try to weather the storm,learn to dance in the rain instead!
Tootech Newbie

Tootech

Posted
Posted

That's excellent news caskin :D

 

I have asked one of the others mods about the combofix uninstall issue - watch this space.

 

You can remove all of the old System Restore Points by right clicking on My Computer, down to Properties and then over to System Restore.

 

Tick the box to switch off System Restore, click Apply.

 

Then, once complete, untick the box again and click Apply.

 

Now, you must make one new restore point.

 

Start>All Programs>Accessories>System Tools>System Restore.

 

Create a restore point and close it.

 

All done.

caskin Newbie

caskin

Posted
  • Author
Posted
That's excellent news caskin :D

 

I have asked one of the others mods about the combofix uninstall issue - watch this space.

 

You can remove all of the old System Restore Points by right clicking on My Computer, down to Properties and then over to System Restore.

 

Tick the box to switch off System Restore, click Apply.

 

Then, once complete, untick the box again and click Apply.

 

Now, you must make one new restore point.

 

Start>All Programs>Accessories>System Tools>System Restore.

 

Create a restore point and close it.

 

All done.

 

All done will await update on combofix /u Cheers

:pDont try to weather the storm,learn to dance in the rain instead!

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...