Can't run 8 steps, system only boots into Safe Mode

By baggettms01
Jun 14, 2009
Topic Status:
Not open for further replies.
  1. I am working on a computer for a co-worker of mine. It will not boot in to normal mode at all. In safe mode I was able to get MBAM to install but it will not run. Ccleaner installs and runs just fine. SuperAntiSpyware will not install. HijackThis will not install.

    Thanks in advance for you help.
  2. touch

    touch Newcomer, in training Posts: 978

    Hello baggettms01

    Reboot to safe mode with network

    Please download combofix here ->
    ComboFix

    Before Saving it to Desktop, please rename it to 123.com to stop malware from disabling it.

    Now, please make sure no other programs are running, close all other windows.

    Please double click on the file you downloaded. Follow the onscreen prompts to start the scan.
    Once the scanning process has started please DO NOT click on the Combofix window or attempt to use your computer as this can cause the scanning process to stall.
    It may take a while to complete scanning and this is normal.

    You will be disconnected from the internet and your desktop icons/toolbars will disappear during scanning, do not worry, this is normal and it will be restored after
    scanning has completed.

    Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt, please attach it to your next post
  3. baggettms01

    baggettms01 Newcomer, in training Topic Starter

    Combofix log

    Touch, attached is the combofix log file.

    Thanks for your help.
  4. touch

    touch Newcomer, in training Posts: 978

    Looks like you´ve got rid of a rootkit there.

    If you can´t boot to normal mode, open msconfig ->

    Click on Start, then Run. In the Run dialog box type msconfig and press enter to start the MSCONFIG utility.
    If you click on the Boot.ini tab you will see some checkboxes at the bottom under Boot Options. Uncheck the checkbox next to /SAFEBOOT.

    Reboot.

    See if you can run the steps in this guide:

    8-step Viruses/Spyware/Malware Preliminary Removal Instructions

    Post attached log´s from:

    Malwarebyte
    Superantispyware
    Hijackthis


    In your next reply
  5. baggettms01

    baggettms01 Newcomer, in training Topic Starter

    logs

    The requested logs are attached. Thanks!
  6. touch

    touch Newcomer, in training Posts: 978

    Go to add/remove programs in controlpanel, and remove:
    Search Settings
    Viewpoint Manager


    Reboot, attach fresh hijackthis log and tell how things are running ?
  7. baggettms01

    baggettms01 Newcomer, in training Topic Starter

    Thanks Touch, things are much better now. I uninstalled those two programs. I have one more question, there is an icon in the system tray for a program called "Poker Messenger". I have never heard of it and there is no option to uninstall it via control panel. Is this something I should be concerned about?
  8. baggettms01

    baggettms01 Newcomer, in training Topic Starter

    Here's the new HijackThis log. I forgot to attach it to my last reply.
  9. baggettms01

    baggettms01 Newcomer, in training Topic Starter

    Hey touch, Just checking in since I haven't gotten a reply yet. It appears that everything is cleared up on the machine, I would just like that to be verified be someone else. Thanks for your help.
  10. raybay

    raybay TechSpot Evangelist Posts: 10,716   +6

    Looks good to me.
    Keep in touch for a few days.
    You did not discuss what you use as Antivirus, but I would consider getting someting good like Avir Antivir or Avast or Kaspersky.
    The problem remains that you do not know where the rootkit and other evils came from, so they may try to return, particularly if you visit the same sites. I would occasionally run those scans that have been discussed in this thread, and add Windows Defender to lurk in the background.
  11. baggettms01

    baggettms01 Newcomer, in training Topic Starter

    Thanks Raybay. This is not my computer, but a co-worker's. He has McAfee on it. I have already given your advice to him (running MBAM and SAS weekly, as well as being very careful what websites you visit).
  12. touch

    touch Newcomer, in training Posts: 978

    I thought you played Poker ;)

    But, delete ->C:\Program Files\Poker Messenger, from safe mode.


    Reboot, and you´re good to go.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.