TechSpot

Computer will only run in safe mode. Trojan found and healed.

By faykoko
Oct 7, 2006
  1. Hi, new to the group today. I joined to get help with a problem. After looking at the site, people here seem to be very supportive.

    I went to bed after a normal day of working, when I got up the next morning the computer was off. I had left it on. When I turned it on, I gota c000021a fatal system error. status of 0x00000080 (0x00000000 0x00000000).

    Rebooted, same message.
    started in safe mode ok, but I don't know what to do.

    Cant sign online with it (using daughter laptop)
    have not added or connected new programs or software

    ran virus scan, banker tojan horse found and "healed" by AVG

    still won't work.

    can't find anything searching internet.

    Help :(
     
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    I have moved your thread to our security and the web forum.

    You may have a nasty infection.

    Can you boot into safemode with networking?

    If you can, go HERE and follow as many of the instructions as you can.

    If not, on the computer you`re on now, go and read this thread HERE. Download HJT as per the instructions and burn it to cd. Transfer it to the affected computer and post a HJT log as an attachments into this thread.

    Regards Howard :wave: :wave:

    This thread is for the use of faykoko only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  3. faykoko

    faykoko TS Rookie Topic Starter

    move

    hi, thanks for moving me. I wasn't real sure where to post the question. I logged onto the problem computer in safe mode with networking, but could not sign online. I will l take your suggestions with the computer I'm using now and give it a try.


    Thanks
     
  4. faykoko

    faykoko TS Rookie Topic Starter

    options

    Hi again

    ok,

    virtumondo nothing found
    look 2 me- won't run, svchost generated errors
    smith- denied access
    I dont have the money to download the hjt right now
    spybot-clear


    Vundofix as clear too

    Any other options
     
  5. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    I don`t know what you mean by you don`t have the money to download HJT.

    It`s a completely free programme.

    Once I have your HJT log, I`ll be in a better position to advise you.

    Regards Howard :)
     
  6. faykoko

    faykoko TS Rookie Topic Starter

    one more thing, AVG noted partition table mbr reading error and boot sector of disk reading error
     
  7. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    That doesn`t sound very good.

    Go HERE and follow the instructions.

    Regards Howard :)
     
  8. faykoko

    faykoko TS Rookie Topic Starter

    ok, now I see the free download, the site said something about $49, I'll download it to disc, stick it in the other computer and run it. Ill do this before I start any type of scandisk
     
  9. faykoko

    faykoko TS Rookie Topic Starter

    hjt

    downloaded the HJt and ran it. Log saved, but I can't save it to disk so i can post here. "you do not have permission to open this file".
     
  10. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Damn, it`s not looking very good.

    Follow the instructions in the link I gave you for testing you hard drive etc.

    Let me know the results.

    Regards Howard :)
     
  11. faykoko

    faykoko TS Rookie Topic Starter

    I took a break and came back to it. I was getting frustrated.
    the chck disk came back clear, I'm hoping that was a good sign

    I have not added anything to my computer or downloaded anything in over a month.

    I can still log on in safe mode.

    I tried changing the page size

    SVCHOST is still shutting down

    Still getting same bsod ca000021a 0x00000080 (0x00000000 0x00000000)

    tried running defrag, but it won't start

    I changed the computer name, decreased by on letter

    I added my system info the my profile


    Windows 2000 professional
    5.00.2195
    service pack 4

    dell optiplex gx260
    intel pentium 4 cpu 2.0 ghz at 260088 kb ram

    I'm concerned about the svchost not running, that must mean something

    I'm not tech savy at all, for the first time ever I'm wishing for my first computer a little T80 that used a cassette recorder for memory lol
     
  12. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Give this a try.

    With your Windows cd handy, click start/run and type sfc /scannow into the run box and press the enter key, note the space between the sfc and the forward slash. Windows will check for any missing or damaged OS files and replace as necessary.

    Let me know the results please.

    Regards Howard :)
     
  13. faykoko

    faykoko TS Rookie Topic Starter

    I have no software for this computer. Corporate computer for home use, company is in Vancouver WA,(west coast) I'm in WV (east coast). I have two other dell computers, but they use windows xp and windows me, not windows professional. Drives me crazy that they don't give us the software to maintain our own systems
     
  14. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    That`s not only unfortunate but very frustrating too.

    Is there any way you can get a HJT log to me? I don`t care if you copy and paste it.

    It`s a bit of a long shot as I think your symptoms are more serious than just a malware infection.

    I don`t really see how I can help. Believe me I want to, but apart from the above, I`m out of ideas.

    The only other suggestion I have is for your to buy a copy of Windows XP.

    Regards Howard :(
     
  15. faykoko

    faykoko TS Rookie Topic Starter

    can't save to cd or floppy, can't print.

    I really appreciate your help. I don't think it's just a bug either.

    I will probably have to contact our IT department and let them try to resolve it. Unfortunately, that means taking time off work, which I hate to do for something like this. especially since there's not much they will be able
    to do that we haven't already tried.
    Also, I do have some personal stuff on the computer that'd I'd like to save, pictures and what not, nothing embarrassing (thank God)

    maybe they can just send me the discs and let me reformat the whole thing

    again, really appreciate your help!!
     
  16. faykoko

    faykoko TS Rookie Topic Starter

    new

    just ran the avg again and trojan horse psw.banker.wqp was found in the

    c:\\winnt\system32\sfc.dll

    avg can't heal or move to vault
     
  17. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

    Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html

    Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html

    Run a full system scan with AVG and delete whatever it finds, this includes anything in the virus vault.

    Reboot into normal mode, turn system restore back on and rehide your protected OS files.

    See if that helps.


    Regards Howard :)

    This thread is for the use of faykoko only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...