Computer will only run in safe mode. Trojan found and healed.

Status
Not open for further replies.

faykoko

Posts: 10   +0
Hi, new to the group today. I joined to get help with a problem. After looking at the site, people here seem to be very supportive.

I went to bed after a normal day of working, when I got up the next morning the computer was off. I had left it on. When I turned it on, I gota c000021a fatal system error. status of 0x00000080 (0x00000000 0x00000000).

Rebooted, same message.
started in safe mode ok, but I don't know what to do.

Cant sign online with it (using daughter laptop)
have not added or connected new programs or software

ran virus scan, banker tojan horse found and "healed" by AVG

still won't work.

can't find anything searching internet.

Help :(
 
Hello and welcome to Techspot.

I have moved your thread to our security and the web forum.

You may have a nasty infection.

Can you boot into safemode with networking?

If you can, go HERE and follow as many of the instructions as you can.

If not, on the computer you`re on now, go and read this thread HERE. Download HJT as per the instructions and burn it to cd. Transfer it to the affected computer and post a HJT log as an attachments into this thread.

Regards Howard :wave: :wave:

This thread is for the use of faykoko only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
move

hi, thanks for moving me. I wasn't real sure where to post the question. I logged onto the problem computer in safe mode with networking, but could not sign online. I will l take your suggestions with the computer I'm using now and give it a try.


Thanks
 
options

Hi again

ok,

virtumondo nothing found
look 2 me- won't run, svchost generated errors
smith- denied access
I dont have the money to download the hjt right now
spybot-clear


Vundofix as clear too

Any other options
 
I don`t know what you mean by you don`t have the money to download HJT.

It`s a completely free programme.

Once I have your HJT log, I`ll be in a better position to advise you.

Regards Howard :)
 
one more thing, AVG noted partition table mbr reading error and boot sector of disk reading error
 
ok, now I see the free download, the site said something about $49, I'll download it to disc, stick it in the other computer and run it. Ill do this before I start any type of scandisk
 
hjt

downloaded the HJt and ran it. Log saved, but I can't save it to disk so i can post here. "you do not have permission to open this file".
 
Damn, it`s not looking very good.

Follow the instructions in the link I gave you for testing you hard drive etc.

Let me know the results.

Regards Howard :)
 
I took a break and came back to it. I was getting frustrated.
the chck disk came back clear, I'm hoping that was a good sign

I have not added anything to my computer or downloaded anything in over a month.

I can still log on in safe mode.

I tried changing the page size

SVCHOST is still shutting down

Still getting same bsod ca000021a 0x00000080 (0x00000000 0x00000000)

tried running defrag, but it won't start

I changed the computer name, decreased by on letter

I added my system info the my profile


Windows 2000 professional
5.00.2195
service pack 4

dell optiplex gx260
intel pentium 4 cpu 2.0 ghz at 260088 kb ram

I'm concerned about the svchost not running, that must mean something

I'm not tech savy at all, for the first time ever I'm wishing for my first computer a little T80 that used a cassette recorder for memory lol
 
Give this a try.

With your Windows cd handy, click start/run and type sfc /scannow into the run box and press the enter key, note the space between the sfc and the forward slash. Windows will check for any missing or damaged OS files and replace as necessary.

Let me know the results please.

Regards Howard :)
 
I have no software for this computer. Corporate computer for home use, company is in Vancouver WA,(west coast) I'm in WV (east coast). I have two other dell computers, but they use windows xp and windows me, not windows professional. Drives me crazy that they don't give us the software to maintain our own systems
 
That`s not only unfortunate but very frustrating too.

Is there any way you can get a HJT log to me? I don`t care if you copy and paste it.

It`s a bit of a long shot as I think your symptoms are more serious than just a malware infection.

I don`t really see how I can help. Believe me I want to, but apart from the above, I`m out of ideas.

The only other suggestion I have is for your to buy a copy of Windows XP.

Regards Howard :(
 
can't save to cd or floppy, can't print.

I really appreciate your help. I don't think it's just a bug either.

I will probably have to contact our IT department and let them try to resolve it. Unfortunately, that means taking time off work, which I hate to do for something like this. especially since there's not much they will be able
to do that we haven't already tried.
Also, I do have some personal stuff on the computer that'd I'd like to save, pictures and what not, nothing embarrassing (thank God)

maybe they can just send me the discs and let me reformat the whole thing

again, really appreciate your help!!
 
new

just ran the avg again and trojan horse psw.banker.wqp was found in the

c:\\winnt\system32\sfc.dll

avg can't heal or move to vault
 
You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html

Run a full system scan with AVG and delete whatever it finds, this includes anything in the virus vault.

Reboot into normal mode, turn system restore back on and rehide your protected OS files.

See if that helps.


Regards Howard :)

This thread is for the use of faykoko only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Status
Not open for further replies.
Back