TechSpot

Lanmanwrk virus and safe mode

By Mazrim
Jul 29, 2008
  1. On my sons' computer, against my wishes one of them got on Limewire, and got a trojan: lanmanwrk. So I followed the directions on how to get rid of it, until I got to the part where I was supposed to reboot into safe mode to delete some bad files (Cant remember the step, was with smitfraud or something).

    I can't boot into safe mode, I cant access the CD drive to use the windows disk, I cant even SEE the Hard Drive anymore, let alone reformat it.

    Can ANYONE here suggest some things to do to try and save the HD? Or even format it; I think having my kids lose their info completely might teach them a lesson in what sites to visit and what sites to avoid.

    HELP!! :(
     
  2. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    can you post any logs from the scans - also a hijackthis log would be good

    and did you run combofix already?

    Highjackthis Instructions
    • Make sure you have the LATEST version of HJT (currently v2.0.0.2) it can be downloaded from HERE
    • Run the HijackThis Installer and it will automatically place HJT in C:\Program Files\TrendMicro\HijackThis\HijackThis.exe. Please don't change the directory.
    • After installing, the program launches automatically, select Scan now and save a log
    • After the scan is complete please attach your log onto the forums using the paper clip icon above your reply.
     
  3. Mazrim

    Mazrim TS Enthusiast Topic Starter Posts: 113

    Ok, Attached is a copy of the HJT log. Looks like I got everything off the system.

    One problem still remains though.....

    I STILL cannot boot off the CD rom. What happens is that after I see the ABIT logo, and it goes to cmd prompt saying to press any key to boot form CD, I can press any key on my keyboard a billion times, and it simply WILL NOT BOOT.

    Any suggestions would be great, thanks!
     
  4. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    yep...

    When you restart the computer you need to enter the BIOS - this depends on your system to which key it will be usually you have to tap DEL or F1 or F2 right when the computer boots up -> then use the arrows keys to navigate to boot order and set the CD drive as the primary drive to boot from

    then press F10 to save and exit -> if the CD is in it should boot from it.

    Don't forget after you reinstall to run microsoft update a few times till it says there are no more updates - also update Java runtime to the most current version

    Also I would recommend you upgrade from AVG 7 to Avira or Avast - or AVG 8.0 if you want to try it - I personally think they took 2 steps backwards on the new version
     
  5. Mazrim

    Mazrim TS Enthusiast Topic Starter Posts: 113

    I do in fact have the CD rom as the primary boot device. the problem is, that doesnt seem to matter anymore, since the system doesnt acknowledge any keystrokes when the command to press any key to boot form CD pops up. I made sure there wasnt some quiet boot option activated, and there isnt. So I dont know what to do about that now. I've run all the diagnostic and antispyware/antivirus tools several times, and nothing seems to be in memory anymore.
     
  6. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    Do you have an old school keyboard (PS/2) laying around
    - not wireless
    - not usb

    Or an adapter for PS/2 to USB - I have like 3 of these things they used to come when you get a new keyboard - they are green and convert the keyboard plug in to work with your usb keyboard

    I went out and bought one of these older keyboards ($4) for fixing peoples machines because I had a similar problem a couple of times

    If you have one please try using it.
     
  7. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    If we are going to clean

    First go to add/remove programs and uninstall all versions of Java or JRE
    Also uninstall AVG 7.5

    Navigate to and delete C:\program files\Grisoft
    Navigate to and delete C:\program files\Java

    ----------------------------------------------------------------------------------------

    Then run through these http://www.techspot.com/vb/topic109461.html - I recommend you install Avira Antivir and one of the free firewalls.
     
  8. SpiritWind

    SpiritWind TS Rookie Posts: 164

    There is a very strong indication that this "infection" includes a "Rootkit" ; Best
    to use, IF Possible, this Site's recomendation for an antirootkit program .
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...