TechSpot

Need help getting into safe mode

By loxdown
Dec 19, 2006
  1. running on windows xp, have that spyware ishost.exe to remove it i need to get into safe mode but when safe mode loads it asks me for a password on both administrator and owner profiles... problem is i dont have a password on either of them anyone... help?
     
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    I have moved your thread to our security and the web forum.

    If you don`t have a password, just press the enter key.

    Once you`re done, go and read this thread HERE and post a HJT log as an attachment into this thread.

    Regards Howard :wave: :wave:


    This thread is for the use of loxdown only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  3. loxdown

    loxdown TS Rookie Topic Starter

    Heres my Hijack this log
     

    Attached Files:

  4. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Your system has quite a variety of malware present.

    It also appears you`re not running any antivirus or firewall software. This is a huge security risk and needs to be addressed.

    Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.


    Post fresh HJT and AVG Antispyware logs as attachments into this thread, only after doing the above.


    Regards Howard :)


    This thread is for the use of loxdown only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  5. loxdown

    loxdown TS Rookie Topic Starter

    ok now what
     
  6. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    What do you mean by "ok now what"?

    You`re supposed to follow all the instructions in the link I gave you. That will help to get rid of most of your problems.

    Then post fresh HJT and AVG Antispyware logs as requested.

    Regards Howard :)

    This thread is for the use of loxdown only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  7. loxdown

    loxdown TS Rookie Topic Starter

    one thing i cant get into safe mode! what do i do...?
     
  8. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    In that case, follow the instructions from normal mode for now.

    Regards Howard :)

    This thread is for the use of loxdown only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  9. loxdown

    loxdown TS Rookie Topic Starter

    ok i did all that it said, now when i try to get into safe mode it takes me to the welcome screen then an error pops up saying that it cant verify the product licensing?
     
  10. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Download the Pocket Killbox programme from HERE. Extract it but don`t run it yet.

    You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

    Turn off system restore.(XP/ME only) See how HERE.

    Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE. Don`t worry, if you still can`t get into safe mode, follow the instructions from normal mode if that`s the case.

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

    Click start/run and type services.msc into the run box and press the enter key.

    When the window appears, maximise it. Double click on the following services(if there) and select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.

    Power Manager<This is nasty

    Close the services window.

    Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    O2 - BHO: (no name) - {f4d74aaa-a178-4463-846b-b4bc87a024e0} - C:\WINDOWS\System32\ixt3.dll

    O23 - Service: Power Manager (PowerManager) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files and/or directories(if there).

    C:\WINDOWS\svchost.exe<Do not delete any other instance of svchost.exe.

    Run the killbox.exe file. When it loads type the full path to the file you would like to delete in the field and check the delete file on reboot button. press the Delete File button (looks like a red circle with a white X). It will prompt you to reboot, select no until you have finished inputting the files you want to delete, only then allow it to reboot and hopefully your files will now be deleted. If your computer doesn`t automatically restart, restart it manually.

    This is the filepath you need to enter into killbox.

    C:\WINDOWS\System32\ixt3.dll

    Once your system has rebooted, turn system restore back on and rehide your protected OS files.

    Post a fresh HJT log and let me know how your system is running.

    Regards Howard :)

    This thread is for the use of loxdown only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  11. loxdown

    loxdown TS Rookie Topic Starter

    k, did what u said only not in safe mode since i cant get in... now its back to asking me a password and my password doesnt work.. dunno what to do heres my log...
     
  12. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Download combofix.exe. Double click combofix.exe & follow the prompts. A window will open with a warning. Type "Y" (and Enter) to start the fix. When the scan completes it will open a text window. Please attach that log back here together with a fresh HJT log. Caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.

    Regards Howard :)

    This thread is for the use of loxdown only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  13. loxdown

    loxdown TS Rookie Topic Starter

    ok here are the 2
     
  14. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Sorry for the delay in getting back to you, but the site I need you to go to was down.

    Go HERE and follow the instructions for getting rid of Antivermins exactly.

    Once you`ve completed that, please run combofix again as per the instructions.

    Post fresh Combofix and HJT logs and let me know if you`re still having problems.

    Regards Howard :)

    This thread is for the use of loxdown only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  15. loxdown

    loxdown TS Rookie Topic Starter

    ok did it ran smitfraud and got the logs
     
  16. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

    Turn off system restore.(XP/ME only) See how HERE.

    Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

    Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

    O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h

    Click on the fix checked button.

    Close HJT.

    Run the killbox.exe file. When it loads type the full path to the file you would like to delete in the field and check the delete file on reboot button. press the Delete File button (looks like a red circle with a white X). It will prompt you to reboot, select no until you have finished inputting the files you want to delete, only then allow it to reboot and hopefully your files will now be deleted. If your computer doesn`t automatically restart, restart it manually.

    This is the filepath you need to enter into killbox.

    C:\WINDOWS\system32\zlcxajg.dll

    Once your system has rebooted, turn system restore back on and rehide your protected OS files.

    Post fresh HJT and Combofix logs.

    Let me know if you`re still having any problems.

    Regards Howard :)

    This thread is for the use of loxdown only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  17. loxdown

    loxdown TS Rookie Topic Starter

    ok here's what i got now
     
  18. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Your HJT log is clean. I asked you to post a fresh Combofix log, I also asked you to let me know if you`re still having problems.

    Regards Howard :)

    This thread is for the use of loxdown only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  19. loxdown

    loxdown TS Rookie Topic Starter

    ok heres the combo fix... still having problems with safe mode but i also forgot to mention that my documents is disabled i have to go the long way to get into my documents (c:/documents and settings/owner/my documents/) strange dont know why and also when i go to my display properties missing some tabs, cant even change my wallpaper =/
     
  20. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Go HERE and follow the instructions for doing a Windows repair.

    See If that helps.

    Regards Howard :)

    This thread is for the use of loxdown only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  21. loxdown

    loxdown TS Rookie Topic Starter

    small problem my computer didnt come with a windows cd does that mean i have to go out and buy it?
     
  22. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Bugger. Do you have any recovery disks or partitions on your system?

    Regards Howard :)

    This thread is for the use of loxdown only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  23. loxdown

    loxdown TS Rookie Topic Starter

    ok my computer recovery system is built in and i dont know what a partition actually is...? sorry im not too good at this
     
  24. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Ok, in that case, backup any important data you have and run the internal recovery.

    Regards Howard :)

    This thread is for the use of loxdown only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  25. loxdown

    loxdown TS Rookie Topic Starter

    now do i need a tool to back up my stuff, pics music games programs have alot any special way to do it
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...