Lanmanwrk virus and safe mode

Status
Not open for further replies.

Mazrim

Posts: 139   +0
On my sons' computer, against my wishes one of them got on Limewire, and got a trojan: lanmanwrk. So I followed the directions on how to get rid of it, until I got to the part where I was supposed to reboot into safe mode to delete some bad files (Cant remember the step, was with smitfraud or something).

I can't boot into safe mode, I cant access the CD drive to use the windows disk, I cant even SEE the Hard Drive anymore, let alone reformat it.

Can ANYONE here suggest some things to do to try and save the HD? Or even format it; I think having my kids lose their info completely might teach them a lesson in what sites to visit and what sites to avoid.

HELP!! :(
 
can you post any logs from the scans - also a hijackthis log would be good

and did you run combofix already?

Highjackthis Instructions
  • Make sure you have the LATEST version of HJT (currently v2.0.0.2) it can be downloaded from HERE
  • Run the HijackThis Installer and it will automatically place HJT in C:\Program Files\TrendMicro\HijackThis\HijackThis.exe. Please don't change the directory.
  • After installing, the program launches automatically, select Scan now and save a log
  • After the scan is complete please attach your log onto the forums using the paper clip icon above your reply.
 
Ok, Attached is a copy of the HJT log. Looks like I got everything off the system.

One problem still remains though.....

I STILL cannot boot off the CD rom. What happens is that after I see the ABIT logo, and it goes to cmd prompt saying to press any key to boot form CD, I can press any key on my keyboard a billion times, and it simply WILL NOT BOOT.

Any suggestions would be great, thanks!
 
yep...

When you restart the computer you need to enter the BIOS - this depends on your system to which key it will be usually you have to tap DEL or F1 or F2 right when the computer boots up -> then use the arrows keys to navigate to boot order and set the CD drive as the primary drive to boot from

then press F10 to save and exit -> if the CD is in it should boot from it.

Don't forget after you reinstall to run microsoft update a few times till it says there are no more updates - also update Java runtime to the most current version

Also I would recommend you upgrade from AVG 7 to Avira or Avast - or AVG 8.0 if you want to try it - I personally think they took 2 steps backwards on the new version
 
I do in fact have the CD rom as the primary boot device. the problem is, that doesnt seem to matter anymore, since the system doesnt acknowledge any keystrokes when the command to press any key to boot form CD pops up. I made sure there wasnt some quiet boot option activated, and there isnt. So I dont know what to do about that now. I've run all the diagnostic and antispyware/antivirus tools several times, and nothing seems to be in memory anymore.
 
Do you have an old school keyboard (PS/2) laying around
- not wireless
- not usb

Or an adapter for PS/2 to USB - I have like 3 of these things they used to come when you get a new keyboard - they are green and convert the keyboard plug in to work with your usb keyboard

I went out and bought one of these older keyboards ($4) for fixing peoples machines because I had a similar problem a couple of times

If you have one please try using it.
 
If we are going to clean

First go to add/remove programs and uninstall all versions of Java or JRE
Also uninstall AVG 7.5

Navigate to and delete C:\program files\Grisoft
Navigate to and delete C:\program files\Java

----------------------------------------------------------------------------------------

Then run through these https://www.techspot.com/vb/topic109461.html - I recommend you install Avira Antivir and one of the free firewalls.
 
There is a very strong indication that this "infection" includes a "Rootkit" ; Best
to use, IF Possible, this Site's recomendation for an antirootkit program .
 
Status
Not open for further replies.
Back