Save me DSF, you're my only hope

[Coperphage]

From what you are describing it sounds like your system has been hijacked by either spyware or a virus. It also sounds like you've either been infected for awhile or got hit by something bad due to the inability to boot into safe mode or booting into windows at all. I work at a tech store about 90% of the computers were working on are getting hit by similar problems. A lot of the time we just recommend to customers is a fresh install, but on a system where the time and effort is my own I try to do the following steps

The best way I have found in fixing the system is to try and do a system restore back a couple of days and then run your virus scans etc. You have several ways in which you can do that, normally just logging into safe mode works but it sounds like you've been infected to the point where your entire OS has been messed with so you cannot.

So here's what I think ya should do and you should either be able to get the system cleaned up/ completely recovered or stable enough that you can boot up get what data you need and then do a fresh install. I'm not sure where your tech knowledge sits but if you need any specific information just pm me or whatever, but anyway.

First of all:-
I'm kinda going off general information here and don't really know how you were/are running your rig, so I'm not sure if you've got system restore up and running, it normally will be running by default. But can be turned off due to the virus/spyware or if you turned it off yourself. If that is the case then just skip the restore bits that I mention and go right for the virus fix etc.
Do you have a USB jump drive which is over 256 MB ? If so just use your netbook to make the bootable device instead of the cd:

http://www.hiren.info/pages/bootcd-on-usb-disk

If you don't I've linked the images for a cd version and you can just use nero or whatever program to burn an image :

http://www.hiren.info/pages/bootcd
http://www.ultimatebootcd.com/

Either of those programs/collection of programs will work fine, Hiren has Antivirus & spyware removal programs on the image, where as with UBCD you will need to download them separately.

So I am assuming that you've downloaded either of those images and burn the disk, you need to get your system to boot to the disk. I will assume you know how to do that, its an option normally located in the bios. If you don't know and you bought a brand pc, HP, Dell etc. Let me know the model and I'll try and get you the steps or screen shots. If its one you built yourself get me the motherboard model and I'll do the same.

Anyway once you've gotten it to boot to the cd, you will normally get a menu system which will give you several different options, you will need to boot into the windows based environment. When it is done booting it should look something like windows with a start bar etc. If you do have system restore working then you just need to go to the start menu and locate the registry tools. Both of the cd's have similar tools, but the one your looking for is called Registry Restore Wizard 1.0.4

Usually located:-

Start menu -> Registry tools -> Registry Restore Wizard 1.0.4

If you load the program it will attempt to find your windows registry and you select the c:\windows etc and then choose next

It should then give you a list of restore points to choose from, I usually go a week out or some such, it will attempt to "restore" the system to that point. If it is successful it will usually give you an indication as such.

At that point you can normally just restart the computer in safe mode to see if it works, I normally always try safe mode first, if it does boot into safe mode you also should be able to boot into normal mode. If you are wanting to get information from your system and then do a fresh install you are at a point of doing so.
If you have any form of Antivirus or spyware removal tools installed, I normally would run them presently, they do need to be installed. Just update them and run them. I personally use Malware bytes and Spybot with AVG free, update them first and then run them, when they are complete remove anything found.

If you are unable to boot into windows etc, as in your still getting the same problems as before then you need to load up either hiren's cd or the UBCD and then run the Spyware/virus removal tools. The benefit of using the hiren cd as I mentioned before is that the disk seems to have up to date programs installed on the image. With UBCD you will need to download the program and put it on a flesh drive and have that plugged in when you boot into the windows environment.

So if you are using hirens:-
Boot back into the windows environment and run Dr web, Spybot, Malwarebytes. Run each of the programs individually this will make sure that you don't get double results and also that you don't miss anything. MB usually will get it most of the time, I've found with personal experience.

If you are using UBCD:-
Download Dr Web from this website http://www.freedrweb.com/ and it will be a .exe file you will need to put this on a flash drive. The drive will need to be plugged into the computer when you boot into UBCD and just use the windows explorer to find it. Just run the exe file it should not ask you to update. But should run and when it finds anything just remove them as per normal.

So I am assuming now you have ran the programs and they have found several things, these normally will be either trojans or some form of hijacker. Once those have been removed you should be able to boot into windows normally. If your able to boot into windows and just want to grab the data from your computer and then do a fresh install now would be a good time. If you do not want to do a fresh install, then you'll need to run the same programs in your OS environment now, again I use Malwarebytes etc. Just install update etc etc.

I am not guaranteeing that your system is totally clean due to not seeing your system, or where your getting your files from, websites etc. But it should be clean or pretty clean and also stable. Make sure your running some decent AV program and you should be good. I hope this helped a little. I had some time to kill lol. Again if you don't know how to do something let me know and I'll try and help with that also.

[gallow737]

well shit. thanks for all the advice guys. Coperphage, sounds like I'm gonna try your advice first. Hopefully that, or one of the other options will work for me. I appreciate it guys. If it works you will have saved my ass big time

[Marcusrab]

Ive got to fix stuff like this all day long..


Best bet is to get the avast bart CD.. im sure you have utorrent..

so.. from your netbook.. hit up this link

its a 365 day trial :-)

Code:

Content, Pictures  and Download links visible to registered users only. 

REGISTER NOW to access all areas that are invisible to non-members.

that will let you burn a bootable anti-virus.. and then, go to

Code:

Content, Pictures  and Download links visible to registered users only. 

REGISTER NOW to access all areas that are invisible to non-members.

And download that file to a flash drive..

boot to the CD.. plug the flash drive in..

It will ask you what to scan, i change the scan to thorough, set a couple scan log locations.. and it will allow you to specify the location of the definition file, which is where the flash drive comes in.. click the browse (or ...) button and point it to where you put the 400.vps file.. these are 0-day definitions so if it has been identified in the Anti-virus world, that file will have it..


Let it run, do its thing.. and then at the end it will give you the option to view results..

Click the view results.. highlight all, delete..

see what you can do..


However... it appears it has hi-jacked your winlogon, which is a beotch to get back in sometimes..

report back after the avast scan, let me know what you get.. if you get to windows i recommend googling malware bytes.. downloading, updating and running a full scan on all attached drives (sans the Flash drive).


Hope this helps doggy

[gallow737]

okay, question... i'm doing the registry restor backup and the only date its giving me to restor my computer to is the original instalation date 4 fuckin years ago. A friend of mine said he did the same thing though his was wit hthe Gateway rollback, he said that when he did it al the programs that were installed were deleted but all of his files, i.e. mp3s avis, etc remained in tact. If I do this will all of my files still be on the computer and i'll just lose the programs instead? I don't want to go through with it unless I know for sure. Because if I do I will lose EVERYTHING that has ever been imp[ortant to me. My music, my photos, my web design portfolio, etc. I can't risk this so I need to know before taking the plunge

Quickly quickly quickly please!

Code:

Content, Pictures  and Download links visible to registered users only. 

REGISTER NOW to access all areas that are invisible to non-members.

if you mean you are doing a system restore, then i believe if your files are in your My Documents folder they will NOT be deleted.

"System Restore will undo programs and applications that have been installed since the Restore Point, but data files such as documents, spreadsheets or music MP3's will not be touched"

[ThatHaole]

I did this recently and all my files where left intact but I had to reload the programs associated with them. YMMV. I suggest moving shit to a portable HD just to be sure...

[TheSNakE]

yup, I turn off system restore though because the trojans and virus sometimes store themselves there. If you can restore to an old restore point and then copy all your files that is probably your best bet. I would back everything up with an external drive and make sure a strong av is running when you do. Then shut it off and do a format and a clean install of your OS. Don't turn the external drive on again until a new av program is installed. Then run a deep scan. If you can't do that, I have purchased a new HD, installed it and a clean copy of OS. Then attach the old drive as a slave and copy all my files. Then format old drive and store all your files there in case this happens again.

[gallow737]

well it worked. my computer is fuctional again. unfortunately since it went back all the way to the point of windows installation the only thing I have installedo n there are my video drivers. I have no sound drivers, codecs, network connections, notta. It won't automatically detect my internet settings so I can't get on the internet and download the drivers I need.

Though I might be able to find out through google searches and such how to set it up myself. I know when Comcast came to do it they did a bunch of instalations and setups and I don't know my network information. Either way, it worked, and I ended up doing al those virus scans. Malwarewbytes found 122 trojans, the majority of them, surprisingly, coming from some fonts I had installed nearly a year ago that were hiding in some folders that were extracted with the fonts themselves. Weird.

One thing I did notice when I ran Dr. Web was a trojan infected file in the windows sytem directory caled winlogon.cfm or something like that, I'm guessing that was what was not allowing me to logon properly. Well, I got rid of it all. So that part is over.

I'm not too concerned about the loss of programs. I had CS3 on my computer but I don't care because I have CS4 on my external hard drive ready to be installed Those really are the only programs I realy use. ISO programs, video and photo programs, and disc burning programs... all easily replaceable.

I'll have to do osme work to get my sound drivers and internet back on that computer though. Thanks for all the help fellas, I owe you guys one big time.

[gallow737]

oh, and all my files were still in tact. I didn't lose a thing that I actually wanted

[Coperphage]

Glad to hear it worked mate