Solved

xp keeps restarting due to virus with picture of skeleton skull at boot up.

Posted on 2006-06-11
22
339 Views
Last Modified: 2013-12-04
Hi,

my dell inspiron 5100 laptop with xp pro keeps rebooting with a message "warning this operating system was developed by professionals and/or total idiots.  In either case, microsoft or you and or any of your buddies should not expect this software to run without crashing... and has picture of skeleton skull.  It comes up when you select xp boot screen in the o/s screen.  Everytime i try to run kasperksy antivirus on it the pc turns off.  I can't even load another operating system or format the disk coz it turns off each time.  Any advice?  Thanks.
0
Comment
Question by:eservando
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 6
  • 3
  • +2
22 Comments
 
LVL 32

Expert Comment

by:r-k
ID: 16882926
Are you able to boot in safe mode?

Do you have access to another computer that can connect to the Internet?

If so, then do the following:

Download and run HijackThis from http://www.hijackthis.de/
Copy-and-paste the resulting log back to that same web site (not here)
Click on "Analyze", and then click on "Save Analysis" at the bottom of the next page.
Finally post a link here to the saved analyzed page.
0
 

Author Comment

by:eservando
ID: 16884617
ok will try that.  i can boot in safe mode and am running kaspersky now and will see if it  completes.  I turned off the advanced setting which tells xp to auto restart in the event of a system failure so that might help.  I had left the laptop on overnight without logging into windows and it stayed on so seems to only turn off when inside of windows already and system fails which was set to do so before but i turned off as i mentioned.  
0
 
LVL 32

Accepted Solution

by:
r-k earned 84 total points
ID: 16886512
OK, hope Kaspersky will clean it up. Another option is ewido (http://www.ewido.net/en/) You can try their trial version first.

Posting the HJT log may also help.
0
When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot has fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

 

Author Comment

by:eservando
ID: 16887270
tried kaspersky including in safe mode but everytime it gets to around 20% it shut laptop off.  However if i just leave it on system will stay on for few hours so is it possible that drive has bad sectors?  Will try ewido as well to make sure it's just not kaspersky.  Thanks.
0
 
LVL 32

Expert Comment

by:r-k
ID: 16887340
The drive could have bad sectors, but the fact that you are getting that message with the skeleton picture clearly shows some virus infection. Try Ewido, and post the HJT log also if possible.
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 16890780
The hijackthis log can telll us the exact malware that is present in your system, we can then tell you the exact tool to fix it.

Please download HijackThis 1.99.1
http://www.cyberanswers.org/forum/uploads/HijackThis1991.exe
Open Hijackthis, click "Do a system scan and save a logfile" don't fix anything.
Notepad will also open, copy its contents and paste it to either these sites:
http://www.rafb.net/paste/
then at the bottom left corner click "paste"
Copy the address/url and post it here:

Or paste the log at --> http://www.hijackthis.de/ 
and click "Analyse", click "Save".  Post the link to the saved list here.
0
 
LVL 38

Expert Comment

by:younghv
ID: 16894371
If you can get into Safe Mode w/networking, go here and run online scans (all), allow them to delete whatever they find.
http://housecall.trendmicro.com/
0
 

Author Comment

by:eservando
ID: 16898395
Hi, did the save analysis for hijack this but how do you post the link to the site where i saved it?  thanks
0
 
LVL 32

Expert Comment

by:r-k
ID: 16898427
Here are instructions (repeated from my first post above):

Copy-and-paste the resulting log back to that same web site (not here)
Click on "Analyze", and then click on "Save Analysis" at the bottom of the next page.
Finally post a link here to the saved analyzed page.

To post the link, highlight the address in the address bar, right-click, select "Copy", then right-click in this window and select "Paste"

It should look something like this:

 http://www.hijackthis.de/logfiles/4b347cf60ad630d343c3d26230b4bf6a.html

0
 

Author Comment

by:eservando
ID: 16903339
Hi,

thanks for the extra instructions.  here is link to my logfile from hijack this.  

http://www.hijackthis.de/logfiles/ca7b9d4ebe9cea6a8afed9d9279fa441.html.  The only thing that concerns me is that as i mentioned before, when i try and format drive so i can reinstall xp fresh, it still turns off laptop so i thought that virus shouldn't execute when you are not in windows and are simply trying to install operating system again.  
0
 
LVL 32

Expert Comment

by:r-k
ID: 16903660
Are you trying to format and install a fresh copy of XP?

If so, make sure you've got good backups of any essential files (documents, pictures, email etc.) that you can't afford to lose.

To do a format and install from CD, boot directly from the XP CD. When it shows the existing partitions, you can delete the existing one (caution: all files will be lost) and create a new partition back in that same space, then choose the defaults pretty much to install XP.

You may find this link helpful:

 http://www.michaelstevenstech.com/cleanxpinstall.html

If you'd rather just clean the existing system, I think that is possible. The HJT log shows various malware that can be removed. Post back if that is what you'd rather do.
0
 

Author Comment

by:eservando
ID: 16908153
Hi,

yes i'd rather try and fix the existing malware since reformatting i've done many times and it's too easy so would like the challenge of actually getting rid of some of these guys.  Could you tell me how to proceed, thanks.
0
 
LVL 47

Assisted Solution

by:rpggamergirl
rpggamergirl earned 83 total points
ID: 16908199
Hi,

NetDotNet is installed in your system you need to remove it. But before you do that as a precaution, please download LSPFix.exe.
http://www.cexx.org/LSPFix.exe

When removing New.Net from your system there is a chance that you might lose your internet connection.
In the event that you lose Internet access after removing New.Net, please double-click LSPFix.exe that you downloaded earlier. You will see 2 panels. If there is any file listed in the "Remove" panel on the right-side, leave it as is and just click "Finish" then reboot your computer, this should restore your internet access.


Now please go Start > Run > Control Panel  
In the Add/Remove programs list, look for
NewDotNet or New.Net and uninstall it.
Also uninstall these:
SaveUninst.exe
ClockSync
Accoona Search Assistant (Acoona)


If NewdotNet or New.Net is not listed in Add/Remove programs list, then please go to their site.
Scroll down to Procedure no.4 and follow the instructions in removing NewDotNet from your system.
http://www.newdotnet.com/removal.html

Also;
Download new.netfix.exe by noahdfear.(it removes the keys that are left behind after uninstalling NewNet, and reset permissions)
http://noahdfear.geekstogo.com/click%20counter/click.php?id=9 
Save the file to your desktop. Double click, then click Start to extract the contents to it's own folder. Open the folder and double click the RunThis.bat file to start the tool. Follow the prompts and post the contents of the new.net.txt file it creates in the folder.


Fix these entries if still present:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.accoona.com/search_assistant/accoona_search_assistant.jsp?&utm_id=400 135&utm_content=leftnav&utm_source=webda&utm_medium=bund&utm_campaign=webda135    
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.accoona.com 
R3 - URLSearchHook: (no name) - <default> - (no file)
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet7_22.dll
O2 - BHO: Accoona Search Assistant - {944864A5-3916-46E2-96A9-A2E84F3F1208} - C:\Program Files\Accoona\ASearchAssist.dll (file missing)
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
O4 - HKCU\..\Run: [ClockSync] "C:\Program Files\ClockSync\Sync.exe" /q

Check and make sure relevant folders are gone:
C:\Program Files\NewDotNet
C:\Program Files\Accoona
C:\Program Files\Save
C:\Program Files\ClockSync

Give us updates afterwards.


0
 

Author Comment

by:eservando
ID: 16939148
Hi,

sorry took a while to respond.  i did all the steps and tried to rescan laptop using kaspersky but still turns off around 20%.  I then decided to reinstall xp so i reformatted drive but during format it also turned off after 3 attempts.  Would a bad sector on drive cause this once it reads that part?  Any suggestions?  At this point i just wanna start fresh but can't even format drive.  I wanna use diskette to start up win98 startup disk but laptop doesn't have floppy drive.  Don't mind getting one but fact that it turns off during a format concerns me.  Thanks.
0
 
LVL 1

Assisted Solution

by:x30n
x30n earned 83 total points
ID: 16964440
Here try this:  http://download2.lsoft.net/killdiskfloppysetup.exe

once you get this program on a floppy disk, boot your computer with the floppy and read the instructions on how to use it.

This program will basicly secure erase your harddrive (make sure you select your harddrive), and if you know how to use newsgroups search for SpinRite and have that scrub your HD for any issues.
0
 
LVL 32

Expert Comment

by:r-k
ID: 16964638
Sorry forgot to follow up earlier.

If you don't have a floopy you can download the ubcd bootable CD (using another computer) then boot from that and run various diagnostics:

 http://www.ultimatebootcd.com/
0
 

Author Comment

by:eservando
ID: 16967930
Hi,

was able to download ultimate boot cd but when i tried loading fdisk or other utilities on it they all fail and also system halts or turns off laptop again with a reference that boot sector is corrupted or something to that extent.  As i mentioned i can't even do a format and the message with a skull on bootup is shown when you select the other choice in boot menu so really suspect that this is a boot sector virus.  With your knowledge of ultimate boot disk utilities, is there any choice i have that can clean boot sector virus without using floppy?  Thanks!
0
 
LVL 1

Expert Comment

by:x30n
ID: 16988384
Maybe the best thing for you to do is download and install it to a floopy on a computer that you know isnt infected.  Then make sure you lock the floopy from being written to.

I also suggest Kill Disk at http://download2.lsoft.net/killdiskfloppysetup.exe 

The trial will let you do a single pass.
0
 
LVL 1

Expert Comment

by:x30n
ID: 17010234
never mind, I just looked at that ultimatebootcd and it has kill disk on it already.   So boot up that cd and use killdisk.  It will wipe your whole drive and you can start to scratch.
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

In today's information driven age, entrepreneurs have so many great tools and options at their disposal to help turn good ideas into a thriving business. With cloud-based online services, such as Amazon's Web Services (AWS) or Microsoft's Azure, bus…
SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question