Solved

xp keeps restarting due to virus with picture of skeleton skull at boot up.

Posted on 2006-06-11
22
329 Views
Last Modified: 2013-12-04
Hi,

my dell inspiron 5100 laptop with xp pro keeps rebooting with a message "warning this operating system was developed by professionals and/or total idiots.  In either case, microsoft or you and or any of your buddies should not expect this software to run without crashing... and has picture of skeleton skull.  It comes up when you select xp boot screen in the o/s screen.  Everytime i try to run kasperksy antivirus on it the pc turns off.  I can't even load another operating system or format the disk coz it turns off each time.  Any advice?  Thanks.
0
Comment
Question by:eservando
  • 7
  • 6
  • 3
  • +2
22 Comments
 
LVL 32

Expert Comment

by:r-k
ID: 16882926
Are you able to boot in safe mode?

Do you have access to another computer that can connect to the Internet?

If so, then do the following:

Download and run HijackThis from http://www.hijackthis.de/
Copy-and-paste the resulting log back to that same web site (not here)
Click on "Analyze", and then click on "Save Analysis" at the bottom of the next page.
Finally post a link here to the saved analyzed page.
0
 

Author Comment

by:eservando
ID: 16884617
ok will try that.  i can boot in safe mode and am running kaspersky now and will see if it  completes.  I turned off the advanced setting which tells xp to auto restart in the event of a system failure so that might help.  I had left the laptop on overnight without logging into windows and it stayed on so seems to only turn off when inside of windows already and system fails which was set to do so before but i turned off as i mentioned.  
0
 
LVL 32

Accepted Solution

by:
r-k earned 84 total points
ID: 16886512
OK, hope Kaspersky will clean it up. Another option is ewido (http://www.ewido.net/en/) You can try their trial version first.

Posting the HJT log may also help.
0
 

Author Comment

by:eservando
ID: 16887270
tried kaspersky including in safe mode but everytime it gets to around 20% it shut laptop off.  However if i just leave it on system will stay on for few hours so is it possible that drive has bad sectors?  Will try ewido as well to make sure it's just not kaspersky.  Thanks.
0
 
LVL 32

Expert Comment

by:r-k
ID: 16887340
The drive could have bad sectors, but the fact that you are getting that message with the skeleton picture clearly shows some virus infection. Try Ewido, and post the HJT log also if possible.
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 16890780
The hijackthis log can telll us the exact malware that is present in your system, we can then tell you the exact tool to fix it.

Please download HijackThis 1.99.1
http://www.cyberanswers.org/forum/uploads/HijackThis1991.exe
Open Hijackthis, click "Do a system scan and save a logfile" don't fix anything.
Notepad will also open, copy its contents and paste it to either these sites:
http://www.rafb.net/paste/
then at the bottom left corner click "paste"
Copy the address/url and post it here:

Or paste the log at --> http://www.hijackthis.de/
and click "Analyse", click "Save".  Post the link to the saved list here.
0
 
LVL 38

Expert Comment

by:younghv
ID: 16894371
If you can get into Safe Mode w/networking, go here and run online scans (all), allow them to delete whatever they find.
http://housecall.trendmicro.com/
0
 

Author Comment

by:eservando
ID: 16898395
Hi, did the save analysis for hijack this but how do you post the link to the site where i saved it?  thanks
0
 
LVL 32

Expert Comment

by:r-k
ID: 16898427
Here are instructions (repeated from my first post above):

Copy-and-paste the resulting log back to that same web site (not here)
Click on "Analyze", and then click on "Save Analysis" at the bottom of the next page.
Finally post a link here to the saved analyzed page.

To post the link, highlight the address in the address bar, right-click, select "Copy", then right-click in this window and select "Paste"

It should look something like this:

 http://www.hijackthis.de/logfiles/4b347cf60ad630d343c3d26230b4bf6a.html

0
Complete Microsoft Windows PC® & Mac Backup

Backup and recovery solutions to protect all your PCs & Mac– on-premises or in remote locations. Acronis backs up entire PC or Mac with patented reliable disk imaging technology and you will be able to restore workstations to a new, dissimilar hardware in minutes.

 

Author Comment

by:eservando
ID: 16903339
Hi,

thanks for the extra instructions.  here is link to my logfile from hijack this.  

http://www.hijackthis.de/logfiles/ca7b9d4ebe9cea6a8afed9d9279fa441.html.  The only thing that concerns me is that as i mentioned before, when i try and format drive so i can reinstall xp fresh, it still turns off laptop so i thought that virus shouldn't execute when you are not in windows and are simply trying to install operating system again.  
0
 
LVL 32

Expert Comment

by:r-k
ID: 16903660
Are you trying to format and install a fresh copy of XP?

If so, make sure you've got good backups of any essential files (documents, pictures, email etc.) that you can't afford to lose.

To do a format and install from CD, boot directly from the XP CD. When it shows the existing partitions, you can delete the existing one (caution: all files will be lost) and create a new partition back in that same space, then choose the defaults pretty much to install XP.

You may find this link helpful:

 http://www.michaelstevenstech.com/cleanxpinstall.html

If you'd rather just clean the existing system, I think that is possible. The HJT log shows various malware that can be removed. Post back if that is what you'd rather do.
0
 

Author Comment

by:eservando
ID: 16908153
Hi,

yes i'd rather try and fix the existing malware since reformatting i've done many times and it's too easy so would like the challenge of actually getting rid of some of these guys.  Could you tell me how to proceed, thanks.
0
 
LVL 47

Assisted Solution

by:rpggamergirl
rpggamergirl earned 83 total points
ID: 16908199
Hi,

NetDotNet is installed in your system you need to remove it. But before you do that as a precaution, please download LSPFix.exe.
http://www.cexx.org/LSPFix.exe

When removing New.Net from your system there is a chance that you might lose your internet connection.
In the event that you lose Internet access after removing New.Net, please double-click LSPFix.exe that you downloaded earlier. You will see 2 panels. If there is any file listed in the "Remove" panel on the right-side, leave it as is and just click "Finish" then reboot your computer, this should restore your internet access.


Now please go Start > Run > Control Panel  
In the Add/Remove programs list, look for
NewDotNet or New.Net and uninstall it.
Also uninstall these:
SaveUninst.exe
ClockSync
Accoona Search Assistant (Acoona)


If NewdotNet or New.Net is not listed in Add/Remove programs list, then please go to their site.
Scroll down to Procedure no.4 and follow the instructions in removing NewDotNet from your system.
http://www.newdotnet.com/removal.html

Also;
Download new.netfix.exe by noahdfear.(it removes the keys that are left behind after uninstalling NewNet, and reset permissions)
http://noahdfear.geekstogo.com/click%20counter/click.php?id=9
Save the file to your desktop. Double click, then click Start to extract the contents to it's own folder. Open the folder and double click the RunThis.bat file to start the tool. Follow the prompts and post the contents of the new.net.txt file it creates in the folder.


Fix these entries if still present:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.accoona.com/search_assistant/accoona_search_assistant.jsp?&utm_id=400 135&utm_content=leftnav&utm_source=webda&utm_medium=bund&utm_campaign=webda135    
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.accoona.com  
R3 - URLSearchHook: (no name) - <default> - (no file)
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet7_22.dll
O2 - BHO: Accoona Search Assistant - {944864A5-3916-46E2-96A9-A2E84F3F1208} - C:\Program Files\Accoona\ASearchAssist.dll (file missing)
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
O4 - HKCU\..\Run: [ClockSync] "C:\Program Files\ClockSync\Sync.exe" /q

Check and make sure relevant folders are gone:
C:\Program Files\NewDotNet
C:\Program Files\Accoona
C:\Program Files\Save
C:\Program Files\ClockSync

Give us updates afterwards.


0
 

Author Comment

by:eservando
ID: 16939148
Hi,

sorry took a while to respond.  i did all the steps and tried to rescan laptop using kaspersky but still turns off around 20%.  I then decided to reinstall xp so i reformatted drive but during format it also turned off after 3 attempts.  Would a bad sector on drive cause this once it reads that part?  Any suggestions?  At this point i just wanna start fresh but can't even format drive.  I wanna use diskette to start up win98 startup disk but laptop doesn't have floppy drive.  Don't mind getting one but fact that it turns off during a format concerns me.  Thanks.
0
 
LVL 1

Assisted Solution

by:x30n
x30n earned 83 total points
ID: 16964440
Here try this:  http://download2.lsoft.net/killdiskfloppysetup.exe

once you get this program on a floppy disk, boot your computer with the floppy and read the instructions on how to use it.

This program will basicly secure erase your harddrive (make sure you select your harddrive), and if you know how to use newsgroups search for SpinRite and have that scrub your HD for any issues.
0
 
LVL 32

Expert Comment

by:r-k
ID: 16964638
Sorry forgot to follow up earlier.

If you don't have a floopy you can download the ubcd bootable CD (using another computer) then boot from that and run various diagnostics:

 http://www.ultimatebootcd.com/
0
 

Author Comment

by:eservando
ID: 16967930
Hi,

was able to download ultimate boot cd but when i tried loading fdisk or other utilities on it they all fail and also system halts or turns off laptop again with a reference that boot sector is corrupted or something to that extent.  As i mentioned i can't even do a format and the message with a skull on bootup is shown when you select the other choice in boot menu so really suspect that this is a boot sector virus.  With your knowledge of ultimate boot disk utilities, is there any choice i have that can clean boot sector virus without using floppy?  Thanks!
0
 
LVL 1

Expert Comment

by:x30n
ID: 16988384
Maybe the best thing for you to do is download and install it to a floopy on a computer that you know isnt infected.  Then make sure you lock the floopy from being written to.

I also suggest Kill Disk at http://download2.lsoft.net/killdiskfloppysetup.exe

The trial will let you do a single pass.
0
 
LVL 1

Expert Comment

by:x30n
ID: 17010234
never mind, I just looked at that ultimatebootcd and it has kill disk on it already.   So boot up that cd and use killdisk.  It will wipe your whole drive and you can start to scratch.
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Many people tend to confuse the function of a virus with the one of adware, this misunderstanding of the basic of what each software is and how it operates causes users and organizations to take the wrong security measures that would protect them ag…
Container Orchestration platforms empower organizations to scale their apps at an exceptional rate. This is the reason numerous innovation-driven companies are moving apps to an appropriated datacenter wide platform that empowers them to scale at a …
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now