Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 353
  • Last Modified:

xp keeps restarting due to virus with picture of skeleton skull at boot up.

Hi,

my dell inspiron 5100 laptop with xp pro keeps rebooting with a message "warning this operating system was developed by professionals and/or total idiots.  In either case, microsoft or you and or any of your buddies should not expect this software to run without crashing... and has picture of skeleton skull.  It comes up when you select xp boot screen in the o/s screen.  Everytime i try to run kasperksy antivirus on it the pc turns off.  I can't even load another operating system or format the disk coz it turns off each time.  Any advice?  Thanks.
0
eservando
Asked:
eservando
  • 7
  • 6
  • 3
  • +2
3 Solutions
 
r-kCommented:
Are you able to boot in safe mode?

Do you have access to another computer that can connect to the Internet?

If so, then do the following:

Download and run HijackThis from http://www.hijackthis.de/
Copy-and-paste the resulting log back to that same web site (not here)
Click on "Analyze", and then click on "Save Analysis" at the bottom of the next page.
Finally post a link here to the saved analyzed page.
0
 
eservandoAuthor Commented:
ok will try that.  i can boot in safe mode and am running kaspersky now and will see if it  completes.  I turned off the advanced setting which tells xp to auto restart in the event of a system failure so that might help.  I had left the laptop on overnight without logging into windows and it stayed on so seems to only turn off when inside of windows already and system fails which was set to do so before but i turned off as i mentioned.  
0
 
r-kCommented:
OK, hope Kaspersky will clean it up. Another option is ewido (http://www.ewido.net/en/) You can try their trial version first.

Posting the HJT log may also help.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
eservandoAuthor Commented:
tried kaspersky including in safe mode but everytime it gets to around 20% it shut laptop off.  However if i just leave it on system will stay on for few hours so is it possible that drive has bad sectors?  Will try ewido as well to make sure it's just not kaspersky.  Thanks.
0
 
r-kCommented:
The drive could have bad sectors, but the fact that you are getting that message with the skeleton picture clearly shows some virus infection. Try Ewido, and post the HJT log also if possible.
0
 
rpggamergirlCommented:
The hijackthis log can telll us the exact malware that is present in your system, we can then tell you the exact tool to fix it.

Please download HijackThis 1.99.1
http://www.cyberanswers.org/forum/uploads/HijackThis1991.exe
Open Hijackthis, click "Do a system scan and save a logfile" don't fix anything.
Notepad will also open, copy its contents and paste it to either these sites:
http://www.rafb.net/paste/
then at the bottom left corner click "paste"
Copy the address/url and post it here:

Or paste the log at --> http://www.hijackthis.de/ 
and click "Analyse", click "Save".  Post the link to the saved list here.
0
 
younghvCommented:
If you can get into Safe Mode w/networking, go here and run online scans (all), allow them to delete whatever they find.
http://housecall.trendmicro.com/
0
 
eservandoAuthor Commented:
Hi, did the save analysis for hijack this but how do you post the link to the site where i saved it?  thanks
0
 
r-kCommented:
Here are instructions (repeated from my first post above):

Copy-and-paste the resulting log back to that same web site (not here)
Click on "Analyze", and then click on "Save Analysis" at the bottom of the next page.
Finally post a link here to the saved analyzed page.

To post the link, highlight the address in the address bar, right-click, select "Copy", then right-click in this window and select "Paste"

It should look something like this:

 http://www.hijackthis.de/logfiles/4b347cf60ad630d343c3d26230b4bf6a.html

0
 
eservandoAuthor Commented:
Hi,

thanks for the extra instructions.  here is link to my logfile from hijack this.  

http://www.hijackthis.de/logfiles/ca7b9d4ebe9cea6a8afed9d9279fa441.html.  The only thing that concerns me is that as i mentioned before, when i try and format drive so i can reinstall xp fresh, it still turns off laptop so i thought that virus shouldn't execute when you are not in windows and are simply trying to install operating system again.  
0
 
r-kCommented:
Are you trying to format and install a fresh copy of XP?

If so, make sure you've got good backups of any essential files (documents, pictures, email etc.) that you can't afford to lose.

To do a format and install from CD, boot directly from the XP CD. When it shows the existing partitions, you can delete the existing one (caution: all files will be lost) and create a new partition back in that same space, then choose the defaults pretty much to install XP.

You may find this link helpful:

 http://www.michaelstevenstech.com/cleanxpinstall.html

If you'd rather just clean the existing system, I think that is possible. The HJT log shows various malware that can be removed. Post back if that is what you'd rather do.
0
 
eservandoAuthor Commented:
Hi,

yes i'd rather try and fix the existing malware since reformatting i've done many times and it's too easy so would like the challenge of actually getting rid of some of these guys.  Could you tell me how to proceed, thanks.
0
 
rpggamergirlCommented:
Hi,

NetDotNet is installed in your system you need to remove it. But before you do that as a precaution, please download LSPFix.exe.
http://www.cexx.org/LSPFix.exe

When removing New.Net from your system there is a chance that you might lose your internet connection.
In the event that you lose Internet access after removing New.Net, please double-click LSPFix.exe that you downloaded earlier. You will see 2 panels. If there is any file listed in the "Remove" panel on the right-side, leave it as is and just click "Finish" then reboot your computer, this should restore your internet access.


Now please go Start > Run > Control Panel  
In the Add/Remove programs list, look for
NewDotNet or New.Net and uninstall it.
Also uninstall these:
SaveUninst.exe
ClockSync
Accoona Search Assistant (Acoona)


If NewdotNet or New.Net is not listed in Add/Remove programs list, then please go to their site.
Scroll down to Procedure no.4 and follow the instructions in removing NewDotNet from your system.
http://www.newdotnet.com/removal.html

Also;
Download new.netfix.exe by noahdfear.(it removes the keys that are left behind after uninstalling NewNet, and reset permissions)
http://noahdfear.geekstogo.com/click%20counter/click.php?id=9 
Save the file to your desktop. Double click, then click Start to extract the contents to it's own folder. Open the folder and double click the RunThis.bat file to start the tool. Follow the prompts and post the contents of the new.net.txt file it creates in the folder.


Fix these entries if still present:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.accoona.com/search_assistant/accoona_search_assistant.jsp?&utm_id=400 135&utm_content=leftnav&utm_source=webda&utm_medium=bund&utm_campaign=webda135    
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.accoona.com 
R3 - URLSearchHook: (no name) - <default> - (no file)
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet7_22.dll
O2 - BHO: Accoona Search Assistant - {944864A5-3916-46E2-96A9-A2E84F3F1208} - C:\Program Files\Accoona\ASearchAssist.dll (file missing)
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
O4 - HKCU\..\Run: [ClockSync] "C:\Program Files\ClockSync\Sync.exe" /q

Check and make sure relevant folders are gone:
C:\Program Files\NewDotNet
C:\Program Files\Accoona
C:\Program Files\Save
C:\Program Files\ClockSync

Give us updates afterwards.


0
 
eservandoAuthor Commented:
Hi,

sorry took a while to respond.  i did all the steps and tried to rescan laptop using kaspersky but still turns off around 20%.  I then decided to reinstall xp so i reformatted drive but during format it also turned off after 3 attempts.  Would a bad sector on drive cause this once it reads that part?  Any suggestions?  At this point i just wanna start fresh but can't even format drive.  I wanna use diskette to start up win98 startup disk but laptop doesn't have floppy drive.  Don't mind getting one but fact that it turns off during a format concerns me.  Thanks.
0
 
x30nCommented:
Here try this:  http://download2.lsoft.net/killdiskfloppysetup.exe

once you get this program on a floppy disk, boot your computer with the floppy and read the instructions on how to use it.

This program will basicly secure erase your harddrive (make sure you select your harddrive), and if you know how to use newsgroups search for SpinRite and have that scrub your HD for any issues.
0
 
r-kCommented:
Sorry forgot to follow up earlier.

If you don't have a floopy you can download the ubcd bootable CD (using another computer) then boot from that and run various diagnostics:

 http://www.ultimatebootcd.com/
0
 
eservandoAuthor Commented:
Hi,

was able to download ultimate boot cd but when i tried loading fdisk or other utilities on it they all fail and also system halts or turns off laptop again with a reference that boot sector is corrupted or something to that extent.  As i mentioned i can't even do a format and the message with a skull on bootup is shown when you select the other choice in boot menu so really suspect that this is a boot sector virus.  With your knowledge of ultimate boot disk utilities, is there any choice i have that can clean boot sector virus without using floppy?  Thanks!
0
 
x30nCommented:
Maybe the best thing for you to do is download and install it to a floopy on a computer that you know isnt infected.  Then make sure you lock the floopy from being written to.

I also suggest Kill Disk at http://download2.lsoft.net/killdiskfloppysetup.exe 

The trial will let you do a single pass.
0
 
x30nCommented:
never mind, I just looked at that ultimatebootcd and it has kill disk on it already.   So boot up that cd and use killdisk.  It will wipe your whole drive and you can start to scratch.
0

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

  • 7
  • 6
  • 3
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now