Solved

virus or spyware attack on system booting part

Posted on 2008-10-03
9
968 Views
Last Modified: 2013-11-22
Hello to all Experts Professionals, my notebook got some malascious exe file in temp folder of local folder, my norton antivirou 10 corporate warned about some unvalid exe file (password mess.exe)in the temp and also removed some temp files, after that i got message in my DOS prompt window (which automatically poped up) that some file is copied in my boot system . after that i my system held up, i restarted the system, it loads windows normally but after getting admin pssward thr. log on windows,   a black  screen displayed for some seconds and then window displays desktop. after some seconds system becomes slower to halt, before system goes to halt when i try to open task manger, it denys to open by displaying mess that task manager is disabled by admin. when system is halted i press alt,cont,del there displaly messg on top of log on window that virus alert is on, three shortcuts are also installed on desktop i.e. Malware Defender, Protect You Privacy, System Error Fixer.   Earlier i had removed some malacious files like MicroAv.exe, Ctfmon.exe from c\window\system32 folder and yur1ce.exe from window prefect folder, when i restart computer in safe mode a memory dump is initialized and afte that again prompt for to start computer. is there any option to avoied the formating the c drive and remove this malicious spy ware  
0
Comment
Question by:CSELTD
  • 4
  • 4
9 Comments
 
LVL 7

Accepted Solution

by:
myhc earned 500 total points
ID: 22632695
check msconfig to see that is running in your boot.ini and startup registy?
0
 
LVL 5

Expert Comment

by:MattRichardson
ID: 22632737
Ctfmon is usually a legitimate Microsoft file (see link)
http://support.microsoft.com/kb/282599

Removing Spyware:

We use the following:

Combo-fix - http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Hijack This - http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis

This solves about 90-95% of the problems.
0
 
LVL 1

Author Comment

by:CSELTD
ID: 22632780
I appreciate ur comments but problem is that system gets halt after booting, and there is a little time to do any action before system gets halt. i am expecting an exe file which i can boot thr. CD, and my notebook can initialize thr. CD and remove the malicious virus,
0
Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

 
LVL 5

Expert Comment

by:MattRichardson
ID: 22632980
Download the suggested software on another machine.
Burn it to a CD.
Boot infected machine into safe mode. (press F8 key while booting)
Copy software to machine from CD.
Load/run software in safe mode.
0
 
LVL 1

Author Comment

by:CSELTD
ID: 22633032
i have already mentioned that system cannot run on f8(sate mode) when i click on safe mode long repeated path are shown like c\windows\partion01\system etc and after that physical memory dump transfer is started and when it ends again go back to window start up mode.  when i start in normal mode window is loaded and desktop is displayed but not no mouse click or any action is worked after boot. can i run the above software thr. CD in normal mode which i can see at this time?
0
 
LVL 5

Expert Comment

by:MattRichardson
ID: 22633270
My assumption would be no. I am assuming this software combo-fix and hijack this needs to be on the host system.

1.) If it were me I would stop trying to fix it first. Pull the drive to a good system, connect it as a slave, and harvest the data you want to save; before continuing. (maybe run the tools against this system to be safe!)

2.a) Then pull it back, boot on the Windows XP CD (did you mention the OS version?) and try to restore the system. We need to try to get enough of the original system files on the system to boot into safe mode before you go any further.

2.b) If you are desperate use Windows System restore. This assumes that it was running previous to whatever happened to your computer. This link will help you http://support.microsoft.com/kb/306084

It has a 50-50 track record with me. If it at least gets you to safe mode you may be in luck. It also could make things worse. Do a backup first see #1

3.) Once safe mode is working, Proceed with the spyware removal.


Good luck!
0
 
LVL 1

Author Comment

by:CSELTD
ID: 22633658
Thankyou very much to all of u for supporting me to get rid of problem,  i am succeeded to enable safe mode by running msconfig command in run and enabled the safe mode and restart the computer, i run the highjack trend micro tool and delete the files name microAV.exe and some other, when i restart the system check disk file has reset some index by inserting and deleting index numbers, but now problem is that i can not view my network places, means although i am connect to internet thr. DSL but my LAN connection is not shown in tray icon and in my network places, secondly which antispyware i install to get rid of these malicious software to avoid any further loss in future??????? My device manager is also not showing any installed com ports and other hardwares, will i have to do changes thr. system configuration utility (msconfig)????????Thanx
0
 
LVL 1

Author Comment

by:CSELTD
ID: 22635285
Please Advice which anti spyware is effective to protect the system from internet /web attacks???
0
 
LVL 5

Expert Comment

by:MattRichardson
ID: 22635616
I like to look at Top Ten Reviews and find it to be a good metric when looking for off the shelf, boxed software. http://anti-spyware-review.toptenreviews.com/

"Spy Sweeper" from Webroot gets much of the praise in the industry and is a "proactive" "always-on" solution. http://www.webroot.com/En_US/consumer-products-spysweeper.html

0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Most PC repair technicians (if not all) always start their cleanup process by emptying the temp folders before running any removal tools. It makes sense because temp folders are common places for malware installers to lurk and removing all the junk …
Forget those services on TV trying to sell you software – that’s step one.  Almost all of the software you need should be available for free.  The tricky part is doing the work.  If you are not comfortable performing these steps yourself, contact a …
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question