We help IT Professionals succeed at work.

virus or spyware attack on system booting part

Last Modified: 2013-11-22
Hello to all Experts Professionals, my notebook got some malascious exe file in temp folder of local folder, my norton antivirou 10 corporate warned about some unvalid exe file (password mess.exe)in the temp and also removed some temp files, after that i got message in my DOS prompt window (which automatically poped up) that some file is copied in my boot system . after that i my system held up, i restarted the system, it loads windows normally but after getting admin pssward thr. log on windows,   a black  screen displayed for some seconds and then window displays desktop. after some seconds system becomes slower to halt, before system goes to halt when i try to open task manger, it denys to open by displaying mess that task manager is disabled by admin. when system is halted i press alt,cont,del there displaly messg on top of log on window that virus alert is on, three shortcuts are also installed on desktop i.e. Malware Defender, Protect You Privacy, System Error Fixer.   Earlier i had removed some malacious files like MicroAv.exe, Ctfmon.exe from c\window\system32 folder and yur1ce.exe from window prefect folder, when i restart computer in safe mode a memory dump is initialized and afte that again prompt for to start computer. is there any option to avoied the formating the c drive and remove this malicious spy ware  
Watch Question

This one is on us!
(Get your first solution completely free - no credit card required)
Ctfmon is usually a legitimate Microsoft file (see link)

Removing Spyware:

We use the following:

Combo-fix - http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Hijack This - http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis

This solves about 90-95% of the problems.


I appreciate ur comments but problem is that system gets halt after booting, and there is a little time to do any action before system gets halt. i am expecting an exe file which i can boot thr. CD, and my notebook can initialize thr. CD and remove the malicious virus,
Download the suggested software on another machine.
Burn it to a CD.
Boot infected machine into safe mode. (press F8 key while booting)
Copy software to machine from CD.
Load/run software in safe mode.


i have already mentioned that system cannot run on f8(sate mode) when i click on safe mode long repeated path are shown like c\windows\partion01\system etc and after that physical memory dump transfer is started and when it ends again go back to window start up mode.  when i start in normal mode window is loaded and desktop is displayed but not no mouse click or any action is worked after boot. can i run the above software thr. CD in normal mode which i can see at this time?
My assumption would be no. I am assuming this software combo-fix and hijack this needs to be on the host system.

1.) If it were me I would stop trying to fix it first. Pull the drive to a good system, connect it as a slave, and harvest the data you want to save; before continuing. (maybe run the tools against this system to be safe!)

2.a) Then pull it back, boot on the Windows XP CD (did you mention the OS version?) and try to restore the system. We need to try to get enough of the original system files on the system to boot into safe mode before you go any further.

2.b) If you are desperate use Windows System restore. This assumes that it was running previous to whatever happened to your computer. This link will help you http://support.microsoft.com/kb/306084

It has a 50-50 track record with me. If it at least gets you to safe mode you may be in luck. It also could make things worse. Do a backup first see #1

3.) Once safe mode is working, Proceed with the spyware removal.

Good luck!


Thankyou very much to all of u for supporting me to get rid of problem,  i am succeeded to enable safe mode by running msconfig command in run and enabled the safe mode and restart the computer, i run the highjack trend micro tool and delete the files name microAV.exe and some other, when i restart the system check disk file has reset some index by inserting and deleting index numbers, but now problem is that i can not view my network places, means although i am connect to internet thr. DSL but my LAN connection is not shown in tray icon and in my network places, secondly which antispyware i install to get rid of these malicious software to avoid any further loss in future??????? My device manager is also not showing any installed com ports and other hardwares, will i have to do changes thr. system configuration utility (msconfig)????????Thanx


Please Advice which anti spyware is effective to protect the system from internet /web attacks???
I like to look at Top Ten Reviews and find it to be a good metric when looking for off the shelf, boxed software. http://anti-spyware-review.toptenreviews.com/

"Spy Sweeper" from Webroot gets much of the praise in the industry and is a "proactive" "always-on" solution. http://www.webroot.com/En_US/consumer-products-spysweeper.html

Gain unlimited access to on-demand training courses with an Experts Exchange subscription.

Get Access
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Empower Your Career
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.


Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.