Solved

virus message displays briefly before user login screen

Posted on 2008-10-16
7
2,490 Views
Last Modified: 2011-10-19
Hi all

This error message pops up when booting the computer up but before the screen where the users can login.. I have taken a photo - but its not the clearest because it is only there for half a second.

I have run Superantispyware and Malwarebytes Antimalware, but neither have been able to get rid of this thing.

***NEW***  I just noticed there is a fake bluescreen that kicks up as the screensaver - it then gives the impression that it is rebooting.. but if you hit escape it simply goes back to the desktop.

Does anyone have any ideas on how to remove this infection?
17102008062error.jpg
17102008060.jpg
0
Comment
Question by:beefstu123
  • 5
  • 2
7 Comments
 
LVL 2

Author Comment

by:beefstu123
ID: 22737017
Attached is the Hijackthis logfile of this system...
hijackthis.log
0
 
LVL 2

Author Comment

by:beefstu123
ID: 22737276
-UPDATE-  now after each restart i am getting the same warning as a background display picture. i have attached a screen shot if anyone needs it
Warning-Message.bmp
0
 
LVL 47

Accepted Solution

by:
rpggamergirl earned 500 total points
ID: 22740286
Can we look at the malwareBytes log please?

The "Warnig sign" is of Smitfraud, so use Smitfraudix, either Smitfraudfix or SDFix should take care of it, if problem persists then we'll use Combofix.
Download SmitfraudFix, and select Option 2. Clean (Safe mode recommended)
http://siri.geekstogo.com/SmitfraudFix.php

Please download ComboFix by sUBs:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
You must download it to and run it from your Desktop
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log and attach it in your next reply by pasting it in the "Code Snippet" or "Attach File" window.
Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.
CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 
LVL 47

Expert Comment

by:rpggamergirl
ID: 22740324
Or use SDFix, the bad files in the log is in SDFix database.

Download SDFix and save it to your desktop.(either one below)
http://downloads.andymanchesta.com/RemovalTools/SDFix.zip
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

Double click SDFix and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
* Restart your computer
* After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
*  Instead of Windows loading as normal, a menu with options should appear;
*  Select the first option, to run Windows in Safe Mode, then press "Enter".
*  Choose your usual account.
*  Open the extracted folder and double click "RunThis.bat" to start the script.
*  Type "Y" to begin the script.
*  It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
*  Press any Key and it will restart the PC.
*  Your system will take longer that normal to restart as the fixtool will be running and removing files.
*  When the desktop loads the Fixtool will complete the removal and display "Finished", then press any key to end the script and load your desktop icons.
*  Finally open the SDFix folder on your desktop and attach the "Report.txt" back
0
 
LVL 2

Author Comment

by:beefstu123
ID: 22754348
thanks for your help rpggamergirl :)

ive attached the malwarebytes logs for you to see.

smitfraud went through with no troubles and im about to run combo fix

thanks again
mbam-log-2008-10-16--12-52-59-.txt
mbam-log-2008-10-20--10-58-44-.txt
0
 
LVL 2

Author Comment

by:beefstu123
ID: 22755214
here is the combofix log
ComboFix.txt
0
 
LVL 2

Author Closing Comment

by:beefstu123
ID: 31507003
thanks :)
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
This story has been written with permission from the scammed victim, a valued client of mine – identity protected by request.
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now