Solved

virus message displays briefly before user login screen

Posted on 2008-10-16
7
2,491 Views
Last Modified: 2011-10-19
Hi all

This error message pops up when booting the computer up but before the screen where the users can login.. I have taken a photo - but its not the clearest because it is only there for half a second.

I have run Superantispyware and Malwarebytes Antimalware, but neither have been able to get rid of this thing.

***NEW***  I just noticed there is a fake bluescreen that kicks up as the screensaver - it then gives the impression that it is rebooting.. but if you hit escape it simply goes back to the desktop.

Does anyone have any ideas on how to remove this infection?
17102008062error.jpg
17102008060.jpg
0
Comment
Question by:beefstu123
  • 5
  • 2
7 Comments
 
LVL 2

Author Comment

by:beefstu123
ID: 22737017
Attached is the Hijackthis logfile of this system...
hijackthis.log
0
 
LVL 2

Author Comment

by:beefstu123
ID: 22737276
-UPDATE-  now after each restart i am getting the same warning as a background display picture. i have attached a screen shot if anyone needs it
Warning-Message.bmp
0
 
LVL 47

Accepted Solution

by:
rpggamergirl earned 500 total points
ID: 22740286
Can we look at the malwareBytes log please?

The "Warnig sign" is of Smitfraud, so use Smitfraudix, either Smitfraudfix or SDFix should take care of it, if problem persists then we'll use Combofix.
Download SmitfraudFix, and select Option 2. Clean (Safe mode recommended)
http://siri.geekstogo.com/SmitfraudFix.php

Please download ComboFix by sUBs:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
You must download it to and run it from your Desktop
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log and attach it in your next reply by pasting it in the "Code Snippet" or "Attach File" window.
Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.
CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
0
Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

 
LVL 47

Expert Comment

by:rpggamergirl
ID: 22740324
Or use SDFix, the bad files in the log is in SDFix database.

Download SDFix and save it to your desktop.(either one below)
http://downloads.andymanchesta.com/RemovalTools/SDFix.zip
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

Double click SDFix and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
* Restart your computer
* After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
*  Instead of Windows loading as normal, a menu with options should appear;
*  Select the first option, to run Windows in Safe Mode, then press "Enter".
*  Choose your usual account.
*  Open the extracted folder and double click "RunThis.bat" to start the script.
*  Type "Y" to begin the script.
*  It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
*  Press any Key and it will restart the PC.
*  Your system will take longer that normal to restart as the fixtool will be running and removing files.
*  When the desktop loads the Fixtool will complete the removal and display "Finished", then press any key to end the script and load your desktop icons.
*  Finally open the SDFix folder on your desktop and attach the "Report.txt" back
0
 
LVL 2

Author Comment

by:beefstu123
ID: 22754348
thanks for your help rpggamergirl :)

ive attached the malwarebytes logs for you to see.

smitfraud went through with no troubles and im about to run combo fix

thanks again
mbam-log-2008-10-16--12-52-59-.txt
mbam-log-2008-10-20--10-58-44-.txt
0
 
LVL 2

Author Comment

by:beefstu123
ID: 22755214
here is the combofix log
ComboFix.txt
0
 
LVL 2

Author Closing Comment

by:beefstu123
ID: 31507003
thanks :)
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

You cannot be 100% sure that you can protect your organization against crypto ransomware but you can lower down the risk and impact of the infection.
Transferring data across the virtual world became simpler but protecting it is becoming a real security challenge.  How to approach cyber security  in today's business world!
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now