Solved

virus message displays briefly before user login screen

Posted on 2008-10-16
7
2,494 Views
Last Modified: 2011-10-19
Hi all

This error message pops up when booting the computer up but before the screen where the users can login.. I have taken a photo - but its not the clearest because it is only there for half a second.

I have run Superantispyware and Malwarebytes Antimalware, but neither have been able to get rid of this thing.

***NEW***  I just noticed there is a fake bluescreen that kicks up as the screensaver - it then gives the impression that it is rebooting.. but if you hit escape it simply goes back to the desktop.

Does anyone have any ideas on how to remove this infection?
17102008062error.jpg
17102008060.jpg
0
Comment
Question by:beefstu123
  • 5
  • 2
7 Comments
 
LVL 2

Author Comment

by:beefstu123
ID: 22737017
Attached is the Hijackthis logfile of this system...
hijackthis.log
0
 
LVL 2

Author Comment

by:beefstu123
ID: 22737276
-UPDATE-  now after each restart i am getting the same warning as a background display picture. i have attached a screen shot if anyone needs it
Warning-Message.bmp
0
 
LVL 47

Accepted Solution

by:
rpggamergirl earned 500 total points
ID: 22740286
Can we look at the malwareBytes log please?

The "Warnig sign" is of Smitfraud, so use Smitfraudix, either Smitfraudfix or SDFix should take care of it, if problem persists then we'll use Combofix.
Download SmitfraudFix, and select Option 2. Clean (Safe mode recommended)
http://siri.geekstogo.com/SmitfraudFix.php

Please download ComboFix by sUBs:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
You must download it to and run it from your Desktop
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log and attach it in your next reply by pasting it in the "Code Snippet" or "Attach File" window.
Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.
CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 47

Expert Comment

by:rpggamergirl
ID: 22740324
Or use SDFix, the bad files in the log is in SDFix database.

Download SDFix and save it to your desktop.(either one below)
http://downloads.andymanchesta.com/RemovalTools/SDFix.zip
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

Double click SDFix and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
* Restart your computer
* After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
*  Instead of Windows loading as normal, a menu with options should appear;
*  Select the first option, to run Windows in Safe Mode, then press "Enter".
*  Choose your usual account.
*  Open the extracted folder and double click "RunThis.bat" to start the script.
*  Type "Y" to begin the script.
*  It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
*  Press any Key and it will restart the PC.
*  Your system will take longer that normal to restart as the fixtool will be running and removing files.
*  When the desktop loads the Fixtool will complete the removal and display "Finished", then press any key to end the script and load your desktop icons.
*  Finally open the SDFix folder on your desktop and attach the "Report.txt" back
0
 
LVL 2

Author Comment

by:beefstu123
ID: 22754348
thanks for your help rpggamergirl :)

ive attached the malwarebytes logs for you to see.

smitfraud went through with no troubles and im about to run combo fix

thanks again
mbam-log-2008-10-16--12-52-59-.txt
mbam-log-2008-10-20--10-58-44-.txt
0
 
LVL 2

Author Comment

by:beefstu123
ID: 22755214
here is the combofix log
ComboFix.txt
0
 
LVL 2

Author Closing Comment

by:beefstu123
ID: 31507003
thanks :)
0

Featured Post

Free Tool: Postgres Monitoring System

A PHP and Perl based system to collect and display usage statistics from PostgreSQL databases.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Today, still in the boom of Apple, PC's and products, nearly 50% of the computer users use Windows as graphical operating systems. If you are among those users who love windows, but are grappling to keep the system's hard drive optimized, then you s…
This story has been written with permission from the scammed victim, a valued client of mine – identity protected by request.
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…
Finding and deleting duplicate (picture) files can be a time consuming task. My wife and I, our three kids and their families all share one dilemma: Managing our pictures. Between desktops, laptops, phones, tablets, and cameras; over the last decade…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question