Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

virus message displays briefly before user login screen

Posted on 2008-10-16
7
Medium Priority
?
2,498 Views
Last Modified: 2011-10-19
Hi all

This error message pops up when booting the computer up but before the screen where the users can login.. I have taken a photo - but its not the clearest because it is only there for half a second.

I have run Superantispyware and Malwarebytes Antimalware, but neither have been able to get rid of this thing.

***NEW***  I just noticed there is a fake bluescreen that kicks up as the screensaver - it then gives the impression that it is rebooting.. but if you hit escape it simply goes back to the desktop.

Does anyone have any ideas on how to remove this infection?
17102008062error.jpg
17102008060.jpg
0
Comment
Question by:beefstu123
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 2
7 Comments
 
LVL 2

Author Comment

by:beefstu123
ID: 22737017
Attached is the Hijackthis logfile of this system...
hijackthis.log
0
 
LVL 2

Author Comment

by:beefstu123
ID: 22737276
-UPDATE-  now after each restart i am getting the same warning as a background display picture. i have attached a screen shot if anyone needs it
Warning-Message.bmp
0
 
LVL 47

Accepted Solution

by:
rpggamergirl earned 2000 total points
ID: 22740286
Can we look at the malwareBytes log please?

The "Warnig sign" is of Smitfraud, so use Smitfraudix, either Smitfraudfix or SDFix should take care of it, if problem persists then we'll use Combofix.
Download SmitfraudFix, and select Option 2. Clean (Safe mode recommended)
http://siri.geekstogo.com/SmitfraudFix.php

Please download ComboFix by sUBs:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
You must download it to and run it from your Desktop
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log and attach it in your next reply by pasting it in the "Code Snippet" or "Attach File" window.
Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.
CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
0
Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

 
LVL 47

Expert Comment

by:rpggamergirl
ID: 22740324
Or use SDFix, the bad files in the log is in SDFix database.

Download SDFix and save it to your desktop.(either one below)
http://downloads.andymanchesta.com/RemovalTools/SDFix.zip
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

Double click SDFix and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
* Restart your computer
* After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
*  Instead of Windows loading as normal, a menu with options should appear;
*  Select the first option, to run Windows in Safe Mode, then press "Enter".
*  Choose your usual account.
*  Open the extracted folder and double click "RunThis.bat" to start the script.
*  Type "Y" to begin the script.
*  It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
*  Press any Key and it will restart the PC.
*  Your system will take longer that normal to restart as the fixtool will be running and removing files.
*  When the desktop loads the Fixtool will complete the removal and display "Finished", then press any key to end the script and load your desktop icons.
*  Finally open the SDFix folder on your desktop and attach the "Report.txt" back
0
 
LVL 2

Author Comment

by:beefstu123
ID: 22754348
thanks for your help rpggamergirl :)

ive attached the malwarebytes logs for you to see.

smitfraud went through with no troubles and im about to run combo fix

thanks again
mbam-log-2008-10-16--12-52-59-.txt
mbam-log-2008-10-20--10-58-44-.txt
0
 
LVL 2

Author Comment

by:beefstu123
ID: 22755214
here is the combofix log
ComboFix.txt
0
 
LVL 2

Author Closing Comment

by:beefstu123
ID: 31507003
thanks :)
0

Featured Post

Cyber Threats to Small Businesses (Part 1)

This past May, Webroot surveyed more than 600 IT decision-makers at medium-sized companies to see how these small businesses perceived new threats facing their organizations.  Read what Webroot CISO, Gary Hayslip, has to say about the survey in part 1 of this 2-part blog series.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Cybersecurity has become the buzzword of recent years and years to come. The inventions of cloud infrastructure and the Internet of Things has made us question our online safety. Let us explore how cloud- enabled cybersecurity can help us with our b…
Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
In this video, Percona Solution Engineer Rick Golba discuss how (and why) you implement high availability in a database environment. To discuss how Percona Consulting can help with your design and architecture needs for your database and infrastr…
Want to learn how to record your desktop screen without having to use an outside camera. Click on this video and learn how to use the cool google extension called "Screencastify"! Step 1: Open a new google tab Step 2: Go to the left hand upper corn…

670 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question