Solved

Trojan attack of main computer will not allow access to desktop in Safe & Normal Mode

Posted on 2011-09-03
5
582 Views
Last Modified: 2013-11-22
Hello Everyone,

         Earlier this evening, our main computer was attacked by a serious Trojan.  When the attack was first noticed, we tried to launch AVG but we got a message indicating the executalbe file was now infected for AVG.  Also, the same was true of CCleaner.  

          Within a few seconds after that, I noticed the desktop within Safe and Normal Mode is no longer accessiable.  If Safe or Normal Mode is selected within the menu of options, the pc simply restarts itself as opposed to entering into the desktop  Given this situation, is there a way I can remove the infection seeing that I am unable to enter into both, Safe and Normal Mode?

           Any shared input and suggestions for resolving this issue will be greatly appreciated.  I look forward to hearing back from someone.

           Thank you

          George
0
Comment
Question by:GMartin
  • 3
5 Comments
 
LVL 19

Accepted Solution

by:
n2fc earned 300 total points
Comment Utility
If you have access to another PC, your best bet is to pull the hard drive from the infected computer and attach it as a slave to another, good, PC.

Then you can use a good AV/AS program to scan and remove infections from the infected drive.

Recommend:
A/V: Microsoft Security Essentials
A/S: MalwareBytes Anti-Malware

Each of these will scan the slave drive and remove/repair most common infections...

Final step is to check the registry on the infected drive to remove any damage their as well.
0
 
LVL 5

Assisted Solution

by:zazagor
zazagor earned 200 total points
Comment Utility
Hi,

Create a bootable AntiVirus usb-stick/CD/DVD.

Take a look at this list:
http://www.techmixer.com/free-bootable-antivirus-rescue-cds-download-list/

Boot the infected computers with the image and clean all viruses.

//zazagor
0
 

Author Comment

by:GMartin
Comment Utility
Hello

            Regarding the link offered by zazagor, I did notice several different useful utilities.  Which one would you recommend?  Or, should I simply go ahead and use each one given within the link?

             Thank you

              George
0
 

Author Comment

by:GMartin
Comment Utility
Hi Everyone,

              After trying out a variety of bootable antimalware utilities given with the link, I will still need further assistance.  Here is what's going on.  Each one of the created bootable ISO utilities does load to a menu of options.  However, when I want the menu of option to scan, the video on the monitor messes up.  And, the video problem is observed in each of the different programs as well.  Could the video card drivers somehow be corrupted as a result of the infection or improper shutdown of Windows.  And, the Kaspersky utlity indicates that WIndows needs to be shut down before continuing.  Unfortunately, I can not enter into Windows either in Safe or Normal Mode, so, naturally, I can not go in and simply shut it down.   At any rate, if I select Continue anyway within Kaspersky, I still get the messed up video.  Is there a way of correcting the video issues so the utilities can run through?

                Thank you

                George
0
 

Author Comment

by:GMartin
Comment Utility
Hi Everyone,

            I am very pleased to report this issue is now resolved.  Without any hesitation, let me go ahead and outline the mechanics of how this tricky problem was resolved.  

            First, I had to abandon the idea of trying to resolve Trojan infection of the HDD with it set as a primary bootable HDD because it was only rebooting itself.  Additionally, there was the issue of messed up video as well if I was even lucky enough to boot from a utility CD.  So, I began by taking the infected HDD completely out of the pc>hooking it up to a USB port of my good working pc using an IDE/SATA to USB Converter Cable>starting up the pc.  Once the pc loaded, the drivers for the IDE/SATA to USB Converter Cable was loaded in addition to a drive letter appearing for the infected HDD.  By the way, the jumper for the infected HDD was removed before any of these connections took place.  Sorry, I almost forgot about that aspect of the troubleshooting.  

             Secondly, using the latest version and updates of Avira AntiVir, I began running a complete scan of both, the HDD on the good working pc and of course the HDD which was infected.  This anti-virus program did find 11 infections.  It was able to remove 8 of the 11.  The others were infections located at the boot sector area of the infected HDD.  Realizing that part, I had to add another step to the troubleshooting.

               Thirdly, leaving the boot sequence within the BIOS set for the CDROM being the first boot device, I went ahead and booted to my XP installation CD.  I entered into the Recovery Console by pressing R when requested.  Once at the command line area of the rcovery console, I type fixmbr > enter, then, fixboot > enter.  It is noteworthy to mention that all programs and end user files were not deleted or damaged either.  After those two command line parameters were used and successfullly executed, I did an exit from the Recovery Console and restarted the pc.  Upon restart, the computer gave the option of starting in Normal Mode from a menu.  This time, I was able for the first time to enter the desktop with all of the intact icons without the pc restarting itself.  Just for good measures, I went ahead and ran TDSSKiller.  And, this utility came back with a good report indicating no infections.  

                  In closing, many thanks for the help on this problem.  It was tricky because the virus did an attack of the Master Boot Record or MBR of the HDD which was causing the computer to restart itself.  Basically, Windows XP kept looking for critical files to load itself located at the MBR, but, was unable to do so.  As a result of this vicious cycle of the OS continuing to try locating the files to load itself, the pc just kept restarting itself.  

                Hopefully, all of this information will help someone down the road with a similiar issue in which the boot sector of the HDD becomes infected with a virus.

                 George
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

12 Steps to a more secure Internet experience (http://tekblog.teksquisite.com/) Everyone who is a licensed driver initially had to pass a driving test that consisted of taking:    1. a written test    2. a road test    3. a vision test Le…
These are on the increase and getting more common these days. Users who use the Google search engine may complain of having their search redirected to unwanted sites, regardless of what browser is used. This happens when the system is infected with…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now