[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now


Trojan attack of main computer will not allow access to desktop in Safe & Normal Mode

Posted on 2011-09-03
Medium Priority
Last Modified: 2013-11-22
Hello Everyone,

         Earlier this evening, our main computer was attacked by a serious Trojan.  When the attack was first noticed, we tried to launch AVG but we got a message indicating the executalbe file was now infected for AVG.  Also, the same was true of CCleaner.  

          Within a few seconds after that, I noticed the desktop within Safe and Normal Mode is no longer accessiable.  If Safe or Normal Mode is selected within the menu of options, the pc simply restarts itself as opposed to entering into the desktop  Given this situation, is there a way I can remove the infection seeing that I am unable to enter into both, Safe and Normal Mode?

           Any shared input and suggestions for resolving this issue will be greatly appreciated.  I look forward to hearing back from someone.

           Thank you

Question by:GMartin
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
LVL 20

Accepted Solution

n2fc earned 1200 total points
ID: 36477494
If you have access to another PC, your best bet is to pull the hard drive from the infected computer and attach it as a slave to another, good, PC.

Then you can use a good AV/AS program to scan and remove infections from the infected drive.

A/V: Microsoft Security Essentials
A/S: MalwareBytes Anti-Malware

Each of these will scan the slave drive and remove/repair most common infections...

Final step is to check the registry on the infected drive to remove any damage their as well.

Assisted Solution

zazagor earned 800 total points
ID: 36477654

Create a bootable AntiVirus usb-stick/CD/DVD.

Take a look at this list:

Boot the infected computers with the image and clean all viruses.


Author Comment

ID: 36477872

            Regarding the link offered by zazagor, I did notice several different useful utilities.  Which one would you recommend?  Or, should I simply go ahead and use each one given within the link?

             Thank you


Author Comment

ID: 36479291
Hi Everyone,

              After trying out a variety of bootable antimalware utilities given with the link, I will still need further assistance.  Here is what's going on.  Each one of the created bootable ISO utilities does load to a menu of options.  However, when I want the menu of option to scan, the video on the monitor messes up.  And, the video problem is observed in each of the different programs as well.  Could the video card drivers somehow be corrupted as a result of the infection or improper shutdown of Windows.  And, the Kaspersky utlity indicates that WIndows needs to be shut down before continuing.  Unfortunately, I can not enter into Windows either in Safe or Normal Mode, so, naturally, I can not go in and simply shut it down.   At any rate, if I select Continue anyway within Kaspersky, I still get the messed up video.  Is there a way of correcting the video issues so the utilities can run through?

                Thank you


Author Comment

ID: 36481301
Hi Everyone,

            I am very pleased to report this issue is now resolved.  Without any hesitation, let me go ahead and outline the mechanics of how this tricky problem was resolved.  

            First, I had to abandon the idea of trying to resolve Trojan infection of the HDD with it set as a primary bootable HDD because it was only rebooting itself.  Additionally, there was the issue of messed up video as well if I was even lucky enough to boot from a utility CD.  So, I began by taking the infected HDD completely out of the pc>hooking it up to a USB port of my good working pc using an IDE/SATA to USB Converter Cable>starting up the pc.  Once the pc loaded, the drivers for the IDE/SATA to USB Converter Cable was loaded in addition to a drive letter appearing for the infected HDD.  By the way, the jumper for the infected HDD was removed before any of these connections took place.  Sorry, I almost forgot about that aspect of the troubleshooting.  

             Secondly, using the latest version and updates of Avira AntiVir, I began running a complete scan of both, the HDD on the good working pc and of course the HDD which was infected.  This anti-virus program did find 11 infections.  It was able to remove 8 of the 11.  The others were infections located at the boot sector area of the infected HDD.  Realizing that part, I had to add another step to the troubleshooting.

               Thirdly, leaving the boot sequence within the BIOS set for the CDROM being the first boot device, I went ahead and booted to my XP installation CD.  I entered into the Recovery Console by pressing R when requested.  Once at the command line area of the rcovery console, I type fixmbr > enter, then, fixboot > enter.  It is noteworthy to mention that all programs and end user files were not deleted or damaged either.  After those two command line parameters were used and successfullly executed, I did an exit from the Recovery Console and restarted the pc.  Upon restart, the computer gave the option of starting in Normal Mode from a menu.  This time, I was able for the first time to enter the desktop with all of the intact icons without the pc restarting itself.  Just for good measures, I went ahead and ran TDSSKiller.  And, this utility came back with a good report indicating no infections.  

                  In closing, many thanks for the help on this problem.  It was tricky because the virus did an attack of the Master Boot Record or MBR of the HDD which was causing the computer to restart itself.  Basically, Windows XP kept looking for critical files to load itself located at the MBR, but, was unable to do so.  As a result of this vicious cycle of the OS continuing to try locating the files to load itself, the pc just kept restarting itself.  

                Hopefully, all of this information will help someone down the road with a similiar issue in which the boot sector of the HDD becomes infected with a virus.


Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Some site administrators might be considering how to filter incoming traffic to a site by identifying the domains or networks of the traffic source, in the same way that a spam filter does on an email server, such as blocking all emails sent from th…
This article investigates the question of whether a computer can really be cleaned once it has been infected, and what the best ways of cleaning a computer might be (in this author's opinion).
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question