Can't get past virus warning after login

A yellow warning box on a deep blue background appeared telling me that my computer was infected with spyware. I tried several methods to scan for and remove unwanted items. SDFix was used first in safe mode. It found 2 hidden services with executable content but was unable to remove them. I ran a full scan with Windows Defender and found three files with a "Severe Threat" tag. I chose to remove the files with WinDef tools. During the WinDef scan a blue screen appeared saying that windows had shut down to save my computer from damage. I don't why I did this but after a time I hit the F8 key. The blue screened statement disappeared and the WinDef scan had been running all along unabated. After removal of the Trojan files and other suspected malware (7 in all) I rebooted in normal mode. I made it to the login box but instead of windows opening the desk top, the yellow warning showed up. I am now unable to use that computer. Is there anything I can do to avert having to use my PC as a boat anchor? Please help.- Thanks

 

Hi JT53
Welcome to Windowsbbs.

Lets see what we can do.

I'm guessing you have a computer that you can transfer programs from it to the infected computer? USB Stick hopefully??

Then Please do this.

Download Malwarebytes' Anti-Malware (MBAM) from here or here and save the file to your desktop.

Reboot the infected computer into Safe mode with Networking
Transfer MBAM setup.exe to the desktop of the infected computer.

Then do this. in safe mode.

Double click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select 'Perform Quick Scan', then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note below)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Post the entire report in your next reply along with a fresh HijackThis log.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Reboot into normal windows and run MBAM again using the same instruction if you are able to get to windows.

Let me know if any of that was possible. and if so please post the log(s)

Thanks
Geri

 

Geri,

Thanks so much for your reply! I am using a computer at school now. It may take a while for me to reply to your dicrections. Thanks again for your patience and help.

I have another computer at home where the infected computer is located; however, it is not on a network and opperates with Windows 2000 Professional and not XP. It is running IE5 and I have yet to upgrade to IE6. But, I have tried and encountered some difficulty with that. Two things, 1. When first connecting to the internet with the backup computer, a box from the "Message Center" informed me that I had "55 critical errors" in my registery and needed to download a fix from regfix.com (or some such place). I closed the box but different versions of it keep popping up. So far I am ignoring this until I know what is going on. 2. IE5 experiences some sort of trouble and closes when I access Windowsbbs.

So I can not upgrade to IE6 to receive updates from Microsoft. I have downloaded the Malwarebytes program to U3 zip drive at the school but will need extensive instruction on how to get it installed on the infected computer.

A million thanks,

Jim

 

Hi
Boot the infected machine into safe mode with networking.

Safe mode with networking is so you will have internet access when installing MBAM because it will need to update it's data files before running a scan and you will need a internet connection for it to do that.

To transfer the MBAM Setup to the infected computer do this.

Click Start > My Computer minimize the window so you can see the window plus your desk top.
Open the drive that has the zip drive plugged into it now drag and drop the MBAM Setup.exe to the desktop.
Close the window and follow the directions to install and run MBAM.

Geri

 

Geri,

She won't boot up in Safe Mode. I pounce on the F8 key and it still goes right to the normal blue login page. After login, the screen goes directly to yellow spyware warning without displaying the desk top.

Sorry for the trouble.

 

Hi
OK you booted to safe mode to run SDFix, did you use the F8 key to get to safe mode? If not use what ever key got you there and boot into safe mode.

The infected machine Windows XP correct?

Try this, right click on the desktop click on "Arrange Icons by "
Towards the bottom of that window make sure "Show DeskTop Items" is checked, if it is not click on it.
If the icons show up transfer MBAM to the desktop and run the setup.exe and do the afore mentioned instructions.

Geri