1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Active Malware Doctor infection - desktop has disappeared

Discussion in 'Malware and Virus Removal Archive' started by sbroderick, 2009/05/28.

  1. 2009/05/28
    sbroderick

    sbroderick Inactive Thread Starter

    Joined:
    2009/05/28
    Messages:
    2
    Likes Received:
    0
    [Active] Malware Doctor infection - desktop has disappeared

    Running WinXP SP3 on a Dell Dimension 8250 P4 with 512KB, and using Symantec Internet Security 2008 as antivirus software. Was running fine until last evening when it acquired the Malware Doctor trojan, which got past Symantec, and when a full system scan was performed, Symantec stated it had removed the infection. However, the machine booted to a blank (except for the background image) desktop - had the mouse cursor, no icons, no taskbar, task manager inaccessible and PC's reboot button inoperative.

    Cut power, and could access safe mode, including internet access via local network.) Installed PC Tools' Spyware Doctor (registered copy) to attempt removal - it found infections, removed them, but on reboot 1) no change to normal boot - still get the blank desktop, and 2) in safemode, get Windows login screen, enter PW, and the system *very* briefly flashes a blank safe mode desktop, states it is saving settings, and cycles back to the Windows login screen again.

    Hoping to regain access without losing all data via a re-installation.

    (Am accessing this formum via a different machine on the same network.)

    (While I know this is a Windows BBS, and that is my system of choice. However, if it might help in a resolution, the system is dual boot with a small Ubuntu 8.14 partition, but that, too, is inaccssible. I was able to get Ubuntu to load (trial mode) from a I am not at all Linux savvy as yet.)
     
    sbroderick,
    #1
  2. 2009/05/28
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    If you're able to operate in Safe Mode...

    Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.
     
    broni,
    #2


  3. to hide this advert.

  4. 2009/05/28
    sbroderick

    sbroderick Inactive Thread Starter

    Joined:
    2009/05/28
    Messages:
    2
    Likes Received:
    0
    followup

    No longer able to access Safe mode since running Spyware Doctor.
    Booting to Safe mode produces the Windows login screen, but admin and existing user accounts exhibit the same behavior: selecting the account (with correct password) initially appears to be accessing Windows, but the blank Safe mode screen flashes for the briefest of instants, then Windows reverts to the login screen, announcing that it is logging off that user, saving settings.
    You can repeat the reboot attempt, or you can repeat the attempted login, but the result is the same.
     
    sbroderick,
    #3
  5. 2009/05/28
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Well, we need Windows access....

    1. If you have Windows CD, follow the steps from here: http://icrontic.com/articles/repair_windows_xp

    2. If you don't have Windows CD...
    Download Windows Recovery Console: http://www.thecomputerparamedic.com/files/rc.iso
    Download, and install free Imgburn: http://www.imgburn.com/index.php?act=download
    Using Imgburn, burn rc.iso to a CD.
    Boot to the CD...let it finish loading.
    When the "Welcome to Setup" screen appears, press R to start the Recovery Console.
    Then, follow the steps from here: http://icrontic.com/articles/repair_windows_xp, starting below this picture on page 1:
    [​IMG]
     
    broni,
    #4

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...