Can't work in Normal Mode... NEED HELP PLEASE!!!

  • Thread starter Thread starter ELC
  • Start date Start date
E

ELC

Guest
I have a DELL Inspiron 6000 running Windows XP Home Edition SP2. I was
browsing the web searching for a medicine properties and I guess it was when
the virus entered my computer. It has been almost 2 weeks now. The virus was
(or is) a Trojan, it appeared as a yellow triangle with "!" sign in the
middle resembling windows alerts; alerting me of potential spyware action.
Minutes later a pop-up appeared and if I click on it (which I did by mistake,
was chatting and hit the enter key when it poped-up) it will re-direct me to
a home page which I never used. I also got my homepage changed (hijacked) to
google.
I had installed AVG anti-virus and it didn't detect the Trojan nor it
avoided its entrance. Now I have Avast.
I have tried many things to kill the virus and work normally but I have not
been successful. When I downloaded SPYWAREfighter (by that time I was aware
of the Trojan and its big power), I had to re-start my computer and then all
got worse.
First it started re-booting automatically, second, when I started in Safe
Mode, I was not able to see the Control Panel icon anymore.
I tried to uninstall the SPYWAREfighter but it didn't let me do it since I
was working in Safe Mode. Finally I bought the XoftSpySE package (including
RegCure) and run it. It found many undesirable files and removed them. Same
thing with RegCure, it found many problems and claimed it had solved them.
But it did not. The system was re-booting automatically when I tried to start
in Normal Mode and the Control Panel was no-where.
Just to check, I tried to Run--> regedit, but it says that it has been
disabled by my administrator. Also it has appeared a few times a popup
indicating that I have "restrictions" in this computer.
Checking the Manage Startup of RegCure, I found that a file (WinAvXXX.exe if
I can recall well) was in first place, I searched for it in the internet and
found a way to remove it and I think I did it, I used SmitfraudFix to do
this, and since then the yellow triangle and the pop up window dissapeared.
But again, when I started in Normal Mode the system rebooted automatically. I
had support from Pareto Systems (the creators of XoftSpy SE and RegCure) and
the Trojans that were continiously appearing everytime I run the scan,
disappeared. However I still can't run my computer in Normal Mode.
Today I decided to re-install Windows and when in the process a pop up
window appeared saying that (I am sorry I didn't copy the text) there were
restrictions in my computer and that a certain characteristic/process could
not be performed. And here I am, working on Safe Mode.
After re-installing Windows, I run XoftSpy SE and found two problems rated
low risk by that program (two cookies) which I removed; I also scanned the
computer with RegCure, this time the results were as follows: 265 Problems
Found
3 COM/ActiveX Entries
1 Application Paths
4 Help Files Information
4 Windows Startup Items
136 File/Path References
1 Program Shortcuts
116 Empty Registry Keys
The program claimed it solved all the problems.
Another "intersting" thing that I noticed was when I was re-starting the
computer in Safe Mode, I saw that the lines read Partition2, and this
computer (hard drive) is not partitioned.
Finally, when I have started in Normal Mode and the computer automatically
re-boot, the following legend has appeared (in a blue background):
"STOP: c000021a {Fatal System errpr}
The Windows subsystem system process terminated unexpectedly with a status
0xc0000005 (0x7c9106c3 0x0055f36c).
The system has been shut down.
Beginning dump of physical memory
Physical memory dump complete.
Contact your system administrator or technical support group for further
assistance"

And that is what I am doing, asking for HELP in this technical support
group. I think I have made the most before posting this here, so if anyone
with knoledge about this problem can help me, I will be very happy.
Thank you so much in advance.

Edgardo
 
Re: Can't work in Normal Mode... NEED HELP PLEASE!!!

A source of good advice
http://www.elephantboycomputers.com/page2.html#Removing_Malware


--



Hope this helps.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~

ELC wrote:
> I have a DELL Inspiron 6000 running Windows XP Home Edition SP2. I was
> browsing the web searching for a medicine properties and I guess it
> was when the virus entered my computer. It has been almost 2 weeks
> now. The virus was (or is) a Trojan, it appeared as a yellow triangle
> with "!" sign in the middle resembling windows alerts; alerting me of
> potential spyware action. Minutes later a pop-up appeared and if I
> click on it (which I did by mistake, was chatting and hit the enter
> key when it poped-up) it will re-direct me to a home page which I
> never used. I also got my homepage changed (hijacked) to google.
> I had installed AVG anti-virus and it didn't detect the Trojan nor it
> avoided its entrance. Now I have Avast.
> I have tried many things to kill the virus and work normally but I
> have not been successful. When I downloaded SPYWAREfighter (by that
> time I was aware of the Trojan and its big power), I had to re-start
> my computer and then all got worse.
> First it started re-booting automatically, second, when I started in
> Safe Mode, I was not able to see the Control Panel icon anymore.
> I tried to uninstall the SPYWAREfighter but it didn't let me do it
> since I was working in Safe Mode. Finally I bought the XoftSpySE
> package (including RegCure) and run it. It found many undesirable
> files and removed them. Same thing with RegCure, it found many
> problems and claimed it had solved them. But it did not. The system
> was re-booting automatically when I tried to start in Normal Mode and
> the Control Panel was no-where.
> Just to check, I tried to Run--> regedit, but it says that it has been
> disabled by my administrator. Also it has appeared a few times a popup
> indicating that I have "restrictions" in this computer.
> Checking the Manage Startup of RegCure, I found that a file
> (WinAvXXX.exe if I can recall well) was in first place, I searched
> for it in the internet and found a way to remove it and I think I did
> it, I used SmitfraudFix to do this, and since then the yellow
> triangle and the pop up window dissapeared. But again, when I started
> in Normal Mode the system rebooted automatically. I had support from
> Pareto Systems (the creators of XoftSpy SE and RegCure) and the
> Trojans that were continiously appearing everytime I run the scan,
> disappeared. However I still can't run my computer in Normal Mode.
> Today I decided to re-install Windows and when in the process a pop up
> window appeared saying that (I am sorry I didn't copy the text) there
> were restrictions in my computer and that a certain
> characteristic/process could not be performed. And here I am, working
> on Safe Mode.
> After re-installing Windows, I run XoftSpy SE and found two problems
> rated low risk by that program (two cookies) which I removed; I also
> scanned the computer with RegCure, this time the results were as
> follows: 265 Problems Found
> 3 COM/ActiveX Entries
> 1 Application Paths
> 4 Help Files Information
> 4 Windows Startup Items
> 136 File/Path References
> 1 Program Shortcuts
> 116 Empty Registry Keys
> The program claimed it solved all the problems.
> Another "intersting" thing that I noticed was when I was re-starting
> the computer in Safe Mode, I saw that the lines read Partition2, and
> this computer (hard drive) is not partitioned.
> Finally, when I have started in Normal Mode and the computer
> automatically re-boot, the following legend has appeared (in a blue
> background): "STOP: c000021a {Fatal System errpr}
> The Windows subsystem system process terminated unexpectedly with a
> status 0xc0000005 (0x7c9106c3 0x0055f36c).
> The system has been shut down.
> Beginning dump of physical memory
> Physical memory dump complete.
> Contact your system administrator or technical support group for
> further assistance"
>
> And that is what I am doing, asking for HELP in this technical support
> group. I think I have made the most before posting this here, so if
> anyone with knoledge about this problem can help me, I will be very
> happy.
> Thank you so much in advance.
>
> Edgardo
 
Re: Can't work in Normal Mode... NEED HELP PLEASE!!!

Thank you Gerry, but unfortunately I didn't succeed with this either. The
thing is that I might have been removed the Trojan (that's what I think) but
the problem is with windows now, it won't start is normal mode; and in safe
mode I can't do many things.
I posted my problem (again), along with the HijackThis Log file in
www.bleepingcomputer.com; I hope I can get some "light: from there.
Thanks for your advice anyway.

Ed

"Gerry" wrote:

> A source of good advice
> http://www.elephantboycomputers.com/page2.html#Removing_Malware
>
>
> --
>
>
>
> Hope this helps.
>
> Gerry
> ~~~~
> FCA
> Stourport, England
> Enquire, plan and execute
> ~~~~~~~~~~~~~~~~~~~
>
> ELC wrote:
> > I have a DELL Inspiron 6000 running Windows XP Home Edition SP2. I was
> > browsing the web searching for a medicine properties and I guess it
> > was when the virus entered my computer. It has been almost 2 weeks
> > now. The virus was (or is) a Trojan, it appeared as a yellow triangle
> > with "!" sign in the middle resembling windows alerts; alerting me of
> > potential spyware action. Minutes later a pop-up appeared and if I
> > click on it (which I did by mistake, was chatting and hit the enter
> > key when it poped-up) it will re-direct me to a home page which I
> > never used. I also got my homepage changed (hijacked) to google.
> > I had installed AVG anti-virus and it didn't detect the Trojan nor it
> > avoided its entrance. Now I have Avast.
> > I have tried many things to kill the virus and work normally but I
> > have not been successful. When I downloaded SPYWAREfighter (by that
> > time I was aware of the Trojan and its big power), I had to re-start
> > my computer and then all got worse.
> > First it started re-booting automatically, second, when I started in
> > Safe Mode, I was not able to see the Control Panel icon anymore.
> > I tried to uninstall the SPYWAREfighter but it didn't let me do it
> > since I was working in Safe Mode. Finally I bought the XoftSpySE
> > package (including RegCure) and run it. It found many undesirable
> > files and removed them. Same thing with RegCure, it found many
> > problems and claimed it had solved them. But it did not. The system
> > was re-booting automatically when I tried to start in Normal Mode and
> > the Control Panel was no-where.
> > Just to check, I tried to Run--> regedit, but it says that it has been
> > disabled by my administrator. Also it has appeared a few times a popup
> > indicating that I have "restrictions" in this computer.
> > Checking the Manage Startup of RegCure, I found that a file
> > (WinAvXXX.exe if I can recall well) was in first place, I searched
> > for it in the internet and found a way to remove it and I think I did
> > it, I used SmitfraudFix to do this, and since then the yellow
> > triangle and the pop up window dissapeared. But again, when I started
> > in Normal Mode the system rebooted automatically. I had support from
> > Pareto Systems (the creators of XoftSpy SE and RegCure) and the
> > Trojans that were continiously appearing everytime I run the scan,
> > disappeared. However I still can't run my computer in Normal Mode.
> > Today I decided to re-install Windows and when in the process a pop up
> > window appeared saying that (I am sorry I didn't copy the text) there
> > were restrictions in my computer and that a certain
> > characteristic/process could not be performed. And here I am, working
> > on Safe Mode.
> > After re-installing Windows, I run XoftSpy SE and found two problems
> > rated low risk by that program (two cookies) which I removed; I also
> > scanned the computer with RegCure, this time the results were as
> > follows: 265 Problems Found
> > 3 COM/ActiveX Entries
> > 1 Application Paths
> > 4 Help Files Information
> > 4 Windows Startup Items
> > 136 File/Path References
> > 1 Program Shortcuts
> > 116 Empty Registry Keys
> > The program claimed it solved all the problems.
> > Another "intersting" thing that I noticed was when I was re-starting
> > the computer in Safe Mode, I saw that the lines read Partition2, and
> > this computer (hard drive) is not partitioned.
> > Finally, when I have started in Normal Mode and the computer
> > automatically re-boot, the following legend has appeared (in a blue
> > background): "STOP: c000021a {Fatal System errpr}
> > The Windows subsystem system process terminated unexpectedly with a
> > status 0xc0000005 (0x7c9106c3 0x0055f36c).
> > The system has been shut down.
> > Beginning dump of physical memory
> > Physical memory dump complete.
> > Contact your system administrator or technical support group for
> > further assistance"
> >
> > And that is what I am doing, asking for HELP in this technical support
> > group. I think I have made the most before posting this here, so if
> > anyone with knoledge about this problem can help me, I will be very
> > happy.
> > Thank you so much in advance.
> >
> > Edgardo
>
>
>
 
Re: Can't work in Normal Mode... NEED HELP PLEASE!!!


John here, customer advocate at Dell headquarters.

If after reinstalling Windows you still have malware, it sounds to me
like something wasn't done right. I'm taking it that you tried some sort
of repair installation to avoid losing data, perhaps?

I would recommend removing anything you want to keep from the hard
drive (USB keys are great for this) and -reformatting- and reinstalling
Windows. That will erase the hard drive, viruses and all, before laying
down a fresh copy of Windows.

I recently fought this virus for someone else, and in the end, that's
what I ended up doing. Maybe I could have fixed it, but I decided that
after spending 3 hours on it, reinstalling Windows completely (for only
2 hours worth of work) was probably what I should have done to begin
with.

If you have any questions, feel free to let me know:

customer_advocate@dell.com
ATTN: John

John
Dell Customer Advocate


--
DellCA
 
Back
Top