Jump to content

TWEX.EXE cant access win XP.

jp01

By jp01
in Resolved Malware Removal Logs

 Share

Recommended Posts

jp01

jp01

Posted
Posted

Im running Win XP home and AVG anti virus,

Yesterday I had an incident which first closed my MS firewall, then I got lots of googleupdate installation warning error messages.Today it has redirected all google searches to spurious websites, disabled AVG updates, stopped Malwarebytes from running and a few other nasties.

I've managed to get Malwarebytes running by changing the programme name. When I ran it,

it found several trojans, including TWEX.exe.

Malware said it had removed all the trojans except TWEX which it would do on start up.

I so very nearly asked for advice on here BEFORE restarting the PC. I was going to copy over my log file to this my spare PC, and post it.

Oh how I wish for my time over again.

I did click on restart the PC now, which has brought disaster.

I am faced with the blue start up screen with the administrator and my identity box. If I click on these it says logging off, and just comes back to the same screen. I've tried to restart in safe mode but it is just the same.

Please help.

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Well apparently you're posting from another computer. Do you have the Windows XP CD for the affected system?

Do you have access to a CD/DVD burner?

Please try the following and let me know if it fixes it to allow logon or not.

Avira AntiVir Rescue System

Requires access to a working computer with a CD/DVD burner to create a bootable CD.

  • Download the
    Avira AntiVir Rescue System
    from
    here
  • Place a blank CD in your burner and double-click on the downloaded file.

  • The program will automatically burn the CD for you.

  • Place the burned CD into the affected computer and start the computer from this CD.

  • On the bottom left side of the screen there are 2 flags. Using your mouse click on the British flag to use English.

  • Click on the
    Configuration
    button.

    • Select
      Scan all files
    • Select
      Try to repair infected files
      and
      Rename files, if they cannot be removed

    • Select
      Scan for dialers

    • Select
      Scan for joke programs (Jokes)

    • Select
      Scan for games

    • Select
      Scan for spyware (SPR)

    [*]
    Click on
    Virus scanner

    [*]
    Click on
    Start scanner
    at the bottom of the screen

    [*]
    Currently the program does not support saving a log. Write down the amount of items for Records, Suspect files, and Warnings

The Avira AntiVir Rescue System is a Linux-based application that allows accessing computers that cannot be booted anymore and is updated several times a day so that the most recent security updates are always available.

Screen resolution problems

Please see the post
here
if you're unable to view the entire screen of Avira.
Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Yeah, that's what I was afraid of.

Okay I'm guessing here since I have no log to see, but I'm betting that either C:\WINDOWS\system32\userinit.exe is damaged or removed from the registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon Userinit

Or C:\WINDOWS\EXPLORER.EXE and may need to be replaced with good clean copies.

Please download this tool from Microsoft and install it and then burn the .ISO to a CD to do the repair.

Microsoft Diagnostics and Recovery Toolset

30 day evaluation of the Microsoft Diagnostics and Recovery Toolset. This product provides powerful, intuitive tools that help administrators recover PCs that have become unusable, and easily identify root causes of system issues.

Do you know how to burn an .ISO image? It is not the same as burning data to a CD.

Do you have access to a Windows XP CD ?

Link to post
Share on other sites
jp01

jp01

Posted
  • Author
Posted

I've burnt the Microsoft recovery disk, and run it from boot up. But have just hit a full stop.

When I run it I get the ERD Commander screen it asks me to select the windows installation you want to repair.

However, the only option shown is under system root it shows 'none' and under operating system 'none-do not attach to a windows installation.'

My USB mouse doesnt work but I've managed to change the keyboard and time zone options using the keyboard.

If I click on ok (I cant select a windows installation I want to repair) all I get is a blue sceen with the windows start button in the right and a couple of icons (my computer and network connections) There's nothing more I can do.

Thanks for your help so far.

I think you are right regarding the registry and probably the IE is corrupted, as it had been flakey for a few weeks before this virus.

I haven't the orginal XP disk, it is a genuine copy and has the anutentic seal on the PC. I should be able to borrow one from a friend, will that work?

I'd love to get the PC back up and running but the thought has crossed my mind that I cut my losses use ubuntu to try and save my date, buy a OEW XP version off fleabay and reformatting the disk. Any views?

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Well if you've built that CD it should be able to actually copy data from a USB drive back on to the Windows drive as well.

So you okay now or still need help? Let me know your status please.

There is also Ultimate Boot CD for Windows which can basically do the same thing, but also has remote registry tools and disk repair tools and Anti-Virus tools as well, but does require an XP CD to build it.

Link to post
Share on other sites
jp01

jp01

Posted
  • Author
Posted

I'm still deep in the brown stuff.

I cant find the XP CD and the big horror was I couldnt find the COA on the PC.

The supplier of the PC I know went bust a few months after I bought my PC.

There maybe one saving grace, I loaded Belarc Avisor a few months ago and ran it. I've read that this reads the COA, hopefully it is recorded in a log file IF I can get into the PC via UBUNTU and save the data.

My thoughts apart from suicide :P are :-

1. Is there anything I can do to get past the enpasse I outline with the ERD /Microsoft disk ?

2. If not I'll try your suggestion and use the Ultimate Boot CD.

if no joy there

3. its format time.

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Use Ubuntu and copy the c:\windows\system32\userinit.exe from a working XP system to the infected system and see if that works or not.

If it's a registry issue as well then you'll need some tool such as those found on an UBCD4W to edit the remote registry of the infected system.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

  I accept