Jump to content

Malware Issue - can't login to XP for logs


Recommended Posts

I hope this is the right place to post this, if not, please point me in the right direction.

I have a laptop that I don't use too often but have suspected was infected. You were able to help me out greatly with a different computer about a month ago, so figured I would come back here.

Heres the deal, I ran MalwareBytes and removed infected. Restarted and downloaded hijack this and ran the scan. I was about to make a post here with the logs, but when I reopened MalwareBytes to copy the latest scan log, a blue screen flashed and the computer restarted. Upon restart, I tried to open MalwareBytes again and the same thing happened. Now, when I try to log in, it loads the settings, and then immediately goes to logging off. I have tried to sign in in safe mode, last good config, etc, and all do the same thing.

Any thoughts on the cause, and what I might be able to do to try and fix this? Thanks.

Link to post
Share on other sites

  • Root Admin

Please take a look at the following posts and see if they help you to resolve this or not.

Potential Malware infection issues to review to get MBAM running

If so then please update and run MBAM and do a Quick Scan.

Update and Scan with Malwarebytes' Anti-Malware

  • Start MalwareBytes AntiMalware (Vista users must Right click and choose RunAs Admin)
  • Please DO NOT run MBAM in Safe Mode unless requested to, you MUST run it in normal Windows mode.
    • Update Malwarebytes' Anti-Malware
    • Select the Update tab
    • Click Update

    [*]When the update is complete, select the Scanner tab

    [*]Select Perform quick scan, then click Scan.

    [*]When the scan is complete, click OK, then Show Results to view the results.

    [*]Be sure that everything is checked, and click Remove Selected.

    [*]When completed, a log will open in Notepad. please copy and paste the log into your next reply

    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Then post back the MBAM log and a new Hijackthis log.

Then run DDS

Download
DDS
and save it to your desktop

Disable any script blocker if your Anti-Virus/Anti-Malware has it.

Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.

Then double click
dds.scr
to run the tool.

When done, the
DDS.txt
will open.

Click Yes at the next prompt for Optional Scan.
    When done, DDS will open two (2) logs:

  1. DDS.txt
  2. Attach.txt

  • Save both reports to your desktop
  • Please include the following logs in your next reply:
    DDS.txt
    and
    Attach.txt

Link to post
Share on other sites

Ron, thanks for taking a look at this.

Unfortunately I was not able to run the Malwarebytes because I think the last time I ran it to removed a file that is now preventing me from logging in altogether. I get the "Loading your personal settings....." then it goes straight to "Logging off..." It does the same thing when attempting to log in via safe mode as well.

Link to post
Share on other sites

  • Root Admin

Probably what has happened is that MBAM removed the infection or enough of the infection that your Anti-Virus or other security software could now see the infected file and removed it. More than likely the C:\WINDOWS\SYSTEM32\USERINIT.EXE file was damaged, quarantined, or deleted.

Do you have the Windows XP CD or access to another working system where you can burn a disk to copy that file back onto the system?

Link to post
Share on other sites

  • Root Admin

I would try burning that file to CD or a USB drive. Then burn one of the Linux boot CDs that hopefully supports USB drives and NTFS and see if you can copy that file back into place.

If worse comes to worse then make sure the other computer if fully up to date with a good Anti-Virus and scans clean for Malware using Malwarebytes and slave the drive from the bad computer into the good one and replace the file. Then put it back and try to startup again and scan for virus/malware.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.