IS2010

[JamesCelk]

I was redirected here from the general forum via this thread --> http://www.malwarebytes.org/forums/index.php?showtopic=35497.

Unfortunately I can't even reach the desktop to perform the directions that post indicates. I turn the computer on, and when running normally it reaches the logon screen. When I type in the admin password to logon, it automatically resets to the logon screen again.

When trying to boot in safe mode, it automatically restarts the computer. Any help would be greatly appreciated.

Thanks in advance,

James

[miekiemoes]

Hi,

I just read your other post and it looks like your friend also deleted the reference to userinit in the registry.

What I suggest is to create a bootcd using Bartpe and follow the steps here: http://windowsxp.mvps.org/peboot.htm how to fix Userinit value in the registry.

[JamesCelk]

Miekiemoes,

Thanks for the response. So far this has helped. I'll admit I'm a bit over my head, but I understand basically what's going on. I created the CD, loaded it into the computer. I've made it to step five on that list which says:

Type a name for the hive that you've loaded now. (Example: MyXPHive)

Unfortunately when I try to create a hive, the computer sends a return message saying:

Cannot Load X:\I386SYSTEM32\CONFIG\SOFTWARE: Access is denied.

Again, I'm stuck.

I appreciate the help,

James

[miekiemoes]

Hi James,

You are doing something wrong though..

Via the BartPe, you have to select the hive C:\Windows\System32\Config\SOFTWARE (assuming C:\ is the place where the corrupted/damaged/infected windows is installed on)

It looks like you've chosen the hive from the bartPe one instead.

Reread the instructions here, step by step: http://windowsxp.mvps.org/peboot.htm

[JamesCelk]

Miekiemoes,

You were correct, I did that part incorrectly. I've fixed that and now have access to the desktop again. The malware is still blocking access to the internet, so I downloaded mbam-setup.exe and put it on a zipdrive and transfered it to the infected computer. When I try and install it the infection prevents it. I renamed it to firefox.exe and it allowed the program to run. When I select perform a quick scan, it starts for two seconds then closes the program. Any ideas?

James

[miekiemoes]

Good to hear you're back on the desktop again

I assume you renamed the installer to firefox.exe in order to get it to install? You may also want to rename the mbam.exe present in the Malwarebytes' anti-malware folder to firefox.exe and then launch ot from there.

Let me know if that works.

[JamesCelk]

I was looking at one of the other posts you made, and I downloaded the random named file and that has seemed to work. I'm currently running a quick scan and it has found 9 infections so far. I'll let you know how it turns out. Thank you so much for the help.

James

[JamesCelk]

That has fixed it. Thank you so much again for the help, you're my hero.

James

[miekiemoes]

Good to hear and glad I could help

Please let your roommate read my Prevention page with lots of info and tips how to prevent this in the future.

And if you want to improve speed/system performance after malware removal, take a look here.

Extra note: Make sure your programs are up to date - because older versions may contain Security Leaks. To find out what programs need to be updated, please run the Secunia Software Inspector Scan.

Happy Surfing again!

[miekiemoes]

Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you.