Jump to content

used anti-malware for Antivirus XP 2010, now computer wont start,

mikej3131
 Share

Recommended Posts

mikej3131

mikej3131

Posted
Posted

OK before i created this topic in this forum section, i posted the below paragraph in the General forum and they said to come here and do the steps and posts my logs. Well can you read below and tell me if i can do all those steps in "last known working configuration mode" on my computer? Will i get the same results or should i go a different route for fixing my computer. Below is my issue and the explanation of how i can only boot up in "last known working configuration mode"

"I ran anti-malware and there were 14 virus's. I chose to show results and clicked remove all. It finished but said it needed to be restarted to remove 'all' of the viruses. I clicked ok and then the computer went to go restart. I waited about 10 minutes and the comp just was at a stand still with a blank screen. I figured the restart wasnt working so i manually hit the power button. Well ever since then, i cannot turn the computer on normally. When i just hit the power button to turn it on and wait, i get the "Gateway" splash screen for my gateway computer but then it never goes to the O.S. login screen and stays at a blank screen. So i tried booting in safe mode. Safe mode got to the point where it loads drivers and stopped at "windows\system32\DRIVERS\isapnp/sys" then it freezes. I then chose to bootup with the option "last known working configuration". This option worked and my computer booted up, however, i get about 40 'Bad Image' warnings i.e. "The application or DLL C:\Windows\System32\app_dl.dll is not a valid windiws image, please check this against your installation diskette". And then also got a couple RunDLL warnings i.e. error loading c:\windows\system32\yuzogovu.dll. the specified module could not be found. After clicking all these warning messages, my computer is then on."

Link to post
Share on other sites
negster22

negster22

Posted
Posted

Hi and Welcome to the Malwarebytes' forum.

You can complete these instructions in LKGF mode.

Please download ATF Cleaner by Atribune

  • Close Internet Explorer and any other open browsers
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.

If you use Firefox browser

  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click
  • No at the prompt.

If you use Opera browser

  • Click Opera at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

Reboot

Download rkill.com:

http://download.bleepingcomputer.com/grinler/rkill.com

1. Once it is downloaded, double-click on the rkill.com in order to automatically attempt to stop any processes associated with Rogue programs.

2. Please be patient while the program looks for various malware programs and ends them.

3. When it has finished, the black window will automatically close and you can continue with the next step. Please post back the rkill log that is generated.

Next, download this Antirootkit Program to a folder that you create such as C:\ARK, by choosing the "Download EXE" button on the webpage.

Disable the active protection component of your antivirus by following the directions that apply here:

http://www.bleepingcomputer.com/forums/topic114351.html

Next, please perform a rootkit scan:

  • Double-click the randomly named EXE located in the C:\ARK folder that you just downloaded to run the program.
  • When the program opens, it will automatically initiate a very fast scan of common rootkit hiding places.
  • When this "quick" scan is finished (a few seconds), copy the Quick scan report to the windows clipboard
  • Open Notepad or a similar text editor
  • Paste the clipboard contents into a text file by clicking Edit | Paste or Ctl V
  • Exit the Program
  • Save the Scan log as ARKQ.txt and post it in your next reply. If the log is very long attach it please.

Please download Combofix from one of these locations:

HERE or HERE

In the Combofix Guide at Bleeping Computer aka A guide and tutorial on using ComboFix

http://www.bleepingcomputer.com/combofix/h...se-combofix#use

Using ComboFix ->

I want you to rename Combofix.exe as you download it to rayman.exe

Notes:

  • It is very important that save the newly renamed EXE file to your desktop.
  • You must rename Combofixe.exe as you download it and not after it is on your computer.
    You may have to modify your browser settings if you use Firefox, so you can rename Combofix.exe as you download it. To do that:
    • Open Firefox
    • Click Tools -> Options -> Main
    • Under the downloads section check the button that says "Always ask me where to save files".
    • Click OK

    [*]For Internet Explorer:

    • Choose to save, not open the file
    • When prompted - save the file to your desktop, and rename it anything with an .exe extension on the end.

VERY IMPORTANT: Here is a tutorial that describes how to download, install and run Combofix more thoroughly. Please review it and follow the prompts to install Recovery Console - if you have not done that already:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Very Important! Temporarily disable your antivirus and antimalware real-time protection and any script blocking components of them or your firewall before performing a scan. They can interfere with ComboFix and even remove onboard components so it is rendered ineffective:

http://www.bleepingcomputer.com/forums/topic114351.html

Note: The above tutorial does not tell you to rename Combofix as I have instructed you to do in the above instructions, so make sure you complete the renaming step before launching Combofix.

Running Combofix

In the event you already have Combofix, please delete it as this is a new version.

  • Close any open browsers.
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix.

1. Launch Combofix (rayman.exe) from the Run Line, as follows:

Navigate to Start --> Run, and copy/paste this command exactly as shown, then hit Enter:

"%userprofile%\desktop\rayman.exe" /killall

2. When finished, it will produce a logfile located at C:\ComboFix.txt

3. Post the contents of C:\Combofix.txt in your next reply with rkill.txt and ARKQ.txt.

Note: Do NOT mouseclick combofix's window while it is running. That may cause your system to stall/hang.

Link to post
Share on other sites
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.