[jholly]

So today I clicked on something I guess I shouldn't have! As soon as I clicked on it I knew I had a multiple Trojans and a mess to clean up.

I immediately booted into safe mode and ran some scans (AVG virus and AdAware).

That seemed to delete a lot and fix some of it but I still had some files hanging around like the c:\secure32.html file and a dll file was missing, etc.

I then ran an http://www.spywareinfo.dk/download/mwav.exe scan that took about 2 hours and deleted a whole lot!

Much to my surprise when i rebooted I got to the login screen and clicked the user name, got the "logging in" but then it instantly went to "saving your settings...logging off" and stayed at the login page. This happens in both normal and safe mode! I don't know what to do and I can't run a HJT so you guys can take a look...

What do I do?

OS: XP Home

 

[JSntgRvr]

Hi, jholly.

Welcome to TSG.

Boot Last Known Good Configuration

1. Start your computer.
2. Tap on the F8 key until you see the Windows Advanced Options menu .
3. When the Windows Advanced Options menu appears, use the ARROW keys to select Last Known Good Configuration (your most recent settings that worked), and then press ENTER.
4. If you are running other operating systems on your computer, use the ARROW keys to select Microsoft Windows XP, and then press ENTER.

Click here to download HJTsetup.exe

• Save HJTsetup.exe to your desktop.
• Doubleclick on the HJTsetup.exe icon on your desktop.
• By default it will install to C:\Program Files\Hijack This.
• Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
• Put a check by Create a desktop icon then click Next again.
• Continue to follow the rest of the prompts from there.
• At the final dialogue box click Finish and it will launch Hijack This.
• Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
• Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
• Come back here to this thread and Paste the log in your next reply.
• DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

If the above link is broken, try this link. Make sure you extract and save the Hijackthis.exe file in a Permanent folder, rather than a Temp folder.

 

[jholly]

Unfortunately that didn't work. It did the same thing where it just boots up and then logs right back off...
Any other way to get in?
Any other suggestions?

 

[JSntgRvr]

Unfortunately that didn't work. It did the same thing where it just boots up and then logs right back off...
Any other way to get in?
Any other suggestions?

Any error messages?

 

[JSntgRvr]

Hi, jholly

Are you able to load and logon using the Recovery Console? If you remember, of those files detected by AVG, was Winlogon.exe one of these?

Is the computer a Notebook or a Desktop?

 

[jholly]

I'm not familiar with the Recovery Console, but I will try it, is there anything I should know before using it?

I do believe winlogin.exe was one of them.

And this is a Notebook.

Thanks for all your help.

 

[JSntgRvr]

Hi, jholly

I believe you are a victim of a bug in AVG. Click Here for information.

Click Here for information concerning the Recovery Console.

After getting to the Microsoft Windows recovery console you will need to select the Windows installation you wish to log onto. Therefore you will need to press 1, then Enter if you wish to edit the primary Windows installation. If Winlogon.exe is not present in the System32 folder, you will not be able to load the recovery console.

If you are not able to load the recovery console, there are only 2 solutions, you will need to install your hard drive (will need an adapter) in another computer as a slave and copy the Winlogon.exe into the \System32 folder of the troubled drive -or- perform a Repair Install. For a Repair Install you will need your product key. A repair install may disable all your applications as the registry will be re-created.

 

[jholly]

Well now I have a real problem...

For some reason the administrator password isn't working.

I'm not positive if I ever set one or not (this is an ACER notebook and the password may of already been set). If I didn't set it what would I input?

Is there any other way to do this?!

 

[JSntgRvr]

Hi, holly

Well now I have a real problem...

For some reason the administrator password isn't working.

I'm not positive if I ever set one or not (this is an ACER notebook and the password may of already been set). If I didn't set it what would I input?

Is there any other way to do this?!

If you never set one, just leave it blank and press Enter.

 

[jholly]

Yeah, that didn't work either.

There's no way to access it or find out what it is?

 

[JSntgRvr]

Yeah, that didn't work either.

There's no way to access it or find out what it is?

No. You will need to find a way to set the hard drive as a slave as I mentioned before, or perform a Repair Install.

How to Perform a Repair Install.

NoteL: You must remove AVG inmediately after installation, in Safe Mode.