Tech Support Guy banner
Cancel
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice

Clicked a bad link...!

878 Views 10 Replies 2 Participants Last post by  JSntgRvr
J
So today I clicked on something I guess I shouldn't have! As soon as I clicked on it I knew I had a multiple Trojans and a mess to clean up.

I immediately booted into safe mode and ran some scans (AVG virus and AdAware).

That seemed to delete a lot and fix some of it but I still had some files hanging around like the c:\secure32.html file and a dll file was missing, etc.

I then ran an http://www.spywareinfo.dk/download/mwav.exe scan that took about 2 hours and deleted a whole lot!

Much to my surprise when i rebooted I got to the login screen and clicked the user name, got the "logging in" but then it instantly went to "saving your settings...logging off" and stayed at the login page. This happens in both normal and safe mode! I don't know what to do and I can't run a HJT so you guys can take a look...

What do I do?

OS: XP Home
Save
Like
Status
Not open for further replies.
1 - 6 of 11 Posts
JSntgRvr
Hi, jholly.:)

Welcome to TSG.

Boot Last Known Good Configuration
  1. Start your computer.
  2. Tap on the F8 key until you see the Windows Advanced Options menu .
  3. When the Windows Advanced Options menu appears, use the ARROW keys to select Last Known Good Configuration (your most recent settings that worked), and then press ENTER.
  4. If you are running other operating systems on your computer, use the ARROW keys to select Microsoft Windows XP, and then press ENTER.
Click here to download HJTsetup.exe
  • Save HJTsetup.exe to your desktop.
  • Doubleclick on the HJTsetup.exe icon on your desktop.
  • By default it will install to C:\Program Files\Hijack This.
  • Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
  • Put a check by Create a desktop icon then click Next again.
  • Continue to follow the rest of the prompts from there.
  • At the final dialogue box click Finish and it will launch Hijack This.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

If the above link is broken, try this link. Make sure you extract and save the Hijackthis.exe file in a Permanent folder, rather than a Temp folder.
See less See more
Save
Like
JSntgRvr
jholly said:
Unfortunately that didn't work. It did the same thing where it just boots up and then logs right back off...
Any other way to get in?
Any other suggestions?
Click to expand...
Any error messages?
Save
Like
JSntgRvr
Hi, jholly :)

Are you able to load and logon using the Recovery Console? If you remember, of those files detected by AVG, was Winlogon.exe one of these?

Is the computer a Notebook or a Desktop?
Save
Like
JSntgRvr
Hi, jholly :)

I believe you are a victim of a bug in AVG. Click Here for information.

Click Here for information concerning the Recovery Console.

After getting to the Microsoft Windows recovery console you will need to select the Windows installation you wish to log onto. Therefore you will need to press 1, then Enter if you wish to edit the primary Windows installation. If Winlogon.exe is not present in the System32 folder, you will not be able to load the recovery console.

If you are not able to load the recovery console, there are only 2 solutions, you will need to install your hard drive (will need an adapter) in another computer as a slave and copy the Winlogon.exe into the \System32 folder of the troubled drive -or- perform a Repair Install. For a Repair Install you will need your product key. A repair install may disable all your applications as the registry will be re-created.
See less See more
Save
Like
JSntgRvr
Hi, holly

jholly said:
Well now I have a real problem...

For some reason the administrator password isn't working.

I'm not positive if I ever set one or not (this is an ACER notebook and the password may of already been set). If I didn't set it what would I input?

Is there any other way to do this?!
Click to expand...
If you never set one, just leave it blank and press Enter.
Save
Like
JSntgRvr
jholly said:
Yeah, that didn't work either.

There's no way to access it or find out what it is?
Click to expand...
No. You will need to find a way to set the hard drive as a slave as I mentioned before, or perform a Repair Install.

How to Perform a Repair Install.

NoteL: You must remove AVG inmediately after installation, in Safe Mode.
Save
Like
1 - 6 of 11 Posts
Status
Not open for further replies.
Tech Support Guy
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!
Full Forum Listing
Explore Our Forums
Hardware Virus & Other Malware Removal Off Topic Lounge Thread Games & Discussion Networking
Top