Trojan/Virus - kills safe boot

[John L]

WinXP Home, & Media Center
Various system Mfr's

I have just recently run into this issue. System gets infected and will only
boot to normal system and locks desktop.

What is unusual is that it also prohibits any safe boot option.

I have to run the OS CD and initiate the soft recovery (repair).

Any ideas how to get safe boot working again or kill the trojan/virus?

I did a system recovery -> Chkdsk /p /r -> fixboot to no avail.

 

[David H. Lipman]

From: "John L" <[email protected]>

| WinXP Home, & Media Center
| Various system Mfr's

| I have just recently run into this issue. System gets infected and will only
| boot to normal system and locks desktop.

| What is unusual is that it also prohibits any safe boot option.

| I have to run the OS CD and initiate the soft recovery (repair).

| Any ideas how to get safe boot working again or kill the trojan/virus?

| I did a system recovery -> Chkdsk /p /r -> fixboot to no avail.

| --

| *****************
| John Lenz
| (e-mail address removed)


What makes you think this is malware related and not just an OS corruption blocking Safe
Mode operation ?

What have you done to verify this assumption ?

 

[John L]

DAve,

I "take are of" family member PC's. My aunt said she opened an eGreeting,
her system "went crazy" and was re-booting. This is the case. ALl I can do
is OS repair which elimates any track back to the source. The systems got
infected, somehow, and this was the first time I had no Safe Boot recourse
to apply any of my malwarebytes fixes.

John

 

[neil]

DAve,

I "take are of" family member PC's. My aunt said she opened an eGreeting,
her system "went crazy" and was re-booting. This is the case. ALl I can do
is OS repair which elimates any track back to the source. The systems got
infected, somehow, and this was the first time I had no Safe Boot recourse
to apply any of my malwarebytes fixes.

John

--

*****************
John Lenz
(e-mail address removed)

Have you considered taking the drive out and scanning it as a second hard
drive with another PC.?
Neil

 

[David H. Lipman]

From: "John L" <[email protected]>

| DAve,

| I "take are of" family member PC's. My aunt said she opened an eGreeting,
| her system "went crazy" and was re-booting. This is the case. ALl I can do
| is OS repair which elimates any track back to the source. The systems got
| infected, somehow, and this was the first time I had no Safe Boot recourse
| to apply any of my malwarebytes fixes.

| John

| --

| *****************
| John Lenz
| (e-mail address removed)

What anti virus application is on the PC ?

What general anti malware software is on the PC and/or what have you used ?

Why can't you run anti malware software in Normal Mode ?

 

[Jose]

WinXP Home, & Media Center
Various system Mfr's

I have just recently run into this issue. System gets infected and will only
boot to normal system and locks desktop.

What is unusual is that it also prohibits any safe boot option.

I have to run the OS CD and initiate the soft recovery (repair).

Any ideas how to get safe boot working again or kill the trojan/virus?

I did a system recovery -> Chkdsk /p /r -> fixboot to no avail.

--

*****************
John Lenz
(e-mail address removed)

There is malware that prevent booting in Safe Mode (or any kind of
mode).

I am not sure what "prohibits any safe boot option" means.

Would you please elaborate?

When you boot normally and the desktop is locked, does the mouse work?

What do you see on the screen when booting normally to the locked
desktop?

Will CTRL-ALT-DEL bring up Task Manager?

 

[John L]

Addendum - I did run Malwarebytes before if stared re-boot cycle.
Malwarebytes found 15+ trojan/viruses - sorry I did not write them down.
Usually the removal fixes everything.

I was just inquiring is anyone else recently ran across safe boot inhibit.

THX

 

[Elmo]

Addendum - I did run Malwarebytes before if started re-boot cycle.
Malwarebytes found 15+ trojan/viruses - sorry I did not write them down.
Usually the removal fixes everything.

I was just inquiring is anyone else recently ran across safe boot inhibit.

THX

Before trying any Windows repairs, or reinstalls, you might try this:

Burn BitDefender, or another program listed at the link below, to a CD
(using a working machine) and test the infected machine with it.
BitDefender also has a Rootkit checker on the Linux Desktop; run it if
you think that's the problem:

http://www.techmixer.com/free-bootable-antivirus-rescue-cds-download-list/

Download the executable rather than the .iso image, if one is available,
(though no .exe is available for BitDefender).

After the scan is run, if you elect to quarantine files, they're
quarantined to RAM and lost after you reboot. You'll need to copy any
quarantined files to the hard drive, a thumb drive or elsewhere before
exiting.

 

[Jose]

Addendum - I did run Malwarebytes before if stared re-boot cycle.
Malwarebytes found 15+ trojan/viruses - sorry I did not write them down.
Usually the removal fixes everything.

I was just inquiring is anyone else recently ran across safe boot inhibit..

THX

--

*****************
John Lenz
(e-mail address removed)

Of course there is a "Safe Boot inhibit" type infection. Booting in
Safe Mode might help you remove the malicious software so it will
prevent you from doing so.

Malicious software will do things to your system to thwart your
attempts to find and remove it. Safe Mode is a good one but not
terribly challenging to fix anymore.

Other popular targets are things like System Restore, regedit, Task
Manager, explorer.exe, cmd.exe, mbam.exe, SUPERAntiSpyware.exe, (other
executables), etc. - anything that will help you find it or remove it
is a target.

If the malicious software succeeds in making you think reinstalling
Windows is your only option (e.g. you give up), it has accomplished
its mission. High fives all around!

We are lucky malicious software is not as malicious as it could be -
it it really just annoying.

When you get to know the tricks, they are usually moronically simple
to outsmart and remove.