We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Acer laptop with virus and spyware
MothballsWallet
Posts: 15,912 Forumite
Got an Acer laptop to fix with Windows XP Home on it. I thought I'd got rid of the System Security 2009 fake antivirus program with instructions I found on the net, but I've got more problems 
.
I can't get into Safe Mode because of the malware on there, Malware Bytes won't install properly or scan because of it either.
I can't use a Bitdefender CD as the CD/DVD drive seems to be shot: I put the disk in, and it just goes pulse-silence-pulse-silence a few times before the boot sequence gives up (burnt and tested the CD-R disc on my laptop, and it's fine).
Now I can't even get into Normal mode because I get a Blue Screen of Death (BSOD) with a "CONFIG_LIST_FAILED" error - probably because I used the emergency shutdown as it was taking forever to shut down normally. And because of its configuration, it keeps rebooting on this blue screen and I can't get in to change that.
The 2nd parameter in the BSOD is 0xC000017D, meaning insufficient disk space, the 3rd is 0x00000004 and the 4th is 0xF7CEEBB8.
I've downloaded a copy of a Rescue Console I will burn to CD-R and try that soon: hopefully it will let me into the system enough to free up some disk space and that should get rid of the BSOD.
The only thing I can think of is to get an external USB caddy for the Acer's hard drive, then connect it to my laptop and run a virus and malware scan on it from my laptop, although I would have to buy one of these caddies first.
If I ever catch the people who wrote this System Security 2009 program, I can't say what I'd do to them... :mad:
.I can't get into Safe Mode because of the malware on there, Malware Bytes won't install properly or scan because of it either.
I can't use a Bitdefender CD as the CD/DVD drive seems to be shot: I put the disk in, and it just goes pulse-silence-pulse-silence a few times before the boot sequence gives up (burnt and tested the CD-R disc on my laptop, and it's fine).
Now I can't even get into Normal mode because I get a Blue Screen of Death (BSOD) with a "CONFIG_LIST_FAILED" error - probably because I used the emergency shutdown as it was taking forever to shut down normally. And because of its configuration, it keeps rebooting on this blue screen and I can't get in to change that.
The 2nd parameter in the BSOD is 0xC000017D, meaning insufficient disk space, the 3rd is 0x00000004 and the 4th is 0xF7CEEBB8.
I've downloaded a copy of a Rescue Console I will burn to CD-R and try that soon: hopefully it will let me into the system enough to free up some disk space and that should get rid of the BSOD.
The only thing I can think of is to get an external USB caddy for the Acer's hard drive, then connect it to my laptop and run a virus and malware scan on it from my laptop, although I would have to buy one of these caddies first.
If I ever catch the people who wrote this System Security 2009 program, I can't say what I'd do to them... :mad:
0
Comments
-
Any boot options showing - often with laptops there is a recovery partition and the option to boot from it. Alternately a boot CD.
Obviously that will blow away aany personal files. You could take a chance on backing them up to an external drive first if you have one but make sure you scan the drive with AV before connecting it to any undefended machine (such as yours after the restore to factory default)0 -
Hi kwikbreaks - the only boot options I get are the Safe Mode, Safe Mode with Networking, Safe Mode Command Prompt Only, Last Known Good Configuration and Start Windows Normally - none of them work because I get a BSOD.
And the CD drive seems to be stuffed up the wazoo as it doesn't work - I tried booting from my XP Pro CD, and it just tried to access it for a moment, then gave up and went to the hard drive, so boot CDs are out of the question.0 -
Just a thought, have you got a big (2Gb+) USB pen drive?, if so, try installing a version of linux that boots from such a device. Follow this link http://www.pendrivelinux.com/
for instructions. Before you put it anywhere near your laptop, try booting in in your PC, if you get to the linux desktop, look for a package manager (something like 'synoptics') and use it to install the latest versions on 'clamAV' & 'KlamAV' (the graphic front-end for clamAv). Also add to that 'wine', then 'malwarebytes' (runs under 'wine' (I think)).
Stick this in your laptop, and when powering-on press 'F11', normally this is the common key that brings-up a 'Boot from' menu'. From this, look for a 'boot from USB drive' option and select it.
I have included the above as no all laptops will look for a USB device when booting (unless you go into BIOS and play with the 'Boot from' options).
It is worth keeping this USB stick somewhere safe, as you never know when you may need it again.Never Knowingly Understood.
Member #1 of £1,000 challenge - £13.74/ £1000 (that's 1.374%)
3-6 month EF £0/£3600 (that's 0 days worth)0 -
Hi patman - I thought of that, but this Acer's BIOS doesn't support boot from a USB port as far as I can tell.
However, I found an external case for a laptop drive on Amazon for about 9 quid (inc. delivery) and ordered that. I wanted to get one for when I upgrade the 40GB drive in my own laptop so I can reuse it easily.
I'm running an AVG scan on the Acer's drive now as I've got it in the caddy.0 -
MothballsWallet wrote: »Hi kwikbreaks - the only boot options I get are the Safe Mode, Safe Mode with Networking, Safe Mode Command Prompt Only, Last Known Good Configuration and Start Windows Normally - none of them work because I get a BSOD.
And the CD drive seems to be stuffed up the wazoo as it doesn't work - I tried booting from my XP Pro CD, and it just tried to access it for a moment, then gave up and went to the hard drive, so boot CDs are out of the question.
Go into bios and switch off the hardrive from booting at all, and put the dvd/cd drive to boot 1st:idea:0 -
aliEnRIK - yeah, I looked in the BIOS: I can shift the boot order around, but there's no obvious way to switch a device off in the boot sequence.
Anyway, I've got rid of most of the problems, there's just a rogue Trojan creating batch files, text files and program files.
I've grabbed a HiJackThis log and put it on my webserver {link removed by MbW} (and, yes, I did remember to take it in Windows Normal mode rather than Safe mode
) if someone could please help me decipher it. 0 -
these need fixing
O2 - BHO: ALOT Toolbar BHO - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll
O2 - BHO: (no name) - {6A10732F-BDB9-48B3-9DF7-622478AD74FC} - (no file)
O2 - BHO: {5f124f71-5c2c-d9f8-9904-7b3d1157f95a} - {a59f7511-d3b7-4099-8f9d-c2c517f421f5} - (no file)
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O2 - BHO: (no name) - {D751AC62-7E1F-423E-BD47-E363AFDB977D} - (no file)
03 - Toolbar: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [Msn] c:\yueJ.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [MsnConvert] c:\yueJ.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [MsnMessendger] c:\yueJ.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [Msn] c:\yueJ.exe (User 'Default user')
O16 - DPF: {FF3F0F03-0F01-131A-A3F9-08F02B23E0CC} - http://66.117.37.13/dba1678.exe
020 - Winlogon Notify: geBstuRi - geBstuRi.dll (file missing)Ex forum ambassador
Long term forum member0 -
I'd then try to run Malwarebytes
http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?part=dl-10804572&subj=dl&!!!!!button
or if that fails to run then combofix
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
you may need to rename the malwarebytes install file name , main program name to something else to get them to work
same for combofix
post the log file from whichever you get to runEx forum ambassador
Long term forum member0 -
Browntoa, so how do I fix those things you mentioned in post #8? Do I just run MalwareBytes or ComboFix and let those deal with it or go into the Registry and kill them off manually?0
-
run hijackthis again , put a tick against those entries and then "fix checked " themEx forum ambassador
Long term forum member0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 352.1K Banking & Borrowing
- 253.6K Reduce Debt & Boost Income
- 454.3K Spending & Discounts
- 245.2K Work, Benefits & Business
- 600.9K Mortgages, Homes & Bills
- 177.5K Life & Family
- 259K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 37.7K Read-Only Boards