rpace
2006-03-02, 11:04
The twist is my machine won't boot into safe mode anymore.
I was downloading that 'Still Seeing Breen' Machinama video(from the authors website no less) when all the sudden all this crap pops up on my screen. My first instict was Alt-Ctrl-Dlt, and shut the unfamiliar programs down. I think I killed the program before it finished installing(There was a taskbar icon flashing all the files it was installing). I imediately went to program files, deleted the folder it installed in, went into C:/windows and deleted the HTML file it had placed there for use on my desktop(And deleted the entry in my display settings), and deleted ntzl.exe, lich.exe, and intell321.exe.
Then I ran Hijackthis, got rid of the following entries, which were the only ones different from a normal hijackthis scan.
O4 - HKLM\..\Run: [lich] lich.exe
O4 - HKLM\..\Run: [intell321.exe] C:\WINDOWS\System32\intell321.exe
O4 - HKLM\..\Run: [AlfaCleaner] C:\Program Files\AlfaCleaner\AlfaCleaner.exe
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://udpates.lifesceinc.com/installers/pinstall/pinstall.cab
O23 - Service: AlfaCleanerService - AlfaCleaner.com - C:\Program Files\AlfaCleaner\ACServer.exe
Next step was google, I searched these fine forums, downloaded smitRem, shut my comp down and tried to boot in safe mode. It starts loading the files, and then prompts me to 'Press esc to skip loading vax347b.sys' It restarts whether I press esc or let it load. Comp still boots into normal windows fine, but if I try to boot to safe mode it hangs.
Booting into windows, everything seems fine, the desktop is back to normal, there are no unfamiliar programs running, so I run smitREM. It finds one infected file, and repairs it. I run hijackthis again, then spybot, then ewido anti-malware just for good measure :). None of them found any problems, and windows seems to be operating normally. Still, this leaves me somewhat concerned, without scanning from safe mode I'm feeling a little less than confident. What do you guys think? Am I in the clear? any ideas as to what's keeping me out of safe mode?
I was downloading that 'Still Seeing Breen' Machinama video(from the authors website no less) when all the sudden all this crap pops up on my screen. My first instict was Alt-Ctrl-Dlt, and shut the unfamiliar programs down. I think I killed the program before it finished installing(There was a taskbar icon flashing all the files it was installing). I imediately went to program files, deleted the folder it installed in, went into C:/windows and deleted the HTML file it had placed there for use on my desktop(And deleted the entry in my display settings), and deleted ntzl.exe, lich.exe, and intell321.exe.
Then I ran Hijackthis, got rid of the following entries, which were the only ones different from a normal hijackthis scan.
O4 - HKLM\..\Run: [lich] lich.exe
O4 - HKLM\..\Run: [intell321.exe] C:\WINDOWS\System32\intell321.exe
O4 - HKLM\..\Run: [AlfaCleaner] C:\Program Files\AlfaCleaner\AlfaCleaner.exe
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://udpates.lifesceinc.com/installers/pinstall/pinstall.cab
O23 - Service: AlfaCleanerService - AlfaCleaner.com - C:\Program Files\AlfaCleaner\ACServer.exe
Next step was google, I searched these fine forums, downloaded smitRem, shut my comp down and tried to boot in safe mode. It starts loading the files, and then prompts me to 'Press esc to skip loading vax347b.sys' It restarts whether I press esc or let it load. Comp still boots into normal windows fine, but if I try to boot to safe mode it hangs.
Booting into windows, everything seems fine, the desktop is back to normal, there are no unfamiliar programs running, so I run smitREM. It finds one infected file, and repairs it. I run hijackthis again, then spybot, then ewido anti-malware just for good measure :). None of them found any problems, and windows seems to be operating normally. Still, this leaves me somewhat concerned, without scanning from safe mode I'm feeling a little less than confident. What do you guys think? Am I in the clear? any ideas as to what's keeping me out of safe mode?