lketchersid
2009-01-07, 18:15
Working on a computer (my wife's), she clicked on a link in an email. Tea Timer told her that a registry entry change, adding system32/twex.exe to userinit. She told it not to make the entry.
I went to run Spybot, she had version 1.5.2, ran update. It pulled down version 1.6, including a new tea-timer. Said I needed to reboot.
On reboot, Tea-timer saw a bad process, and a window popped up that said it had stopped services.exe and was shutting down in 60seconds.
When I restarted, I now get a black screen if I boot normal (mouse control exists, but no other key combinations have any effect).
I can boot into safe-mode with command prompt. Went to system32 to see if I could delete twex.exe, it is still being held by a process. It took safe-mode command prompt a long time to come up, but it did come up.
Now I am trying to let it run in regular safe mode, waiting for it to come up (since safe-mode with command prompt took a long time, I am assuming patience is a virtue).
Q1: Would Spybot/tea-timer delete a services process during an install? I am pretty sure the malware did not get installed, since Tea-Timer appeared to catch it, so I am not sure how updating to a new version of Spy-Bot got me to this point...unless Tea-Timer got disabled during the upgrade?
Q2: Any suggestions on how to get around the black screen to a usable version of windows so I can run Spybot 1.6 or any other tools?
Thanks,
I went to run Spybot, she had version 1.5.2, ran update. It pulled down version 1.6, including a new tea-timer. Said I needed to reboot.
On reboot, Tea-timer saw a bad process, and a window popped up that said it had stopped services.exe and was shutting down in 60seconds.
When I restarted, I now get a black screen if I boot normal (mouse control exists, but no other key combinations have any effect).
I can boot into safe-mode with command prompt. Went to system32 to see if I could delete twex.exe, it is still being held by a process. It took safe-mode command prompt a long time to come up, but it did come up.
Now I am trying to let it run in regular safe mode, waiting for it to come up (since safe-mode with command prompt took a long time, I am assuming patience is a virtue).
Q1: Would Spybot/tea-timer delete a services process during an install? I am pretty sure the malware did not get installed, since Tea-Timer appeared to catch it, so I am not sure how updating to a new version of Spy-Bot got me to this point...unless Tea-Timer got disabled during the upgrade?
Q2: Any suggestions on how to get around the black screen to a usable version of windows so I can run Spybot 1.6 or any other tools?
Thanks,