Possible worm!!

[tankmon354]

nothing is infected, so i am free clean?, but if i'm still sending links, what do i do?

 

[little eagle]

Run a scan with you anti-virus program.

 

[little eagle]

I would like for you to Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :

• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
• Instead of Windows loading as normal, the Advanced Options Menu should appear;
• Select the first option, to run Windows in Safe Mode, then press Enter.
• Choose your usual account.

• Open the extracted SDFix folder and double click RunThis.bat to start the script.
• Type Y to begin the cleanup process.
• It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
• Press any Key and it will restart the PC.
• When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
• Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
  (Report.txt will also be copied to Clipboard ready for posting back on the forum).
• Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

 

[tankmon354]

i'm having trouble to enter into safemode. Pressing F8 doesn't work for me, always end up going to menu to boot with what (Hard-drive, floppy,etc.) And going into "msconfig" doesn't work either, cannot find the BOOT.ini tab section

 

[little eagle]

Try running this script. Save it to your desktop and run it ffrom there.
http://www.kellys-korner-xp.com/regs_edits/msconfigdisabled.vbs

 

[tankmon354]

it's telling me to delete programs that i have, should i delete them??

 

[little eagle]

It should not be doing this. Are you sure that it's asking you to remove them?

 

[tankmon354]

yeah it says its disabled these things from startupreg key. then it asks would you liek to selectively delete any of these items

 

[little eagle]

Do not delete them, reboot when done and see if you can boot in safe mode.

 

[tankmon354]

still can't, everytime i press F8 it goes to like "Boot First Device" and i still cannot find the tab section BOOT.ini in msconfig

 

[little eagle]

Click \start\run\then type in or copy and paste in

sfc /scannow note the space between c and /


You must be logged on as a member of the Administrators group to run sfc.

If sfc discovers that a protected file has been overwritten, it retrieves the correct version of the file from the
%systemroot%\system32\dllcache folder, and then replaces the incorrect file.

Try this link if you have any trouble.

http://www.updatexp.com/scannow-sfc.html

 

[tankmon354]

i cannot copy that folder into the computer, keeps getting error on lots of files (.dll).

can i just use the CD with the sfc /scannow ?

 

[little eagle]

Yes did you read the link?

http://www.updatexp.com/scannow-sfc.html

 

[tankmon354]

yaeh, i just follwoed the step, put into C drive, but didnt read entire page though.

 

[tankmon354]

okay, i finish, what do i do now?

 

[tankmon354]

um hello

 

[little eagle]

okay, i finish, what do i do now?

Are you able to get in to safe mode?

I'm going to need a little more information.

 

[tankmon354]

nope, should i continue to restart computer or shut off in a bad way to get into safe mode?

 

[little eagle]

What do you mean in a bad way?

 

[tankmon354]

like continuely restart computer in an incorrect way, not through (start>shutdown>restart) but through pressing the button next to the turn on button