After downloading something, suddenly there's warning that my PC has been inspected with spyware..

and then
-my wallpaper vanished replaced by blue background and in the middle, there was small black box saying something like, 'windows advised not to use computer before spyware is cleaned'

-computer become slow




I finally shut down all, and restart it back,
and what I get is

-the logon place without password logon box

so now I can't open my Pc at all because there is no place to fill password
(now using other damn PC)


and it seems like my PC also just infected with trojan

can anyone help me? It'll be truly appreciated...

Welcome to http://www.pcguide.com/ubb/pcgubb.gif

I am afraid I don't really understand what you mean... If you can't get into Windows, it is likely that there isn't much we can do... If you can get it, it would be a good idea to start running scans... Download and run Ad-Aware SE and Spybot after updating them (links in my signature)... Then run an online virus scan like HouseCall (also in my signature)... If you have WinXP, use Ewido next:

Please download, install, and update the NEW free version of Ewido trojan scanner (http://www.ewido.net/en/download/):

When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".

When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.

From the main ewido screen, click on update in the left menu, then click the Start update button.

After the update finishes (the status bar at the bottom will display "Update successful")

Click on the Scanner button in the left menu, then click on Complete System Scan. This scan can take quite a while to run.

Check "Perform action with all infections".

When the scan finishes, click on "Save Report". This will create a text file. Make sure you know where to find this file again.


Then download HijackThis and post a log from it:

To run HJT, extract it to a permanent folder such as one
you create like C:\HJT. Close all open windows and
browsers and make sure that all programs are enabled if
you use msconfig. Run it and Scan, then Save the log.
When the log window appears, Right click to Copy it, open
your browser and come here to Paste the entire log. Do
not make any changes until it is checked since most items
are either benign or essential to the computer.

http://www.subratam.org/main/index.php?option=com_content&task=view&id=19&Itemid=41

If you can't get in to the computer in Normal Mode, try it in Safe Mode... To get into Safe Mode, tap the F8 key just before Windows starts to load and select Safe Mode... Depending on the version of Windows, you might try selecting "Last known good configuration" if Safe Mode doesn't work... If that still doesn't work and you have System Restore turned on, you may need to use that...

Please provide more detail and we will have a better idea of how to help...

I'd probably have something like that fixed in 15 min by restoring a backup image of C:, but since you're here asking for help I'll assume you don't have such a backup. :(

If you cannot boot Windows in any form...

Do you have an anti-virus program on a bootable floppy or CD that you can run to scan your HDD?

Would you be prepared to backup the present contents of your system partition, then zero-fill the partition, reformat it, and re-build your software?
Are your vital data held on the same partition as the OS & Programs, or are they kept apart [and safe] on other partitions?

The following are useful tools...
1. How to make a free “Smart Boot Manager” floppy
http://www.pcguide.com/vb/showthread.php?t=41498
This makes it easier to boot a chosen drive [particularly the one holding the EBCD].

2. How to make a free EBCD bootable CD
http://www.pcguide.com/vb/showthread.php?t=41485
This has a number of useful utilities included including "Image" [for DOS, by Terabyte (will backup your partitions)] & "File Manager" (views and manipulates your files). The EBCD also includes an "NT Password Editor". People have reported success in using this to deal with XP user password problems.

Sylvander,

I'd probably have something like that fixed in 15 min by restoring a backup image of C:, but since you're here asking for help I'll assume you don't have such a backup. You have been asked to stop posting your "I told you so comments" in people's threads about malware infections... Please stop again... Also, please hold off on your options to nuke the drive until we can figure out if it can be saved... It is very unusual for that to be the only option...

Also, the EBCD and Smart Boot Manager are not solutions for all problems...

I'll second that, we've been through this already and I, for one, am tired of trying to be polite about it. Chastizing someone who could have done things a different way that they may not have even known about (or how to do) does not help the present situation. The OS is hosed, there is no backup image, try to fix it rather than making the person look like a fool because he or she didn't do what you would recommend long ago, before he or she knew about this site or what you would do.

Second, making an image now and restoring it would be of no benefit whatsoever, the OS is already infected with what sounds like some pretty nasty software, restoring an image of that would only re-create the present circumstances. It has to be cleaned up before a usable image can be made, which brings us back to square one...

As far as I can tell at present, there are only a couple of things I could or would try. If the computer will boot into Safe Mode, there is a good chance you can start cleaning it up from there, at least enough to get it to boot into normal mode so the rest of the cleanup can be accomplished. Use the F8 key during the first boot screens to get into Safe Mode.

If it will not boot into Safe Mode either, then I know of only one or two ways to deal with a situation like this...

1. IF YOU KNOW WHAT YOU'RE DOING...

A bootable CD such as the Ultimate Boot CD, BartPE, Emergency Boot CD or similar should have a file manager similar to Windows Explorer that will allow you to browse the file system, with that you can dig up the files causing trouble and rename them, which should stop them from running next time you reboot. Knoppix is excellent for that too but you have to reset the permissions to allow you to write to the hard drive, it's set read-only by default to keep you from messing up Windows inadvertently. You would need to be pretty familiar with what files are supposed to be in the system folders, and how to find out which ones are the bad guys. Since I do this frequently, I can browse through the System32 folder and find 3/4 of the undesirable files or more every time, then remove the associated registry entries. ( I have software on a good bootable CD with a good registry editor that will let me do this) But that requires a thorough knowledge of what is supposed to be there to begin with, so only attempt it if you are sure you know enough about it. Any questionable files can be looked up easily through Google, I spend a lot of time there...

Then the registry entries can be deleted, comfirmed problem files deleted, and the rest of the security scans run. I did this on a customer's machine just a couple of days ago, it will work, but the first line of this paragraph is critical, you absolutely MUST know what you're doing because if you delete or rename the wrong file you have an even worse problem. So that is an option that is not advisable for the computer illiterate or the faint of heart, but I point it out because it is an option, if you definitely know what you're doing.

The registry entries can be dealt with in the same manner if the bootable CD has a good registry editor available, which not all of them have. That's how I got the machine I mentioned above to boot into Windows so I could finish up. Keep in mind that while this is possible, this particular machine took me around 6 hours to clean up, so it is a very time consuming process.

The other method is my least favorite of all, format the thing and reinstall Windows. If Windows will not boot at all and you cannot employ the bootable CD or Safe Mode options for some reason, then the only thing I know of is reinstall. You have to be able to get into Windows to be able to fix it...otherwise Adaware, Spybot and a dozen trojan hunters won't do any good, you have to be able to boot into Windows to run them...

thanks for the the help everyone, truly appreciated it..

My sis thought of reformat the PC, but that's the least option I want to do since I have around 60 gig files on drive C, and I can't bear to lose them all :( I want to try doing other recommended option, but to log in into the computer is a problem, even trying to boot into safe mode... I still can't. And besides, there are many things I don't understand (a comp illiterate as I am -_-)

I guess my only option left is to ask my dad to send the laptop for a repair. However thanks for all nice people who try to help and assist me.. :)

thanks..

The files may be recoverable if slaved to a PC with a useable OS, but no guarantee if the files are corrupted by the infection.
Good luck to you.

We may still be able to help... How far do you get in the boot process before it crashes?? Are you able to get to the boot menu?? If so, do you have an option to restore to the last good configuration?? Also, it would really help to know what version of Windows we are talking about...

yes, I can go to the boot menu. I can click on start normally , safe mode, etc.. but the problem is the welcome screen, it appears but without login box, shutdown button nor anything, it appear just like a still wallpaper.

I use Windows XP.




Thanks.

i had the same prob what ii did was to boot to safe mode with networking
then run virus checker went and change password restarted and it worked
i hope the helps i may of been lucky

Did you try a last known good configuration option??

What happens when you press Enter on the blank page that comes up??

Is it the same when you go into Safe Mode as on a regular boot??

Do you have your WinXP main disk available to use if we need it??

As for going into Safe Mode with networking... That is very dangerous if you have broadband because you are then on the internet without a firewall or antivirus...

If need be, we can wipe out the password and get into Windows, but we need to know more detail to proceed... Please answer my questions with as much detail as possible....

thanks thugly, but I use broadband and looking at budfred post it seems like it's dangerous, but still .. thank you :)


budfred>>
yes, I try last known good configuration option. But it's still the same, the good-for-nothing welcome screen still appear.

Nothing happen...

Yes, it's just the same when I try to go into safe mode, the welcome screen appear without logon box nor buttons

yes, I have (just a matter of finding it)





thanks..

There are a couple of options you can try with the WinXP install disk...

1. Use it to run a Windows RepairInstall...

http://www.michaelstevenstech.com/XPrepairinstall.htm

2. Use it to install a second copy of XP on the same drive and use that install to fix the original one... This requires about 5gigs to complete the install....

thanks everyone for all the help, truly appreciated it,
blame it on my father's impatient nature, he already brought my laptop for repair early this morning (when I woke up, no trace of my laptop @.@)

it's fixed now although he had to send it for repair two times, the first times only okay for a while so he asked his company's staff to repair it for the second time, and it's okay now..


thanks..
*bow*

Well good luck... Most people who do "repair" out there just nuke the current install and start over... If they actually fixed it without doing that, be impressed... If they didn't nuke it, I suggest running the security scans we were recommending since it may still be infected...

thanks, in fact I'm scanning my laptop as I'm writing this,

and I can quite rest assured since it's my father's staff that repaired it and do it in front of my father that has some computer knowledge :)


thanks.. *bow again*