August 6th, 2006, 12:01 AM
XP Trojan - Safe Mode Login / Auto-Closes Windows
I have a computer that is extremely jacked up. I'm sure it has all sorts of spyware, and a few trojans, and is generally acting very wierd. Lots of starnge behavior, but two things really stick out.
1) I can boot up the computer normally, and log into a user's account which is passworded. I try to boot up in safe mode (regular, cmd, or networking, I've tried this many times), try to log into the same account, with the same pass, and it will not accept the password (there is only one user account, which is passworded). I can not find any information on this, it's extremely wierd, and it would really help if I could just get into safe mode.
2) Whenever I try to start up an application, it is either closed immediately, or never seems to show up. There are a few exceptions to the rule. Sometimes the trojan will pop up which is some sort of browser object, which I can use to open microsoft excel or notepad and stuff. But I can not open the taskmgr, or msconfig, or regedit. I am basically trying to find a way to cut away start up processes.
Does anyone have any ideas of what I can do? I would prefer not to format right now. Computer does not have access to the internet, but I can get a flash drive to upload things to it I guess.
August 6th, 2006, 01:14 AM
And useing the Administrator account in Safe mode is out of the question as well?
My comment here is REMOTE SCANN.
I use a Bart PE Boot CD to (check out the Tut by Irongeek) this allows me to remove the crap, edit the registry.. give the drive a clean and polish.. then reboot and do any final repairs..
First I would say you could get HiJackThis and do a scan and post the log here (if you can get it to run.. again you can do this with the BartPE cd)
"Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr
August 6th, 2006, 01:28 AM
Undies~ is spot on with this. If you use a bootable or "live" CD you can access the internet, run malware scans and the like without ever activating the crap you have been infected with.
More information is here:
Run the PC-Cillin "Housecall" and the Panda online scans. Also:
1. AdAware SE
4. Spybot S & D
August 7th, 2006, 03:14 AM
Fixed. Thank you guys so much.