Results 1 to 3 of 3
  1. #1
    Member
    Join Date
    Oct 2007
    Location
    California
    Posts
    1
    Points
    0

    Default Looks like I'm screwed!

    I hope someone has an idea that can help. My Windows XP is requiring me to enter a login password, but I didn't turn on passwords.

    Last Thursday I got a nasty virus. It created a bunch of files and processes, including, avp.exe, mgrs.exe, ucleaner_setup.exe and a lot more. You may know about this one. It was very busy attacking my disk, so I took my system offline and hunted down a list of suspected files.

    Some files could not be deleted. Others would simply regenerate. I dug into the TaskManager looking for processes that shouldn't be there. I found that some of the offending programs were only there for a few seconds. It seemed to help when I ended any process like "*.TMP", but even after everything seemed to settle down and the process list looked OK, there were several files on my list that were locked by something or someone.

    I searched for references to these files in the registry. When I deleted everything evil that I could find, closed the registry editor and reopened it, some of the nasty references had come back.

    I suspected that something had infected the explorer process, so I deleted all the evil stuff again, but before exiting the registry editor I killed the explorer process. When I rebooted the system asked me for a password for any of the four user accounts I had setup. I of course never created a password, so I can't know what it is to enter it. Now I can't even get into my computer to get the virus out.

    Any ideas??? I have very little hair left to tear out.

  2. #2
    Member
    Join Date
    Dec 2002
    Posts
    12,000
    Points
    1191

    Default

    Looks like your subject has said it all "Looks like I'm screwed"
    as we don't provide any help with passwords.

    It appears since that you have another PC, is to remove the now trashed HD and install it as a slave in a good PC. Copy your important docuements/files/pictures etc. Don't copy any programs, exe.files, cab files.

    I am going to assume you have tried the safe mode, I know that is a very slim chance of working.

    BG

  3. #3
    Member steamwiz's Avatar
    Join Date
    Sep 2003
    Location
    Yorkshire U.K.
    Posts
    14,022
    Points
    2335

    Default Re: Looks like I'm screwed!

    Quote Originally Posted by tomcat
    I searched for references to these files in the registry. When I deleted everything evil that I could find, closed the registry editor and reopened it, some of the nasty references had come back.
    Did you back up the registry first ?

    Regedit is a very powerful tool, looks like you removed something you shouldn't have ...

    I wonder if you edited the winlogon userinit key ?

    May be it had malware loading from the key like this ?

    UserInit=userinit.exe,oqknkwo.exe

    if you removed the whole key & not just the malware, then you would not be able to log on to windows ...

    Maybe the key is still there, but is now empty & should be pointing to :-

    C:\WINDOWS\system32\userinit.exe

    This is all speculation ... as you can't get into windows anyway, you could always boot into a Linux distro ... there's an article on how to do this ...

    But I don't know how you'd get into the windows registry from Linux.. but you could copy any of your personal files to a flashdrive that way ... then reinstall windows ...

    steam
    Look here for Ways to keep your computer safe
    M'SOFT MVP -Windows Security 2004/8 .member ASAP -