Infected PC (XP) can only boot up in Safe Mode

  RubyJ 11:50 12 Nov 2009
Locked

Would really appreciate any advice on what to do.....
Went to switch my PC on couple of days ago and it took me to a screen (black background) that said there had been a problem caused either by hardware or software and gave me options to select to continue - initially I selected 'Start Windows normally' but this wouldn't work & kept returning me to the same screen. There is an option 'Last known good configuration' but I haven't tried this as if I do have a virus I wasn't sure if I should. I have booted up using Safe Mode, I have also used Safe Mode with Network.
Whatever I have has disabled McAfee Anti Virus, which in Safe Mode was showing as being out of date etc. I logged onto to my acount with McAfee & tried to re install it which appeared to work but when I click on the McAfee icon it displays an error now.
I have Spybot Search & Destroy which I ran and this found the following -
Microsoft.WindowsSecurityCenter.FirewallByPass
Smitfraud.C
Spybot appeared to remove these entries OK.

I also ran SpyHunter which found different things -
Zlob Trojan
Wild Tangent
But I don't have the SpyHunter bit which actually removes these things...
Firstly why are Spybot & SpyHunter finding different things ? (apologies for my ignorance, I'm not a techie!)
Seconding.... can anyone advice what I can do next ?? I have no idea how I have got these problems, I have McAfee which runs all the time & is kept up to date, also Spybot Search & Destroy ?
Any advice would be really apreciated.

  User-1229748 12:05 12 Nov 2009

have you got spyhunter in add/remove as it needs to be removed?hoping you havn't paid anything to these people?you will need to download update and run malwarebytes and superantispyware fromclick here

  provider 2 12:18 12 Nov 2009

Googled a bit and found some very mixed reviews about SpyHunter, which is a bad sign in itself.

As smackheadz says, do what you can to get rid of it then see what Malwarebytes Antimalware and SUPERantispyware (both free) can find.

  RubyJ 12:35 12 Nov 2009

Thanks for the responses. I will try and remove Spyhunter this evening, I downloaded it for a free scan.. obviously a bad move, I haven't paid for anything though. I'm really worried now about downloading anything and causing more damage. Will Superantispyware actually remove anything or just tell me what infection I have ?
Really appreciate your help.

  provider 2 12:43 12 Nov 2009

Both the above will scan then ask what you want to do. Suggest you quarantine everything, first of all, then delete later.

Free scans, as you say, are a definite no-no in the anti-spyware, anti-virus field.

  pcbobby 13:18 12 Nov 2009

Have used Superantispyware for ages. I commend it as safe and easy to use.

I have taken advice from many estabilished memembers.

The following software is free and reliable.

Comodo firewall/antivirus.(Auto updates iteself)

SpywareBlaster. The free version has to be updated manually. It protects, but does not scan.
Can use Comodo or Superantispywrae to scan.

  RubyJ 08:51 13 Nov 2009

I attempted to download Superantispyware last night - booted up in Safe mode with network - only when it got to install I got a message saying Admin rights were needed to continue - which I should have, so I guess whatever has infected my PC has taken admin rights. Is there anything I can do to get this back ?
Thanks again.

  birdface 10:28 13 Nov 2009

I don't suppose that you have tried a system restore to a time when you had no problems.

Maybe give this a try and see if it will run.

click here

  RubyJ 10:30 13 Nov 2009

Showing how ignorant I am here...... how do I do this ? :-)

  provider 2 12:59 13 Nov 2009

I think you should try "Last known good configuration" and see what that produces.

If it`s still not co-operating then "Safe mode with Networking" and leave SUPERAntispyware for the moment and try to download Malwarebytes Antimalware and see if that will run, or buteman`s Dr-Web-CureIt.

(It is Vista you`re using isn`t it? Are you familiar with UAC and how to work with it when downloading programs?)

  User-1229748 13:03 13 Nov 2009

i think rubyj is using xp but last known good configuration is one of the options along with safe mode so she can try that.otherwise i think she may have to download dr web to a usb stick and run it from there.

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

Alienware 17 R4 2017 review

These brilliant Lego posters show just what children's imaginations are capable of

Mac power user tips and hidden tricks

Comment réinitialiser votre PC, ordinateur portable ou tablette Windows ?