Spyware Infested XP PC won't load Safe Mode

A

aburgard

Limp Gawd
Joined
Dec 28, 2005
Messages
357
I recently received a call from a friend to fix his spyware infested computer. It looks like the issue has exploded since they first started receiving pop-ups and now the computer never reaches an operational status on normal boot. Spyware loads and loads and the system hung for a good 30 minutes straight. I couldn’t even get Task Manager to kill programs. Where they picked up this mess or what it’s called I have no idea yet as I haven’t been able to do any work in Windows.

I took the machine offline so it wouldn’t be broadcasting PII and tried booting into Safe Mode. After 30 minutes trying to load Safe Mode I gave up. I would get the start of the desktop with the Safe Mode indicators at the top and bottom of the screen but no task bar.

I know that I can run an install over the top of the current installation and probably get the system to where I can use it and start cleaning out Spyware and backing up important files.

If anyone has any tips or tricks to share I’m all ears.


(Windows XP Home SP3)
 
IIRC it's one of those malware that replaces the explorer.exe (your desktop) with a virused exe file (I believe svchost.exe or something similar).

You need to change it back in the registry. I'll need to look around again to find out where it is in the registry. It's been awhile.

Edit: before we try playing with the registry, see if this works:

Open My Computer.

Go to Tools>>Folder Options>>View.

Under "Hidden Files and Folders", uncheck "Launch folder windows in a seperate process".

Reboot and see if this takes care of your problem.
 
I'll try that if I can get to the desktop. It's just been freezing so far. I wish we could touch these things from a command line.
 
I wonder if the sfc /scannow command words in Recovery Mode. You might want to try that. It'll attempt to repair and recover all replaced system files.
 
Last time I experienced a virus that wouldn't allow me to boot system, even in safe mode, I booted the system with ERD commander (downloaded it from internet) and that allowed me to restore to an earlier point; great tool!!
 
Take the hard drive out, slave it to a healthy updated machine with a quality updated antivirus product...and other removal tools...and start cleaning away.
 
if explorer doesn't load you can always try ctrl-shift-esc to load task manager and use file -> new task (run) to run whatever programs.
 
If it that infested I would prefer to format the hard disk and reinstall everything. Then you can be sure there are no nasties left.
 
Even if you remove the problems as mlewis said, the problems are probably so rooted into the install its time to format it. Plug in a linux live cd, get essential data off and format. Don't bother.
 
I think thay anyone who gets a comp this messed up probably isnt ready for Linux. Thanks for the tips though. I'm hoping to get things sorted out for him this weekend. Linux Live is a good idea for file recovery.
 
You must log in or register to reply here.
Back
Top