Avast WEBforum

Other => Viruses and worms => Topic started by: veccster on February 08, 2011, 05:27:45 PM

Title: Can't access safe mode due to virus....no keyboard or MSCONFIG
Post by: veccster on February 08, 2011, 05:27:45 PM
I am trapped by a virus/malware program.  Not sure how I got it or when I got it but it changed my desktop - which now reads "Remove this virus by running System Cleanup".  I know this is a fake message - it's not even written in proper english.

Anyway, I can press F8 on boot but can't select safe mode because USB keyboard does not work yet (drivers not loaded at that point).  If I turn on the computer and try to run "msconfig", a message says "you do not have permission to access MSCONFIG" - this is due to the virus. 

I just picked up an old school keyboard that uses the purple plug and will try that later tonight.  If I can get into safe mode, can I access the internet and download AVAST?

Sorry...this is all relatively new to me.
Title: Re: Can't access safe mode due to virus....no keyboard or MSCONFIG
Post by: DavidR on February 08, 2011, 07:04:43 PM
Do you have any AV on the infected system ?

I would download avast on the computer you are using now and save it to a USB stick or preferably CD as the USB could potentially get infected. This way you aren't going on-line with an unprotected infected system.

Does this information ring any bells http://www.bleepingcomputer.com/virus-removal/remove-cleanup-antivirus (http://www.bleepingcomputer.com/virus-removal/remove-cleanup-antivirus) ?

If you haven't already got this software (freeware), download, install, update and run it and report the findings (it should product a log file).

Don't worry about reported tracking cookies they are a minor issue and not one of security, allow SAS to deal with them though. - See http://en.wikipedia.org/wiki/HTTP_cookie (http://en.wikipedia.org/wiki/HTTP_cookie).
Also available, a portable version of SAS, http://www.superantispyware.com/portablescanner.html (http://www.superantispyware.com/portablescanner.html), no installation required. This one may be particularly useful if this malware is blocking other security applications.

As with the previous instruction to download on another clean PC and save to USB/CD would also apply.
Title: Re: Can't access safe mode due to virus....no keyboard or MSCONFIG
Post by: veccster on February 09, 2011, 01:46:48 AM
Awesome...thanks!

I used an old keyboard and was able to get into safe mode.  I ran Spybot but it didn't find anything. 

The computer does not have a CD/DVD drive.  Unfortunately, the USB thumb drive does not work in safe mode.  I suppose I have no other option but to enter safe mode with networking and download the two programs you provided.

I'll give it a shot.  Hopefully I am not prevented from using the internet. 
Title: Re: Can't access safe mode due to virus....no keyboard or MSCONFIG
Post by: DavidR on February 09, 2011, 03:05:28 AM
Spybot I feel has depreciated from what it was some years ago.

Did the bleepingcomputers link I gave resemble the fake security alerts, etc. you are getting ?
If not do a search within bleeping computers for the title in the top of windows displaying anything or the names used in the alert window.
Title: Re: Can't access safe mode due to virus....no keyboard or MSCONFIG
Post by: veccster on February 09, 2011, 05:02:53 PM
Unfortunately, I do not recall the exact wording of the messages I was getting but I think it looked similar to the link you posted.  It may have been called "System Cleanup" and it put a red "X" in the task bar. 

Anyway, I got into safe mode and downloaded the two programs you directed me to.  I ran Malware Bytes and it found 280+ threats.  I deleted them and ran the second program.  It found 10.  I then ran Malware again and it found another 10.  Not sure why it didn't clean everything out with the first scan.

I will post the logs this evening when I get home. 

I then downloaded Avast but the installation fails on the last step.  I tried 2x and it failed both times.  Again, I'll post the fail message tonight. 

A scan of both programs this morning turned up no results.  Fingers are crossed that I'm clean again!
Title: Re: Can't access safe mode due to virus....no keyboard or MSCONFIG
Post by: DavidR on February 09, 2011, 06:12:00 PM
Malware has a habit of trying to mask its files, etc. and not all will be detected by a single application. So one you run through once it is possible that you might find more on the second run through.

So I would bin spybot which was a bit of a passenger in this wreck and keep MBAM and SAS as free on-demand scanners to back-up avast. Do a weekly scan with them after updating their malware databases.
Title: Re: Can't access safe mode due to virus....no keyboard or MSCONFIG
Post by: veccster on February 10, 2011, 01:50:05 AM
Great...thanks for the help!

All is well.  I ran both scans in safe mode again and they both came up clean.  I finally turned the computer on in normal mode and see no signs of the virus/malware.  I also got Avast up and running and will keep it going forward.  I'll run periodic scans using the other two.

Yeah...Spybot did nothing for me and definitely changed my opinion.  I used to swear by that program.  Oh well...life goes on.

Thanks again!
Title: Re: Can't access safe mode due to virus....no keyboard or MSCONFIG
Post by: DavidR on February 10, 2011, 02:12:23 AM
Your welcome.

It is best to run MBAM and SAS from normal mode unless you have a specific problem in normal mode (also save the pain in the rear of going into safe mode). The Quick MBAM scan is almost as effective as the Full as it is looking in the more serious areas, where Full looks into less serious issues.