Go Back   Computer Forums > General Computing > Cyber Safety and Computer Security
Click Here to Login
Join Computer forums Today


Reply
 
Thread Tools Search this Thread Display Modes
 
Old 03-16-2007, 10:56 PM   #1
Baseband Member
 
Join Date: Sep 2006
Posts: 28
Exclamation Please Help

Hi i bought Kaspersky instead of Bitdefender and ran the scan in safe modes it found virtumode and some other trojans. Kaspersky tried deleting virtumode but it said cant delete will delete after reboot. Well the other 5 or six couldnt be unifected so it had to be deleted but they were system32 files. Then i restarted when i turned it on it said that I'm running in diagnose start up or somthing like that. My computer was going to slow it took like 3 minutes to click on start. So i turned it off from the bottom without pressing shutdown becuase it was taking forever. No be deal i thouhgt becuase i did it before. Then i turned it back on everything is going well. The screen turns black and goings to the windows part where its loading and all of a sudden it reboots and it keeps doing that. I cant even turn on my computer anymore.
Except through safe mode. I think its because Kaspersky deleted some very important syster32 files. So i went to safe mode and tried to recover the items. I click on Kaspersky and then it goes to the bottom where the time is like always. But i can double click on it. So i right click on it all of the options work like scan my computer and setting. But i cant go to option and i need to recover those files.
What should i do i cant turn on my computer only through safe mode and thats how im talking to you guys right now.
__________________

rangermike is offline   Reply With Quote
Old 03-16-2007, 11:11 PM   #2
Daemon Poster
 
Starr's Avatar
 
Join Date: Apr 2005
Posts: 926
Send a message via AIM to Starr Send a message via MSN to Starr
Default Re: Please Help

If you boot with your Windows CD in a have it boot to the CD. I believe there is like a repair installation where it can detect important missing files and replace them. I would give that a try.
__________________

__________________
AMD Athlon 64 3200+ Venice Core, MSI K8N Neo-4, 2x 512 Corsair Dual Channel, Nvidia Geforce fx 6600 256MB, 160GB HardDrive

Windows Vista Business Edition

"There are 10 types of people in the world. Those who know binary and those who don't."
Starr is offline   Reply With Quote
Old 03-16-2007, 11:25 PM   #3
In Runtime
 
Daeva's Avatar
 
Join Date: Dec 2005
Posts: 407
Send a message via AIM to Daeva Send a message via MSN to Daeva Send a message via Yahoo to Daeva
Default Re: Please Help

you could attempt to find out which files are missing, if you think that is the cause. If you're in safe mode, go to the command prompt what we need to do is get more information about the problem, and to do that, we go to good old dr. watson.
so, go to start -> run -> in the dialog box type cmd and press enter
from here, type: C:\System32\Drwtsn32.exe -I

This sets Dr. Watson as the default debugger for windows.

Then, you type almost the same command: C:\System32\Drwtsn32.exe
This will open up dr. watson from here you need to enable a couple options to give yourself a little bit more insight.
You want to check the following options: if they're not already checked:
Append to Log File
Create crash Dump(used if you get a blue screen)
Visual Notification

Now, reboot, and let the computer go through the boot process normally. Once it tries to boot once, and shuts down, then you can go back into safe mode.
Now when you boot back into safe mode, again, run dr. watson. same as before(not with the -i).
Go to view the log file, and see if it tells you which file it failed to boot from. If it doesn't (now, don't quote me on this because it's been a while since i've done this) you can explore dr. watson. a bit(and I say that because I don't specifically remember where the information is.) you can find the dump file, and you can attempt to find out from there. If you find the file, it's only a matter of downloading the right file and putting it where it belongs. Hope this helps.
__________________
**Official Self-proclaimed glorified excessive (insert additional adjectives here) post editor/modifier.
Edit = Best feature ever
http://www.twitter.com/xDaevax
Daeva is offline   Reply With Quote
Old 03-16-2007, 11:55 PM   #4
Baseband Member
 
Join Date: Sep 2006
Posts: 28
Default Re: Please Help

ok i went to run typed in CMD got the black screen like it supposed to. Typed in:
C:\System32\Drwtsn32.exe -I
C:\System32\Drwtsn32.exe
and both times i get an error that says:
The system can't find the path specified
So i tried typing in:
C:\System32\Drwtsn32.exe
And got the same error
rangermike is offline   Reply With Quote
Old 03-17-2007, 12:01 AM   #5
In Runtime
 
Daeva's Avatar
 
Join Date: Dec 2005
Posts: 407
Send a message via AIM to Daeva Send a message via MSN to Daeva Send a message via Yahoo to Daeva
Default Re: Please Help

hmmm, it may not be in that directory then, are you running window xp? Well, reguardless drwatson should be there somewhere, try doing a search for it. What you also may have to do is just go in directory by directory. For instance:
first off.. make sure you are in the c drive by typing in c:\ then enter.
next type each of these commands: <enter> means press the enter key(I'm not trying to be an ass, i'm just making an attempt at clarifiing.

cd Windows <enter>
cd system32 <enter>
After you're in that directory, type
DrWatson32.exe -I <enter>
DrWatson32.exe <enter>

If that still doesn't work, type in
dir/p

and scroll through the list and try and find something that looks like Drwatson
__________________
**Official Self-proclaimed glorified excessive (insert additional adjectives here) post editor/modifier.
Edit = Best feature ever
http://www.twitter.com/xDaevax
Daeva is offline   Reply With Quote
Old 03-17-2007, 12:04 AM   #6
Baseband Member
 
Join Date: Sep 2006
Posts: 28
Default Re: Please Help

yes i have xp and I'm searching right now. Is their like a folder i can go to to open it
rangermike is offline   Reply With Quote
Old 03-17-2007, 12:10 AM   #7
Baseband Member
 
Join Date: Sep 2006
Posts: 28
Default Re: Please Help

ok im not getting what your saying but dir?p works what now
rangermike is offline   Reply With Quote
Old 03-17-2007, 12:12 AM   #8
In Runtime
 
Daeva's Avatar
 
Join Date: Dec 2005
Posts: 407
Send a message via AIM to Daeva Send a message via MSN to Daeva Send a message via Yahoo to Daeva
Default Re: Please Help

ok, the problem before was that I forgot to put something in that command box when I first told you.
I should have had you type in
C:\Windows\System32\DrWatson32.exe -I then enter
C:\Windows\System32\DrWatson32.exe then enter

EDIT> CRAP (man, it's getting late, lol) here, for the final time are the exact commands:

when you open up the command prompt at first, before you do anything else type these:
C:\Windows\System32\DRWTSN32.exe -I then enter
C:\Windows\System32\DRWTSN32.exe then enter

(i'm bound to learn how to type one of these days...)
__________________
**Official Self-proclaimed glorified excessive (insert additional adjectives here) post editor/modifier.
Edit = Best feature ever
http://www.twitter.com/xDaevax
Daeva is offline   Reply With Quote
Old 03-17-2007, 12:17 AM   #9
Baseband Member
 
Join Date: Sep 2006
Posts: 28
Default Re: Please Help

ok i found dr. watson i just explored into system 32 and found it now what. I doubled click on it and it says no faults detected
rangermike is offline   Reply With Quote
Old 03-17-2007, 12:20 AM   #10
In Runtime
 
Daeva's Avatar
 
Join Date: Dec 2005
Posts: 407
Send a message via AIM to Daeva Send a message via MSN to Daeva Send a message via Yahoo to Daeva
Default Re: Please Help

Also, windows xp has a great feature(that has saved my ass a number of times) that you are always welcome to try(and i promise i'll spell it right...) You can go to
Start -> All Programs(or Program Files, whichever way you have it setup) ->Accessories -> System tools -> System restore.

Now, if you had system restore turned on(which it is by default), then you may be able to restore the computer back to a date when everything worked properly, if you can, there is a good possibility that could fix your problem, but personally, I would do the drwtsn first anyway, because then you'll know which files were removed, so you know to look for them next time you run an anti-virus or anti-spyware, or anything that modifies your system settings.

EDIT: -> Well, you need to come in through the command prompt, at least once, because you need to set it as the default debugger, unless you can do that after you double clicked the icon(I don't think you can). Then you check all those options I showed before, then reboot, and cross every finger that you have, then once it has the same error as before, go into drwtsn again and check out the log file, (the log file should be pretty big, it would be easier to just do a find(located in the edit menu option in notepad) and type in today's date.
__________________

__________________
**Official Self-proclaimed glorified excessive (insert additional adjectives here) post editor/modifier.
Edit = Best feature ever
http://www.twitter.com/xDaevax
Daeva is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off



All times are GMT -5. The time now is 02:05 AM.


Powered by vBulletin® Version 3.8.8 Beta 4
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
Search Engine Friendly URLs by vBSEO 3.6.0