safe mode wont work

captain jack

captain jack

captain jack

Associate
Joined
30 Dec 2003
Posts
217
Location
Scotland
Hi,

I am currently looking at a PC for one of my "dont care much for internet security" friends who has managed to get that somewhat hilarious Metropolitan Virus on his machine > not a problem, can rid the machine of this easy.

Problem is that when i try and boot in to SAFE MODE at start up, it just dives back to the boot up screen.

Without the original windows CD (which im reading doesnt always work anyway) how can i get the machine to load up in SAFE MODE?

Cheers in advance.

CJ
 

edscdk

edscdk

edscdk

Soldato
Joined
17 Jul 2008
Posts
7,369
there is a trick with this sucker....

you need to try and shut the PC down while its starting up and confuse windows so it asks about forcing some apps to close...

one of the applications is the fake ware app thing it might be running under mshta....

the trick is to get that one killed off but then tell windows to stop the shutdown / not to foce anythign else to close.

its easier on a slow PC....

if all elase fails jsut remove the HDD and scan in a different PC

*** this virus often comes in two parts... the fake popup which is fairly easy to remove AND a rootkit that (probably) but the fake message virus on the machine in the first place....

run combofix.exe first, then malwarebytes.org it
 

edscdk

edscdk

edscdk

Soldato
Joined
17 Jul 2008
Posts
7,369
captain jack said:
Without the original windows CD (which im reading doesnt always work anyway) how can i get the machine to load up in SAFE MODE?

Cheers in advance.

CJ
Click to expand...


this virus often comes as a package with other components..

one the good (As in for you) end of the scale its a simple html popup runing under (i think) the mshta process

in the middle of the scale it was installed by a re-existing rootkit

at the WORST end of the scale its encrypted all his data (seen two like this in the last month) - which can only be fixed with a lot of luck (download prog from internet give it pre and post encrypted file and it sorts it)
 

captain jack

captain jack

captain jack

Associate
OP
Joined
30 Dec 2003
Posts
217
Location
Scotland
think i got lucky with this, ran Directory Services Restore Mode, it ran for about 2 seconds said all was fine and booted up into safe Mode :)

All from there was simple enough, through reg edit and blasted it, ran Malwarebytes software over it and all is now cool.

Cheers for the help folks,

CJ
 
You must log in or register to reply here.
Back
Top Bottom