• Quick note - the problem with Youtube videos not embedding on the forum appears to have been fixed, thanks to ZiprHead. If you do still see problems let me know.

Got trojan, can't boot in safe mode

Paul C. Anagnostopoulos

Nap, interrupted.
Paul C. Anagnostopoulos
Joined
Aug 3, 2001
Messages
19,141
Well, this is lovely. I have some variant of the "Windows Repair" trojan on my machine. I got this once before and could boot in safe mode to clean things up. This time I cannot boot in any of the variants of safe mode. I see a few files being loaded and then get a stop code of 0000007b. That code is something about not being able to access the hard drives, but I'm pretty confident the hard drives are fine. The diagnostics don't complain.

Has anyone seen this before? Oh, I have a Dell Precision 3500 running Windows XP.

Just to add icing to the cake, my Acronis True Image rescue CD can't find any hard drives, either.

~~Paul
 
Just run MBAM in normal mode for this one (quick search shows that's working for peeps) it actually works better than in safe mode. if you can't get it going/installed run rkill first. hitman pro being cloud-based also saves lives in these situations. don't forget about starting a thread at bleepingcomputer before you pull out your hair, peace
 
Okay, I got a "PC doctor" out here and after five hours I have a running system, more or less. There are still various issues. Perhaps someone can help.

My desktop .url items have lost the "Web document" properties tab and clicking on them does nothing. According to everything I can find, I'm supposed to run:
Code: 
regsvr32 /i shdocvw.dll
It says it succeeded, but it does not fix the problem. Any advice?

~~ Paul
 
Last edited:
go to www.majorgeeks.com

They will take you through a full idagnostic.

In addition to the MBAM mentioned earlier in the thread the Trend micro 'Housecall' is OK.
 
Paul, you should run ComboFix

bleepingcomputer dot com/download/anti-virus/combofix

Combofix should fix most problems. If not, try this website with registry entries to fix broken file type associations. Find the URL registry fix and run that.

dougknox dot com/xp/file_assoc.htm

(i had to change the URLs cos I havent made more than 15 posts yet)
 
I got one of these trojan variants (for Vista), a nasty little bastard. Mbam got it.
 
It's probably the most pernicious virus I've ever seen. I lost a computer to it.
 
Combofix ahould be used with the guys from Majorgeeks help to getthe best.

Try logging on with a different profile, that sometimes helps.
 
Bleeping deos not recomend running Combofix, although i have many many many times

http://www.bleepingcomputer.com/virus-removal/remove-windows-repair

Paul, my guess an it is a guess is that the virus corruoted part of shdocvw.dll.

Sooo....

without more research,
Explore My Computer
Tools>Folder options>View
Unhide hidden, unhide system, show known extensions.

The navigate to Windows/System32/dllcache

and make sure that there is a copy of shdocvw.dll in the dllcache

go to System32 and delete shdocvw.dll in System32

Restart Windows.

This should cause Windows to put the stored copy of shdocvw.dll back into System32

then do the
Code: 
regsvr32 /i shdocvw.dll

And see if that works.

Otherwise you may have to extract it from i386 on an install Cd or service pack files.

Which IE do you use?
 
I also forgot to add id you use sfc scannow, you should run automatic updates asap, in custom mode so you don't get all the Windows Live Crap.

Also if you do a repair install you have to uninstall IE8 and IE7 and reinstall them after the repair.

Code: 
%windir%\ie8\spuninst\spuninst.exe

and
Code: 
%windir%\ie7\spuninst\spuninst.exe

Otherswise you won't have IE after the repair.
 
You must log in or register to reply here.

Back
Top Bottom