Jadwiseman Posted April 28, 2009 Hi there, I'm having a little bit of a problem with what i'm pretty sure is a new varient of Vundo... and it's smarter than any other that i've come across. Usually you would get the blocked registry, task manager, msconfig... ect and many popups warning that your infected, some even changed my system clock to say "VIRUS!!!" ... which was pretty cool actually, but SuperAntiSpyware would always be the key factor in repairing the system and getting rid of it all. Now i've had one that caused my system to BSOD while running SuperAntiSpyware, the scan had already detected three seperate infections, one being something to do with smitfraud? or something... and since then I haven't been able to boot into my OS... I can get past post but it will automatically restart, safe mode loads to the point that it asks me if I want to system restore or not and then will reboot. This things also changes my 'Administrator' password everytime I try to change it to something else so I can't login via that account or login to the OS in the Recovery Console. The only solution so far that has worked is Winternals... from here I can access my drives and registry and have managed to delete some stuff from the "run" folders and some new system32 baddies... but I still cannot boot into the OS normally or via safe mode? Through Winternals I have been able to access and run SuperAntiSpyware and do a scan, but it hasn't picked up a thing. Is there anyone that can help? or know of somewhere where people could help? Thank you Share this post Link to post Share on other sites
Seth Posted April 28, 2009 Hi. How about slaving the drive and running a few scanners? Share this post Link to post Share on other sites
Jadwiseman Posted April 28, 2009 I'm not a professional subscriber so I cannot open a support ticker unfortunately. I also thought of slaving the drive, but I don't have a spare SATA driver around nor do I have the time to install a new operating system just so I can slave the drive... Latest developments: I have decided to do a repair installation of windows to see if I can actually boot into the system, it worked but now as starting up the system wil BSOD: *** AfwCore.sys - Address B734C271 base at B7338000, DateStamp 499c0da4 This is apparently related to something called Outpost Firewall... in which I do not have... I still get the system reboot whenever going into safe mode. Ideas? Share this post Link to post Share on other sites
Jadwiseman Posted April 29, 2009 Thank you very much, i've now opened a support ticket. Update: I've managed to solve the BSOD issue with AfwCore.sys and can get to the logon screen, but when I logon (before explorer loads) the computer will reboot, as it does when I load into safe mode... ideas? Share this post Link to post Share on other sites
enderst Posted April 29, 2009 might be a damaged userinit.exe might try this guide - http://thinkinginpixels.com/quick-fixes ... -off-loop/ i know loop is in the link but i've used this on several others that don't loop and some like your description with success. Share this post Link to post Share on other sites