Spyware, Viruses, & Security forum

General discussion

Virus won't let me access windows.

by Onionhead58 / March 22, 2009 7:44 AM PDT

While logged into Turbo Tax 2009, numerous poip ups appeared as "Anti-virus 2009" stating I had threats to my computer. Norton antivirus, which I dowloaded recently popped up saying it had succesfully blocked an attack from Anti-virus 2009. My wife, not aware that the "Anti-virus 2009" is a virus itself, inadvertently downloaded it thinking she was responding to "Norton."

I was unable to disengage the popups and access Turbotax so, I shut the power to the computer. After powering up, Windows will progress as far as "wELCOME Administrator." When I click on the Admin. button, the computer says loading settings then immediately goes to "saving settings", not letting me actually enter windows. Subsequently, Norton waqs unable to perform a remote access of my computer to remove the problem.

Question: Can I manually remove the problem myself and if so, can aqnyone talk me through the procedure?

System components are as follows: HP Pavilion 521n, with 1 Gig (recently added. Windows XP operating program.

Please, can anyone help? I work from this computer.

Post a reply
Discussion is locked
You are posting a reply to: Virus won't let me access windows.
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: Virus won't let me access windows.
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
try this
by Techie_Master / March 22, 2009 6:59 PM PDT
Collapse -
What to do
by whftherb / March 22, 2009 9:23 PM PDT

This is what I'd do with this: Techie-Master leaves out that you'll need to boot the computer into safe mode (first try safe mode with networking enabled - you'll see why in a moment) because MBAM needs to run under Windows. If you can't get Windows up, the MBAM suggestion does you no good.

To do any sort of removal, you'll need a thumbdrive or the ability to copy files back and forth with a CD. Assuming you know how to get the computer into safe mode, you will probably be able to mount and install MBAM and (with networking enabled) get an updated pattern/signature file from their website. If you cannot get to the 'net in safe mode (sometimes it will work and sometimes it won't - it's tricky) you can go here on another computer: http://www.gt500.org/malwarebytes/database.jsp
and retrieve the latest pattern/signature file manually and apply it manually.

If the online or manual update fails for some reason, you can still do a full scan with MBAM, even with an old pattern/fignature file. In fact, you might try that first because the old stock pattern/signature file that comes with the current version of MBAM, may have the correct references in it to remove AV-2009. But don't be surprised if it doesn't. And if not, then you need to update MBAM using one of the two methods suggested here.

AV-2009 is one of the largest, most prevalent, most stinkiest rogues out there. If you get the computer repaired, I suggest running MBAM as a background service, so it watches what you do avoiding this in the future. Advisory: It should now be readily apparent that Norton (whatever flavor you have) failed you - it did not perform. I'd get rid of that - real quick!)

If all of this throws you, report to one of the anti-malware forums listed at the top of this forum, for expert help in removing this garbage.

Good luck.

Collapse -
Unable to access via safemode
by Onionhead58 / March 23, 2009 1:19 AM PDT
In reply to: What to do

Thanks for the advice. Unfortunately, and I neglected to mention, I am unable to access windows via safemode (network). Any attempt produces the same failure. That's why Norton was unable to do a remote extraction.

Unless I am misunderstanding, everything you have instructed me to do is contingent on accessing windows. I imagine I will have to take the computer into a local repair shop, if I can't open it up. That's a real drag considering I got it back from the "GeekSquad" just three weeks ago. Infact, they'er the one's that suggested I use Norton as a Firewall.

Considering I can get this thing fixed, what brand of protection do you recommend?

Thanks again,
Onionhead58

Collapse -
You Might Try Avast! Free For Multi-Protection
by tobeach / April 24, 2009 4:24 PM PDT

or Avira Free-AV which can be had as AV only. Depends if your willing to bet on all-in-one solutions (AV/AS/Firewall etc.) which Norton was.
Firewalls (beyond MS native one) can be had for free. Suggest AVOID ones that install "toolbar" (any) unless toolbar can be deleted from set-up BEFORE installing the program.
Note: Suggestions assume XP OS means SP2 or newer!!! Post Back IF not!
http://www.avast.com/eng/free_virus_protectio.html
http://www.avast.com/eng/avast-uninstall-utility.html

http://www.free-av.com/ Anti-Vir/Avira Free
http://dl.antivir.de/down/windows/registrycleaner_en.zip

Please Note: Before installing any other AV program, you will need to obtain & save a "removal tool " for your current Norton & after un-installing Norton, run that removal tool to get rid of left overs that can corrupt install of other AVs.
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2005033108162039?Open&src=&docid=2001092114452606&nsf=nav.nsf&view=docid&dtype=&prod=&ver=&osv=&osv_lvl=

I suggest you always obtain any removal tool for any new AV you want to try at the same time as you're downloading the main program.
Good Luck! Happy

Collapse -
Help with virus removal!
by FrankieWP / April 23, 2009 1:06 PM PDT

Hi,

I'm having the exact same problem and found your post while doing a search.

Is there a solution?

Thanks

FrankieWP

Collapse -
So You're Having Problems With TurboTax As Well?
by Grif Thomas Forum moderator / April 24, 2009 6:44 AM PDT

And you use an "HP Pavilion 521n, with 1 Gig (recently added. Windows XP operating program)

I'll guess not.. When jumping into another thread, please make sure that it's the EXACT same problem and if so, please give us all the specifics about your computer and what the problem is.. If you think it's a virus, WHY do you think it's a virus. Or is it spyware? Or is it something else? And which tools have you used to determine that? What have you ALREADY done to attempt to fix the problem?

At this point, you've give us very little to go on except to ask: "Have you tried the solutions already given in this thread?"

Hope this helps and let us know more.

Grif

Collapse -
Cannot get past log-in
by FrankieWP / April 25, 2009 6:54 AM PDT

Hi Griff,

I'm using a Dell Dimension 8110 desktop, using Windows XP Home Edition, I think about 100 G.

The virus or malware or whatever sounds exactly like the one described in the previous thread: a virus warning appeared and McAffee said it took care of it but the dialogue box appeared many times. Then it prompted me to run a complete virus scan. When I went to do this with McAffee, it said that the registry was updated and I needed to re-start the computer... big mistake! The virus or malware or trojan, created a welcome screen (it previously went straight to my desktop) and a log-on for myself and "administrator". Clicking on either appears to begin the log-in process and then logs out. That's it. The same result happened in Safe Mode, Safe Mode with networking, last configured setting. McAffee attempted to guide me through remotely to see if they could fix it but because it wouldn't allow a log in there was nothing they could do.

I've read of other people online having similar issues but no clear solution yet.

FrankieWP

Collapse -
Then There Aren't Many Options..
by Grif Thomas Forum moderator / April 27, 2009 2:02 AM PDT
In reply to: Cannot get past log-in

Use your computer's recovery discs to perform a repair install.. Or if not an option, you'll need to use them to format and reinstall back to a factory state..

Unfortunately, if you can't log in, you'll need recovery discs of some type.. Let us know what you have..

Because it sounds like system files have been damaged by the virus and then removed by the antivirus program, you might be able to replace the damaged files using the XP Recovery Console IF you have the Windows XP disc and IF you know exactly which files were removed.. If you don't know have all that information at hand, the recovery discs (or the Recovery partition) will be needed.

Hope this helps.

Grif

Collapse -
There are two different spyware variations
by Darrell / April 27, 2009 5:12 AM PDT

av-2009(dot)com & av2009(dot).com and a third one is av2009(dot)net. I have them installed from my HOSTS.txt file. You may try to disconnect from the internet first, go up to the E for Internet Explorer or Internet Options in the Control Panel. On the desktop, you go to properties, this is the same as Internet Options. Under the Security Tab is the Restricted sites, click on that and when Sites comes up, put them into that place, (dot)=. Put all 3 in there, Apply and OK. Connect back to the internet and try it again and see if you can log on. They could be also put into Privacy Tab, Sites... and blocked there also. Darrell

Collapse -
Sorry....Not Really Relevant.. User Can't Log In
by Grif Thomas Forum moderator / April 27, 2009 5:47 AM PDT

There's no access to Windows at all. Therefore, the fixes you've mentioned aren't usable. If one can't log in, "FrankieWP" can't "go up to the E for Internet Explorer or Internet Options in the Control Panel" etc.
Sorry.

Hope this helps.

Grif

Collapse -
Grif, I mentioned that there was not a reason to log on
by Darrell / April 27, 2009 6:31 AM PDT

And I did find other similar ones: home-av-2009; homeav-2009; miav-2009 and the first three are also listed as www. - all of the others end in com. When you say log on, I can go directly to my desktop and not log on w/o internet access. Darrell

Collapse -
(NT) Did you try system restore?? w/o being online?? DarCLew
by Darrell / April 27, 2009 6:36 AM PDT
Collapse -
System Restore Not Possible Without Logging On To Windows
by Grif Thomas Forum moderator / April 27, 2009 8:10 AM PDT

SR is an option from either "normal" Windows or "Safe Mode" but the user must log in to the computer to be able to access such.

Hope this helps.

Grif

Collapse -
Sorry Darrell, I Don't Think You Understand
by Grif Thomas Forum moderator / April 27, 2009 8:08 AM PDT

Simply stated, It's not possible to access your desktop without logging on to either "normal" Windows or "Safe Mode" Windows.. In your case, you may be able to start your computer because you don't have a password for your user name or you have it automatically startup but it's still "loggin on" to Windows before accessing your desktop.

In this users case, they can't access Windows at all because they can't logon.. No desktop..No internet.. No nothing but a login window which they can't proceed beyond.

Hope this helps.

Grif

Collapse -
That's right, Griff
by FrankieWP / April 27, 2009 10:02 AM PDT

Griff, you got the problem right. So if there are any solutions for bypassing the log-on problem I'll be very happy to hear them. Griff mentioned trying to use a boot-disk. I'll look into creating one.

Thanks

FrankieWP

Collapse -
I Mentioned Recovery Discs.. Do You Have Them??
by Grif Thomas Forum moderator / April 28, 2009 3:31 AM PDT
In reply to: That's right, Griff

A standard "boot disc" doesn't really work with the NTFS file system because it won't allow you to "see" the file system. It's not something you can "create". On the other hand, if you've got a Windows XP disc, (or the manufacturer's recovery discs) it is possible to format and reinstall the operating system. Or as a long shot, an XP disc does allow you to install the REcovery Console which can be used to check for files on the HD.

Hope this helps.

Grif

Collapse -
I didn't understand, and There is only one alternative
by Darrell / April 27, 2009 2:27 PM PDT

To reformat the HDD. Unless one created a CD or DVD that had DBAN or KILLDISK on it. I have two of the latter. My apologies, Darrell

Collapse -
Isn't there a way to access the computer some other way?
by Marnazz / November 1, 2009 12:22 PM PST

The files should still be on the hard drive right?

Couldn't someone that knows how to write code make a code that he could run from another computer connected to his computer with the virus on it to either take files he wants to save before he would reformat or maybe even run an anti-virus from a clean computer to delete the virus on his infected computer? I dunno if that would work... I don't know that much about computers. All I know is that computers work in codes. So unless you can't understand a computer without the windows scripts that were deleted by the virus, then I guess the only option would be to try recovery discs or what you suggested.

I'm just thinking because you don't really need windows to access a computer. It's an easy way for people to use it and the only way someone could use a computer without windows is to know how to use/write codes, but if it's possible to do what I was thinking, couldn't it work?

Just thoughts.

Popular Forums
icon
Computer Help 47,885 discussions
icon
Computer Newbies 10,322 discussions
icon
iPhones, iPods, & iPads 3,188 discussions
icon
Security 30,333 discussions
icon
TVs & Home Theaters 20,177 discussions
icon
HDTV Picture Setting 1,932 discussions
icon
Phones 15,713 discussions
icon
Windows 7 6,210 discussions
icon
Networking & Wireless 14,510 discussions

Big stars on small screens

Smosh tells CNET what it took to make it big online

Internet sensations Ian Hecox and Anthony Padilla discuss how YouTube has changed and why among all their goals, "real TV" isn't an ambition.