Spyware, Viruses, & Security forum

General discussion

b.exe complications, black screen with working mouse.. HELP

by avalens / October 21, 2009 12:07 PM PDT

I'm really hoping someone has an answer for this, any help is appreciated, guys..

This morning my computer was infected by a virus when I plugged in my usb flash drive. I was trying to delete an unfamiliar folder on my USB drive when I got an error message about a Trojan. Unfortunately I didn't write down the exact message or the name of the Trojan, but I pulled out the USB. I noticed I could not open Firefox, Internet Explorer, or any other programs, they would either simply not work, or would open and shortly give me an error message saying the program has to be closed.
I ran Task Manager and saw an unfamiliar process b.exe... tried to End Process and also End Tree Process, neither was successful. Saw that it was located in my TEMP folder, which I opened and found a.exe, b.exe, c.exe, and d.exe. I emptied my entire TEMP folder, but could not delete b.exe. Ran an antivirus scan, which found a Trojan and seemed to delete it.. I emptied my recycle bin and restarted my computer, thinking the worst was over..

Windows would not start. I would get up the loading screen, and then the screen would remain black, no command prompt.. I can use my mouse but cannot access Task Manager or do anything.

Restarted in Safe Mode.. all my files seem to be present, which is a comfort. I managed to delete b.exe in Safe Mode, it no longer shows in the Process list, and also deleted it from the list of startup programs using Vista Manager. Antivirus software isn't detecting any viruses, but I still can't start Windows properly, just keep getting that black screen with a working mouse and nothing else.

Please, please, please help me out with this huge problem!
I'm running Vista if that helps at all.

Discussion is locked
You are posting a reply to: b.exe complications, black screen with working mouse.. HELP
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: b.exe complications, black screen with working mouse.. HELP
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
If Windows will not boot normally

but only in safe mode, please try to scan in safe mode using Malwarebytes Anti-Malware (if you have not scan using this tool).

If no infection is found but you could not boot to normal mode, try to boot to Vista DVD to repair the startup issue in Vista. Follow the guide here to repair Vista startup.

If you able to boot normally (not safe mode), please run a full system scan using MBAM.

Collapse -
will have to try to install it in safe mode
by avalens / October 21, 2009 2:50 PM PDT

I'll have to get that program and install it from a (clean) usb drive.. is it possible to install software in Safe Mode? I'm kind of a basic PC user but I'll give it a shot and post my results. Thanks for getting back to me so quickly Happy

Collapse -
Yes, you can. I've tried that before in an infected system
by Donna Buenaventura / October 21, 2009 6:03 PM PDT

of a friend's friend. If the malware is not going to block it to install in safe mode then you have a chance to install it.

You can give it a try then scan again if you able to boot normally.

Collapse -
was able to install
by avalens / October 25, 2009 9:59 AM PDT

was able to install the software in Safe Mode, however as soon as i opened the program to begin scanning my computer, it closed, saying Windows cannot access the device/path/file. i think the virus is blocking the program from running.

Collapse -
Can you try to use FileAssassin
by Donna Buenaventura / October 25, 2009 2:32 PM PDT
In reply to: was able to install

to unload/unlock/terminate that offending b.exe and other malicious processes? As soon as FileAssassin do that, run a scan using MBAM again.

Get the Portable edition of FileAssassin in http://www.malwarebytes.org/fileassassin.php so you will just extract to run.
This tool is available in MBAM program too which you can try to run from More Tools tab of MBAM.

Collapse -
i got the program but
by avalens / October 26, 2009 5:05 PM PDT

i'm not really sure which file(s) i'm supposed to select to have File Assassin scan. I chose the malwarebytes containing folder in Program Files and it didnt find any problems, but it still failed to scan.

Collapse -
OK. Please do this...
by Donna Buenaventura / October 26, 2009 6:10 PM PDT
In reply to: i got the program but

Go to the program directory of MBAM (e.g. C:\Program FIles\Malwarebytes Antimalware\) then rename mbam.exe to newtool.exe, double click newtool.exe to proceed in running a quick scan. Did the scan of MBAM continue? If yes, see if it found the malware.

Collapse -
wont allow renaming
by avalens / October 27, 2009 11:28 AM PDT
In reply to: OK. Please do this...

Windows tells me I dont have permission to rename the exe. Thats often happened to me before I had virus issues. I think its just a Vista thing.

Collapse -
Vista and permission
by Donna Buenaventura / October 27, 2009 8:57 PM PDT
In reply to: wont allow renaming

Are you using Admin account or standard user account in Vista? Is there other user account other than your? When you tried to rename the files, did you try renaming it in safe mode and normal mode?

If you cannot rename also, I suggest to send your log or post any log or problem info in below forums below:

Download HijackThis from http://download.cnet.com/Trend-Micro-HijackThis/3000-8022_4-10227353.html
Try rename also HijackThis if it will not run.

Scan and save the log in desktop then post the log in 1 of the forums below:

1. http://www.lognrock.com/forum/index.php?showforum=5
2. http://forum.securitycadets.com/index.php?showforum=2
3. http://malwarecrypt.com/forumdisplay.php?f=4
4. http://www.temerc.com/forums/viewforum.php?f=12
5. http://www.malwarebytes.org/forums/index.php?showforum=7
6. http://spywarehammer.com/simplemachinesforum/index.php?board=10.0
7. http://www.bleepingcomputer.com/forums/forum22.html

Collapse -
Doesnt open
by avalens / November 7, 2009 8:46 AM PST
In reply to: Vista and permission

Sorry, I tried to do a HJT scan and log but it wasnt allowed to open. Thats the whole problem this virus is causing, its not allowing programs to run. I don't really know what else to try at this point, it seems pretty hopeless.

Collapse -
Renaming Hijackthis will not run it too?
by Donna Buenaventura / November 7, 2009 4:03 PM PST
In reply to: Doesnt open

If so, try to run it in safe mode. Post your log in 1 of the forums I wrote earlier and please mention to them that it's the only way you able to generate a log file.

Collapse -
safe mode
by avalens / November 8, 2009 2:09 AM PST

If you remember, I can't open my computer in anything except safe mode. So I can't run a HJT scan. Are there any other options left? Its lookng pretty bleak at this point.

Collapse -
Other options
by Donna Buenaventura / November 8, 2009 4:58 AM PST
In reply to: Doesnt open

Sorry, I forgot that you are only in safe mode.

I really think that you should go ahead by going to any forums I mentioned in my earlier post. They have special tools or utilities that will allow them to diagnose (for free) your system.

The other option is the one mentioned in my previous post:
try to boot to Vista DVD to repair the startup issue in Vista. Follow the guide here to repair Vista startup.

Or you can use system restore. Another thing is this issue might not be software related anymore but hardware. Have you tried to run any hardware diagnostics?

Collapse -
Just as a Desperation Measure...
by tobeach / November 8, 2009 2:19 PM PST

you might try downloading & saving to CD the "Stinger" program
from link below. During downloading, at the "save as" point, rename Stinger .exe to whatever you like. Can be done onto USB thumb but that has chance of infecting the USB where as a CD can't be.

Stinger has limited number of things it kills but it BIG advantage is
that it doesn't need to be installed on infected machine. Just put CD in drive, navigate to that drive & double click to run it. It's free & can't hurt to try. Good Luck! Happy

Download v10.0.1.624

http://vil.nai.com/vil/stinger/

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

Does BMW or Volvo do it best?

Pint-size luxury and funky style

Shopping for a new car this weekend? See how the BMW X2 stacks up against the Volvo XC40 in our side-by-side comparison.