windows me safe mode networking
Thu, 29 Jul 2010 20:46:19 -0400 | Posted in dog it kid medically safe swim
Under attack? No.
Already have something bad on your machine? Heck, yes!
There are never any guarantees in malware fighting, but here’s my best shot at a generic removal procedure:
First, boot into Safe Mode With Networking. (See below for details.) That sometimes keeps malware from protecting itself. Then, if you have an anti-virus, make sure it has the latest virus definitions and run a full scan with it. If you don’t have one, many people here swear by Malwarebytes (it’s free).
I suggest you also download Ad-Aware Free and Spybot S&D (they’re free), install them, update them and run full scans with them in Safe Mode With Networking.
Also, turn off System Restore to evict any copies of bad stuff that might be lurking there.
To get into Safe Mode with Networking:
1. Log out and reboot your machine.
2. When the machine starts the reboot sequence, press the F8 key repeatedly.
3. Select Safe Mode with Networking from the resulting menu.
4. Login. If the malware has changed your password, try logging in as Administrator. By default, Administrator has no password.
5. The machine will continue booting, but the Windows desktop will look different.
6. When you’re finished doing what you need to do, log out and reboot back into normal mode.
Another trick that may enable anti-malware and/or its installer program to sneak past the malware is to change the name of the anti-malware program itself. The names of the files and their locations differ between anti-malware programs, but the procedure is always the same:
1. In Windows Explorer, find the folder with the anti-malware.
2. Change the name of the program (it always ends with a .exe) to virtually anything else, but keep the “.exe” part.
3. Run that.
Note that even if the anti-malware programs get rid of the malware, they may not be able to reverse the effects. Search the Web for possible fixes.
Update and run full scans regularly, not just when you think you already have malware.
Good luck.
Note: There ARE free versions of these reputable programs on the websites listed. They just may not be obvious.
Ad-Aware Free (free): http://www.lavasoftusa.com/
Spybot S & D (free): http://www.spybot.com/
MalwareBytes (free) http://www.malwarebytes.org/ (If the program doesn’t run, changing its filename from mbam.exe to something else ending in .exe has sometimes proven effective.)
AVG anti-virus (free): http://free.grisoft.com/doc/2/lng/us/tpl…
Avast! (free): http://www.avast.com/
Kaspersky (free trial) (Seems to dislike installing on any machine with just about any other decent anti-malware, including some firewalls.): http://usa.kaspersky.com/downloads/
AV Security Suite Virus Not Allowing Me to Connect to Internet, Even in Safe Mode With Networking. What should I do?
You probably might be at the peak of frustration, why the hell this AV security suite virus don’t leave your PC. Whatever exe you try to run, it says your application is infected. It is ot allowing you to system restore…and it blocked all your legitimate antivirus programs. It has hijacked your internet explorer, you are unable to connect to internet even in safemode with networking.
Attention Spware Alert!
Vulnerabilities found.
Your computer is infected by spyware – 34 serious threats have been found while scanning your files and registry.
Even when you tried to connect to internet in safe mode with networking, you probably might have failed because AV security trojan hides it’s presence. It is rootkit virus that disguises as windows system file…which cannot be found by antivirus programs. This is the reason why the virus is not an easy thing to tackle with regular malware programs.
Steps for successful AV Security Suite Removal.
1. Edit the Host File (all the steps explained below) (check if you are able to connect to internet in safe mode with networking …if not proceed to 2nd step)
2. Change Proxy Settings (if you’re still unable to connect to net)
3. Create a Boot CD, Get Reimage key by going to http://reimagepcrepair.com/. Use the Boot CD at the Start and you should be able to Connect to Internet now. Login and run reimage pc repair.
Reimage works by comparing each and every OS system files with the correct files from a web repository of 25 million Windows components. (since Reimage works by comparing with correct file, it can easily find the hiding rootkit, infact this is what a rootkit remover do……dumps a list of files from your hard disk drive and compares it with the list from the recovery console in order to find a hiding virus) This is the sole reason you can get a PC as good as new once you run Reimage, all other antivirus and antimalware programs just delete the virus….but they don’t correct the damage…which results in re-infection and slow performing PC.
Reimage first scans your computer thoroughly; all the files, folders, registry keys and values, drivers, softwares, stacks and then either repair or remove those stuffs that should be there. But it’s not just that it does. They have an enormous web repository of application, drivers, system objects, etc. from where they compare your PC’s files and if corrupted replace it with the healthy ones.
The problem here is AV Security Suite changed the HOSTS File, or change in Proxy Settings.
1. Mend Hosts file:
The HOSTS file is used to translate a host name to an IP (Internet Protocol) address without querying the DNS (Domain Name System) server.
In general if you know the host name of the machine that serves the unwanted content, you can redirect it to 127.0.0.1, which is the local IP address of your machine. For example, assume you have redirected the ad.doubleclick.net ad server to 127.0.0.1. Every time your browser tries to load an image or a flash animation from the ad.doubleclick.net ad server, it will be redirected to your machine instead. As a result, the browser will not be able to show any content from this ad server.
The same message appears when a web site is unavailable for other reasons that HOSTS file blocking.
The HOSTS file is named ‘hosts’ and editable with any text editor, such as Notepad or Wordpad.
The file generally appears at:
•’C:\Windows\System32\Drivers\Etc\hosts’ on Windows XP
Before editing, backup the current HOSTS file. You need to delete all the lines from this hosts file except “127.0.0.1 localhost”. The other entires you saw there need to be removed as they are malicious. (This is why IE unable to connect, because the HOSTS file block the huge list of websites…and you get a warning that “The Page cannot be displayed”)
After removing the entries from hosts file, please save this file and close it.
Now you should be able to search on Google. If not,
2. Change Proxy Settings:
Start your PC in safe mode with networking, If you can`t run the IE, then you should repair the proxy settings of Internet Explorer. Run Internet Explorer, Click Tools -> Internet Options. Select Connections Tab and click to Lan Settings button. Uncheck “Use a proxy server” box. Click OK. Click Apply. Click OK. And go to http://reimagepcrepair.com/ to run a Scan.
One of my subscriber mailed this ” But after I unchecked use a proxy server, and then ok, Apply was not an option to click. Another idea?”
So am giving you more options…
1. Run Internet Explorer, Click Tools -> Internet Options
2. Select Connections Tab and click to Lan Settings button
3. Click Advanced button to open Proxy settings. Copy and paste the following text into “Do not use proxy server for addresses beginning with:”
go.trendmicro.com;pcfixeasy.blogspot.com;reimagepcrepair.com;
4. Click OK to save Proxy settings, then Click OK to close Lan Settings and Click OK to close Internet Explorer settings.
(Now you should be able to click ‘ok’)
5. Download HijackThis. NOTE: before saving it onto your computer rename HijackThis.exe to iexplore.exe
6. Double click renamed iexplore.exe. Then click “Do a system scan only” button and look for similar entries in the scan results as shown below:
R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1
O4 – HKLM\..\Run: [utrfklpe] C:\Documents and Settings\[User]\Local settings\Application data\oprtklr\andqgs.exe
O4 – HKCU\..\Run: [utrfklpe] C:\Documents and Settings\[User]\Local settings\Application data\oprtklr\andqgs.exe
7. Once you have selected above entries, close all running programs then click once on the “Fix checked” button. Close HijackThis.
8. Go to http://reimagepcrepair.com/ and run a scan
3. Still Unable to Connect to Net?
You can also try to remove the oddly named folder manually without using Hijack This using the instructions below.
Step 1: Click on Start > Run and type shell:Local AppData (you can copy-and-paste it). In the window that opens, look for an oddly named folder (folder name made up of randomly characters, usually all small case letters). Double-click on this folder to open it.
Step 2: Inside the folder from step 1 above, you will find a randomly-named file. Right-click on it and choose ‘Rename’.
If the file name has an ‘.exe’ extension (for example ‘dygawiutssd.exe’), rename it by ONLY ADDING 4 characters ‘.eee’ to the end of the existing name. So in our example, the renamed file should be ‘dygawiutssd.exe.eee’. Proceed to step 3 below.
Otherwise if the file name does not have an ‘.exe’ extension showing (for example ‘dygawiutssd’), you need to first enable file-extension view in order to see the ‘.exe. extension, as follows:
In Windows, right-click on Start, choose Explore. On the top click on Tools > Folder Options > View. Remove the checkmark infront of ‘Hide extensions for known file types. This will enable you to see and rename the ‘.exe’ extension. Rename the file by adding the 4 characters ‘.eee’ to its end so it would lokk something like this ‘dygawiutssd.exe.eee’.
Step 3: Restart your computer. After restart, you will notice that AV Security Suite does not start up. This does not mean that AV Security Suite is gone! You still need to follow the steps below to completely remove AV Security Suite.
Step 4: After your computer restarts, click on Tools > Internet Options > Connections > LAN Settings and uncheck the box ‘Use proxy server..’.
Now goto http://reimagepcrepair.com/ to run scan
Alternatively you can also try this
- Restart your PC, as soon as you logon,hit CTRL+ALT+DELETE to launch task manager.
- If you do this before the AVSuite loads, taskmanager will stay open.With taskmanager open, you can kill the .exe, mine was dygawiutssd.exe (random string), and then proceed with the removal process.
