• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

PornSite Kills my Computer...

R

raydeo

Member
A visit to an unknown pornsite kills my computer:

Boots to normal colored screen with no icons, only mouse. Ctrl-Alt-Del shows nothing running. No Explorer, No SysTray (with Win98SE).

What can I do to make this computer usable again??? (and then stop going to pornsites..! )


Thanx,
 
Can you boot to safe mode? If so, run an anti-virus scan from safe mode. Wouldn't hurt to run an adware/spyware check as well (Spybot would be a good choice).
 
Can boot to safe mode, but symptoms remain the same. Ran AVG from DOS and found nothing. Ran Spybot and found nothing. Using backup drive to boot from, found "himem.sys" in the infected drives' Temp file???

What now Good Doctor???
 
Well, while perhaps not the "best" option, a fresh install of Windows is one way you could go.

Could try to reboot and hold the CTRL button down, until you get the boot menu. Choose Command
prompt only. At the C:\> type: scanreg /restore and press enter Choose a date before
the problems started.

My money's on a virus or trojan, particularly because it's from some porn site.

http://securityresponse.symantec.com/avcenter/venc/data/trojan.js.offensive.html is one such trojan.

Double check that you've got updated virus defs. If it's gonna take more than 4-5 hours, you might just consider a reinstall of windows.
 
Dr. Hossenfeffer: I think you nailed it. Prior to going to the site that mouse-trapped me, my AVG antivirus detected a trojan that I neglected to remember the name of. I just denied access and surfed on. Not one of the smartest things I've ever done...
As the mousetrapped site would not let me out, I powered down my system which apparently activated the trojan.
I ran scanreg from DOS and selected the previous day registry. Exploring the Symantec link(Thanx!) shows that it does this to the Registry : "DisableRegistryTools"
This critter is nasty ! Here's what else this thing does to the Registry:

Key:
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Policies\Explorer
Values:
RestrictRun
NoChangeStartMenu
NoClose
NoDrives
NoDriveTypeAutoRun
NoFavoritesMenu
NoFileMenu
NoFind
NoFolderOptions
NoInternetIcon
NoRecentDocsMenu
NoLogOff
NoRun
NoSetActiveDesktop
NoSetFolders
NoSetTaskbar
NoWindowsUpdate
Nodesktop
NoViewContextMenu
NoNetHooD
NoEntioeNetwork
NoWorkgroupContents
NoSaveSettings

Key:
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Policies\System
Values:
DisableRegistryTools
NoConfigPage
NoDevMgrPage
NoDispAppearancePage
NoDispScrSavPage
NoDispBackgroundPage
NoDispSettingsPage
NoFileSysPage
NoVirtMemPage

Key:
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Policies\WinOldApp
Values:
NoRealMode
Disabled

Note: Booting to safe to no avail. The only thing it didn't do was format the drive !

My cloned backup drive saved the day(and the data)... Format and reload was about all I could see fit to do, and did.
Question: As I could boot to my good drive, could I have gone into the infected drive and edited its Registry, or can one only edit the registry of the drive that's booted to ???

Thanx again, Raydeo

 
You must log in or register to reply here.

TRENDING THREADS

Back
Top