Help with Windows XP safe mode

mwwwilson

In Runtime
Messages
121
Location
USA
How can I disable a service or process from starting starting up in windows while in safe mode with networking? I am attempting to get a virus cleaned up out of a computer running Windows XP SP3 for a friend.

I need to be in safe mode with networking (using Teamviewer) and I am wanting to disable Microsoft Security Essentials. When using Control Panel's Add/Remove Programs it tells me that I cannot remove the file while in Safe Mode. I even tried something I read saying that if that didn't work to type appwiz.cpl into RUN and try it. No luck, which I figured because all appwiz.cpl does it take you into Control Panel/Add or Remove Programs anyhow.

The reason that I need Microsoft Security Essentials removed is because McAfee is gonna be installed to remove this virus. However, the McAfee installation stops and states that MSE is not compatible with McAfee and MUST be removed before the McAfee installation can complete.

The virus that he has is doing the following:

Windows starts and the first thing to appear, before his desktop, is picture #1 - xxx-0.jpg file. He proceeds by clicking the "X" to exit the message and MSE comes up (picture #2 - xxx-1.jpg file). He can then close out of that and get to his desktop but no shortcut icons on his desktop work. He does have the ability to use the START button and enter everything in the Start menu. When attempting to use Control Panel, Add/Remove Programs and uninstall MSE it states that the Windows Firewall has stopped the action. Even though he has his Windows Firewall turned OFF!!!

All I need to do is get rid of MSE and install McAfee. It should be able to do the rest for me. Which is REMOVE or Quarantine this virus.

I can't even use MSCONFIG in safe mode to shutdown MSE from starting on bootup. The program will not initiate.

Also, no restore points will take. He has tried and the computer goes through the process and reboots then states that the computer could not be restored.

Please help me out here. If you need anymore information let me know. I am on a mission to fix this thing now... whatever it may take. DAMN VIRUSES!

Thanks in advance,
Mark W.
 

Attachments

  • received_m_mid_1390093427390_04e451395f63c76903_0.jpg
    received_m_mid_1390093427390_04e451395f63c76903_0.jpg
    98 KB · Views: 1
  • received_m_mid_1390093427390_04e451395f63c76903_1.jpg
    received_m_mid_1390093427390_04e451395f63c76903_1.jpg
    95.4 KB · Views: 1
You'll need to clean out that malware before you try to install | uninstall any antivirus software. See if you can get Essentials to update and scan in safemode. You can download Malwarebytes from another pc and put it on a flash drive | Thumb drive, pop that on your infected pc and from there you can install and run Malwarebytes in safemode, Update it first and then set it to do a full scan, after that while your still in safemode, go to the Eset web site and run their on line scanner to clean out anything else.
Then do the same once you get back into regular mode
 
Also... I wouldn't put McAfee on there... McAfee / Norton are horrible resource hogs and free AV's do better. In fact, BitDefender Free Edition is rated much higher on AV-Comparatives tests for removal/detection.

But yes, follow Joe's suggestion and run MBAM in Safe Mode. I would also recommend running ComboFix from BleepingComputer in Safe Mode before running MBAM.
 
Thank you both for the information.

I am going to attempt the following tomorrow:

1 - Attempt to update MSE in Safe Mode with Networking. Successful or not I will proceed with the rest of this list.

2 - Download ComboFix, Malwarebytes, and BitDefender Free Edition

3 - First run ComboFix / Then run Malwarebytes / Then run BitDefender

4 - Reboot if the above programs don't prompt me to before hand

I will keep you both up to date and give thanks after I finish.
I really appreciate the advice and recommendations.

Mark W.
 
Just to update anyone interested. I performed the list that I posted above and it worked like a charm. It took some time (full scans) but all is back to normal. In addition, after fix, I initiated a restore point and burnt an .iso image for a backup to disc. My friend is extremely happy that he got his computer back to normal.

Thanks to Teamviewer, the files used above, and this forum! This is why I come here. You guys are great.

Mark W.

PS - my friend wanted to install the McAfee on his system. He said if it bogs the system down that he will uninstall it and use something like AVAST. I advised him about McAfee being a resource hog but he wants to give it a try. What can you do? LOL
 
I reserve Combo Fix as a last choice, not because it's bad, in fact it's the best but it can possibly trash your pc if you are not careful with it, so I reserve it as a last choice to use after everything else fails to do a clean up. I've cleaned multiple pc with Combo Fix, but you should always use it with caution
 
Back
Top Bottom