Here’s the story:
I got some viruses. Questionable websites were most likely involved. Now my Windows XP Home is borked.
Anyway, I ran Avast and basically deleted whatever it found after it couldn’t move an item to the chest. I didn’t keep track of what I deleted. Now when I try to log into Windows, it locks up and says “Loading your personal settings” forever.
Booting into safe mode works fine, and I can log into either Administrator or my normal account with no problems. I tried making a new account and logging into that in normal mode, and had the same problem. Before I pull the data using safe mode and reformat, anyone have any idea what’s going on?
Most of the references I can find seem to indicate that it’s a symptom of a corrupt user profile, in which case you’d have to back up your user files and delete and recreate the user, at least.
You might first want to try creating a different user and seeing if they can log in, and running a boot-time virus scan since you have Avast (I’ve seen it miss some when run normally).
Boot to safe mode with networking (need a wired connection)
Download Autoruns, CCleaner, and MalwareBytes Antimalware (google em)
Disable System Restore (Control panel, System, System Restore tab)
Extract Autoruns and click Login tab and disable anything suspicious (usually items with a blank ‘publisher’ column and anything else you don’t recognize). Do the same under Internet Explorer.
Run CCleaner – the cleanup tool only for now
Run Antimalware (update it first) quick scan
Load IE and click the advanced tab. Click Reset Settings and restart IE when it finishes.
Go to www.eset.com/onlinescan and run the scanner.
Run CCleaner again, but this time do the Registry cleaner
Reboot and cross your fingers…
Which sites? I just want to know about them so I can avoid them.
Read this for some insight. Conclusion: you can get this stuff anywhere…just be careful what you click on.
My advice is get Firefox and install NoScript. It basically disables scripting/java/flash/etc on pages you load up until you explicitly give the domain permission to run them. Best web defense going, IMHO.
What’s in that link is pretty sick. I have converted all of my friends to Firefox; using IE 7 or earlier is just asking for trouble.
It’s really about education and using the best antivirus software (I haven’t been satisfied with any of the free ones so I usually buy nod32 or kaspersky). The fake antivirus trick is extremely common and they look legit enough to fool the common Windows user. Switching to Firefox may not help. You could be trying to download and watch a video when a screen appears saying you don’t have the right codec (which is common on a default install of Windows). So you download the codec and, boom, you’ve installed malware.
Hey, that’s what we got! I didn’t realize that it would politely ask if you want to install it…I’ll have to find out if someone thought it was a legitimate virus scanner and installed it.
I remove about 5 or 6 of these a week. It’s not as bad as a Vundo or Smitfraud type infection since this is really nothing more than a fake alert. The real harm comes if/when you purchase it and your credit card number ends up in the hands of bad people.
Use the Malwarebytes program I’d mentioned to remove it cleanly. It sounds like you may have a registry problem though…
Also, NOD32 is great for real-time protection.