Member Avatar for darkfly

HI there
i have a pc with windows vista business. i've used there the NetTools aparently it came with a virus/rootkit of somekind :(
It just stucks the backspace key when i hit some letters.
I can write something like asd but if i hit F, P,L and other it just starts cleaning all the text behind, the backspace key locks :(
I think that it has been installed in boot loading because everytime i start the computer that screen to choose the operating system comes up only with the Windows Vista instance since it's the only i have.
And i can't loggon to the computer using an account because the password has a 'P', and when i press it, it cleans all the typed letters :(

Any ideia?

  • 2 Contributors
  • 5 Replies
  • 165 Views
  • 4 Days Discussion Span
  • Latest Post Latest Post by darkfly

Recommended Answers

All 5 Replies

Member Avatar for gerbil

A few ideas, darkfly.. so let's play, see just what we can do without the keyboard.
I assume you have at least one account without a password, like the Administrator? If you are able, restart your sys in Safe Mode with Networking.
Go Start, and paste this into the Run window:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
...and this is what you do with that download:
- to run it dclick combofix.exe and follow the prompts to start it. When finished, it will produce a log, C:\Combofix.txt - post that log in your next reply.
A word of caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs reboot to restore the desktop.
Still in Safe Mode, paste this into the Run window:
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
and save it to your desktop. Dclick SDFix.exe and choose Run to extract it to %systemdrive%, which commonly will be C:\
=Open the extracted SDFix folder, C:\SDFix and double click RunThis.bat to start the script. Type Y to begin the cleanup.
You will be prompted to press any key to Reboot - the pc will then restart.
The tool will run again and complete the removal process then display Finished; press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
Restart the pc in normal mode. Post the contents of the file Report.txt here.
By now, maybe you can do this:
==download hijackthis: http://www.majorgeeks.com/download5554.html
-copy it to a new FOLDER placed either alongside your program files or on your desktop and then... rename hijackthis.exe to imabunny.exe
-in that folder start HijackThis by dclicking the .exe; now close ALL other applications and any open windows including the explorer window containing HijackThis.
-click the Scan and Save a Logfile button. Post the log here.
Oh... one other thing, I'd like to see your boot.ini file, so... Start, paste in:
control sysdm.cpl,,3
-press Startup n Recovery Settings button, press Edit, and paste into your reply the boot.ini file.

Member Avatar for gerbil

I could point out that if you can use the Administrator account to log in [because you did not password it also...] then to save coming back to this website from safe mode, just copy the post above as a txt file onto a floppy and copy/paste the URLs from that... should work.
And if you do not have an administrator account without a password... then most likely you can't do any of that. I don't want to suggest that you slave that drive into another sys cos you might infect that one also.. but do you have a spare hard drive lying around that you could temporarily load an OS onto [disconnect your main, infected drive first; use a drive letter that is NOT on your old drive, and no need to register the OS with microsoft], than add the infected drive and instead of those things above do this scan:
==Please use IE or Firefox to do an online scan at panda:- http://www.pandasecurity.com/activescan/index/
-First Register [otherwise there will be no disinfection, merely detection] with a valid email address for the free online virus scan and follow through.
Unlike Kaspersky this scan does not require Java.
Please ATTACH to your post the log it produces.

Member Avatar for darkfly

I just restored my operating system. Formated the disk using GParted using a live DVD. And after that i reinstalled my system from Toshiba CD.
Thanks a lot, but i run a lot of tools and with none i found a thing.
I know that this crap came with a NetTools portable edition (without intaller) i run the anti-virus and it didn't detect anything.

Member Avatar for darkfly

i have a big problem it didn't work :(
even with the system restore the problem is still there.
I even have the same problem running Linux :( ?????!?!?!?! How is this possible???
Could be a problem with the computer?

Member Avatar for darkfly

hi again...
Found the problem!
The guys from Toshiba sayed that was something wrong with the motherboard, thay have replaced it and now everything is ok!

I run the same NetTools in another computer and nothing happened, i guess it was just coincedence.

So no virus!

Thanks to all

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.