Hello Again
I have the Safe Mode virus on my PC and have had no luck in removing it. I have followed other advice and booted the PC with F8 then clicked the Command mode.
I then typed in the following:
REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System/v DisableTaskMgr/t REG_DWORD/d O /f - to enable Task Manager
This command was not recognised.
I should also mention that my BT/McAfee programme popped up and carried out a full scan. It did not find any problems. I suspect that the virus has disabled this programme.
I have downloaded Spybot, Combofix and MalwareBytes onto a USB stick, but cannot use it as the safe mode virus will not allow me to open up Windows.
Any help will be appreciated.

Recommended Answers

All 8 Replies

So you no longer can boot to Windows at all, even in Safe Mode? Or Safe Mode with networking?

Absolutely correct. I did allow the virus some time to corrupt my PC by naively following some of its instructions, so now I am unable to start up at all!
I am going away for a long weekend tomorrow, so may not respond to any replies until Tuesday. Thanks for any help!

so now I am unable to start up at all!

Hi Richard,

-- What options (if any) do you get when you tap F12 on boot?

Can you burn an ISO? You may need a free tool such as ImgBurn to do this.

Please burn the following ISO to CD:
- bitdefender-rescue-cd.iso

Then, pop the CD into the ill machine and see if it will boot. You may need to tap F12 on boot and set to boot from optical drive.

Let us know if you can do this and we'll go from there. BitDefender may automatically start to scan - if so, great - though it might not be able to download updates...


Best Luck :)
PP

Jus poking nose in..... Richard, if you open a cmd window and use that to run your REG cmd you will see the actual error messages as to why it did not work. Use this corrected cmd:
REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 0 /f
-there must be spaces before parameter types like /t
-the data is actually a zero, so /d 0 [you show a capital letter o above..]
But if you cannot boot to windows in any form then all that is moot.

Hi PP
Thanks for your advice. It was spot on!
The rescue disc loaded OK, and the programme ran straight away on the infected computer - identified 3 problems, and removed them on request.
On reboot, a Windows start-up repair spent a few minutes checking, but now I am up and running again, and virus free!
Many thanks

Hi PP
I will, of course, follow your recommendations. When you say 'post the logs' what do you mean ?
Regards
Richard

Hi PP
I will, of course, follow your recommendations. When you say 'post the logs' what do you mean ?
Regards
Richard

Follow the instructions on the link PP gave you. The program will scan, show you what, if anything is found, you choose remove all if anything is found, then you reboot. Open the program again, go to the Logs tab, choose the bottom log, open, Copy the log and paste it back here.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.