Unable to boot in safe mode
20 December 2005, 09:55 AM
#1
Scooby Regular
Thread Starter
Join Date: Aug 2000
Location: Mid-Kent
Posts: 1,039
Likes: 0
Received 0 Likes
on
0 Posts
Unable to boot in safe mode
Athlon64 with XP SP2. I've picked up some spyware which I'm trying to remove, but the procedures need me to boot into safe mode. When I do so, however, the boot process hangs immediately after the loading of ....Mup.sys - anyone know how to get past this snag??
(FWIW the spyware are spyaxe and security error, and I'm working through the Majorgeeks procedures...... cracking good website, that. But my problem is a home pagehijacker, as it happens, and I have to boot into safe mode for HiJack This also.....)
TIA
Phil Harrison
(FWIW the spyware are spyaxe and security error, and I'm working through the Majorgeeks procedures...... cracking good website, that. But my problem is a home pagehijacker, as it happens, and I have to boot into safe mode for HiJack This also.....)
TIA
Phil Harrison
20 December 2005, 10:23 AM
#2
Scooby Senior
Manual removal instructions are here:
http://www.2-spyware.com/remove-spya...FS82QgodJ1TLcw
Then buy Adaware Plus (with Adwatch) for £15!
http://www.2-spyware.com/remove-spya...FS82QgodJ1TLcw
SpyAxe manual removal:
Kill processes:
mscornet.exe, mssearchnet.exe, nvctrl.exe, spyaxe.exe
Help: how to kill malicious processes
Delete registry values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\SharedTaskScheduler\{A2D9D3F0-8C2A-2A1D-A376-1BECFB10AB72}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\SharedTaskScheduler\{E802FFFF-8E58-4D2C-A435-8BEEFB10AB77}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ShellServiceObject\{A2D9D3F0-8C2A-2A1D-A376-1BECFB10AB72}
HKEY_CLASSES_ROOT\CLSID\{A2D9D3F0-8C2A-2A1D-A376-1BECFB10AB72}
HKEY_CURRENT_USER\Software\Classes\CLSID\{A2D9D3F0-8C2A-2A1D-A376-1BECFB10AB72}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{3E9B951E-6F72-431B-82CF-4A9FBF2F53BC}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{7CAF96A2-C556-460A-988E-76FC7895D284}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{E9CCF15D-4C68-4B5A-9E9A-8E12E4BD39BD}
Help: how to remove registry entries
Unregister DLLs:
ioctrl.dll, svchosts.dll
Help: how to unregister malicious DLLs
Delete files:
mscornet.exe, mssearchnet.exe, nvctrl.exe, spyaxe.exe, ioctrl.dll, svchosts.dll, hp[X].tmp
Help: how to remove harmful files
Delete directories:
C:\Program Files\SpyAxe
C:\Windows\System\1024
C:\Windows\System32\1024
C:\Winnt\System32\1024
Misc:
[X] is a set of four random digits
Exact file location:
spyaxe.exe - C:\Program Files\SpyAxe
mscornet.exe, mssearchnet.exe, nvctrl.exe, ioctrl.dll, svchosts.dll, hp[X].tmp - C:\Windows\System, C:\Windows\System32 or C:\Winnt\System32
Kill processes:
mscornet.exe, mssearchnet.exe, nvctrl.exe, spyaxe.exe
Help: how to kill malicious processes
Delete registry values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\SharedTaskScheduler\{A2D9D3F0-8C2A-2A1D-A376-1BECFB10AB72}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\SharedTaskScheduler\{E802FFFF-8E58-4D2C-A435-8BEEFB10AB77}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ShellServiceObject\{A2D9D3F0-8C2A-2A1D-A376-1BECFB10AB72}
HKEY_CLASSES_ROOT\CLSID\{A2D9D3F0-8C2A-2A1D-A376-1BECFB10AB72}
HKEY_CURRENT_USER\Software\Classes\CLSID\{A2D9D3F0-8C2A-2A1D-A376-1BECFB10AB72}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{3E9B951E-6F72-431B-82CF-4A9FBF2F53BC}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{7CAF96A2-C556-460A-988E-76FC7895D284}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{E9CCF15D-4C68-4B5A-9E9A-8E12E4BD39BD}
Help: how to remove registry entries
Unregister DLLs:
ioctrl.dll, svchosts.dll
Help: how to unregister malicious DLLs
Delete files:
mscornet.exe, mssearchnet.exe, nvctrl.exe, spyaxe.exe, ioctrl.dll, svchosts.dll, hp[X].tmp
Help: how to remove harmful files
Delete directories:
C:\Program Files\SpyAxe
C:\Windows\System\1024
C:\Windows\System32\1024
C:\Winnt\System32\1024
Misc:
[X] is a set of four random digits
Exact file location:
spyaxe.exe - C:\Program Files\SpyAxe
mscornet.exe, mssearchnet.exe, nvctrl.exe, ioctrl.dll, svchosts.dll, hp[X].tmp - C:\Windows\System, C:\Windows\System32 or C:\Winnt\System32
20 December 2005, 10:51 AM
#3
Scooby Regular
Join Date: Sep 2005
Posts: 924
Likes: 0
Received 0 Likes
on
0 Posts
Don't go near Adaware!! They have recently joined forces (if you want to call it that) with a number of companies producing a lot of this spy crap.
As a result, they have agreed to have their software avoid the spyware.
It is still a good program, but you gotta question their thinking.
I would advise Spybot for looking for problems, and download SpywareBlaster to prevent them getting in.
Both are also freeware.
As a result, they have agreed to have their software avoid the spyware.
It is still a good program, but you gotta question their thinking.
I would advise Spybot for looking for problems, and download SpywareBlaster to prevent them getting in.
Both are also freeware.
20 December 2005, 11:54 AM
#4
Scooby Senior
Originally Posted by D16GER
Don't go near Adaware!! They have recently joined forces (if you want to call it that) with a number of companies producing a lot of this spy crap.
20 December 2005, 12:06 PM
#5
Scooby Regular
Join Date: Sep 2005
Posts: 924
Likes: 0
Received 0 Likes
on
0 Posts
I'll try to get you the link.....
Here is the original story.
They have since put the detection back in, but their reputation took a beating!
Here is the original story.
They have since put the detection back in, but their reputation took a beating!
Last edited by D16GER; 20 December 2005 at 12:18 PM.
20 December 2005, 01:38 PM
#6
Scooby Senior
Thanks for the link
It looks more like a screw up with the TAC ratings by Lavasoft to me. Nowhere does the report suggest that Lavasoft & WhenU have (had) some sort of agreement. I couldn't find anything in The Register about it.
I provide Adaware Plus to all my customers, so I'm naturally wary of any problems with the product. In general, I find the Adwatch continuous protection to be very good, although there is sometimes a hang on shutdown where the Adwatch process does not end after a definition update. This creates a support issue for me, so I will have another look around for competing products.
It looks more like a screw up with the TAC ratings by Lavasoft to me. Nowhere does the report suggest that Lavasoft & WhenU have (had) some sort of agreement. I couldn't find anything in The Register about it.
I provide Adaware Plus to all my customers, so I'm naturally wary of any problems with the product. In general, I find the Adwatch continuous protection to be very good, although there is sometimes a hang on shutdown where the Adwatch process does not end after a definition update. This creates a support issue for me, so I will have another look around for competing products.
20 December 2005, 01:50 PM
#7
Scooby Regular
Join Date: Sep 2005
Posts: 924
Likes: 0
Received 0 Likes
on
0 Posts
No problems.
I know there was no direct mention of an agreement, but it makes you wonder.
Clearly something was going on. The problem is always the same though - money. Some companies will stoop to all sorts to make more.
Look at Spywareblaster. It's free and does a mighty fine job IMHO.
The company behind it also has some other useful utilities.
I know there was no direct mention of an agreement, but it makes you wonder.
Clearly something was going on. The problem is always the same though - money. Some companies will stoop to all sorts to make more.
Look at Spywareblaster. It's free and does a mighty fine job IMHO.
The company behind it also has some other useful utilities.
Trending Topics
20 December 2005, 03:16 PM
#8
Scooby Senior
Thanks, I'll check it out.
Over the past hour or so, I've been reviewing MS Anti Spyware & Spybot. The MS product looks good, but it did flag up Kazaa Lite v1.4 K++ which is not spyware. Spybot seemed a little inconsistant on tracking cookie checking, I was able to run a scan (which takes ages in Spybot) & it would detect 6, then I wouldn't delete the cookies, run chekcing again & it would only find 2.
I've gone back to Adaware/Adwatch for the moment as it has a much quicker scan time & the Adwatch TSR effectievly blocks all tracking cookies - which the others need a manual scan to delete.
I'll try out Spywareblaster now....
Over the past hour or so, I've been reviewing MS Anti Spyware & Spybot. The MS product looks good, but it did flag up Kazaa Lite v1.4 K++ which is not spyware. Spybot seemed a little inconsistant on tracking cookie checking, I was able to run a scan (which takes ages in Spybot) & it would detect 6, then I wouldn't delete the cookies, run chekcing again & it would only find 2.
I've gone back to Adaware/Adwatch for the moment as it has a much quicker scan time & the Adwatch TSR effectievly blocks all tracking cookies - which the others need a manual scan to delete.
I'll try out Spywareblaster now....
20 December 2005, 05:48 PM
#10
Scooby Regular
Thread Starter
Join Date: Aug 2000
Location: Mid-Kent
Posts: 1,039
Likes: 0
Received 0 Likes
on
0 Posts
Thanks Guys - I seem to have started something of a discussion going!! FYI, I have mcafee, spywareblaster, Adaware and Spybot, but the pesky fellas snuck through - and I caught smitfraud also, though that now seems to be gone. This latest infestation was found by the panda-something site as part of the majorgeeks removal procedure. However, I clearly haven't killed my browser redirector- which redirects me to a spyware-removal software site!!!
BTW... eithor of you able to help with the original enquiry concerning a hanging safe-mode booT?...
Cheers,
Phil
BTW... eithor of you able to help with the original enquiry concerning a hanging safe-mode booT?...
Cheers,
Phil
21 December 2005, 03:44 PM
#13
Scooby Regular
Join Date: Sep 2005
Posts: 924
Likes: 0
Received 0 Likes
on
0 Posts
Originally Posted by Phil Harrison
Thanks Guys - I seem to have started something of a discussion going!! FYI, I have mcafee, spywareblaster, Adaware and Spybot, but the pesky fellas snuck through - and I caught smitfraud also, though that now seems to be gone. This latest infestation was found by the panda-something site as part of the majorgeeks removal procedure. However, I clearly haven't killed my browser redirector- which redirects me to a spyware-removal software site!!!
BTW... eithor of you able to help with the original enquiry concerning a hanging safe-mode booT?...
Cheers,
Phil
BTW... eithor of you able to help with the original enquiry concerning a hanging safe-mode booT?...
Cheers,
Phil
Open 'My Computer', right click on the HDD, Select 'Properties' Then 'Tools' Then under 'Error Checking' press 'Check Now'.
Make sure you select the option to 'Automatically fix file system errors'.
Apparently that mup.sys problem occurs quite often, especially after Windows updates for some reason.
21 December 2005, 05:01 PM
#14
Scooby Regular
Thread Starter
Join Date: Aug 2000
Location: Mid-Kent
Posts: 1,039
Likes: 0
Received 0 Likes
on
0 Posts
Thanks, Digger. I had just done a mass Windows update. I'll know if it's worked afterthe next time I boot in.
Nick: your URL took me to the Spydoctor page. The online checker found 24 infections!! (later increased to26)- actually a bit odd that the battery of applications I already have enabled had allowed so much to get on the machine, which made me suspicious!! Howsoever I paid my 20-quid, the lot got fixed in one go and the browser redirection got done over, so
Thanks guys - happy Christmas
Phil
Nick: your URL took me to the Spydoctor page. The online checker found 24 infections!! (later increased to26)- actually a bit odd that the battery of applications I already have enabled had allowed so much to get on the machine, which made me suspicious!! Howsoever I paid my 20-quid, the lot got fixed in one go and the browser redirection got done over, so
Thanks guys - happy Christmas
Phil
22 December 2005, 08:52 AM
#15
Scooby Regular
Thread Starter
Join Date: Aug 2000
Location: Mid-Kent
Posts: 1,039
Likes: 0
Received 0 Likes
on
0 Posts
Hi Guys (if you're still there). Did the system scan - no dice!
Googled and found http://groups.google.com/group/micro...a735f9aa06fe8c
Hoh S**T !! At least I'm not cycling my normal boot....yet!
Threw up my hands in horror and went off to clean my horse-tack....
Phil
Googled and found http://groups.google.com/group/micro...a735f9aa06fe8c
Hoh S**T !! At least I'm not cycling my normal boot....yet!
Threw up my hands in horror and went off to clean my horse-tack....
Phil
Thread
Thread Starter
Forum
Replies
Last Post
Mattybr5@MB Developments
Full Cars Breaking For Spares
12
18 November 2015 07:03 AM